Proszę o sprawdzenie loga

bako7 · 25 Maj 2006 08:26

proszę o sprawdzenie loga

komp zaczyna wariować, wyskakujace okienka,zmiana strony startowej , znikneły strony w “ulubione” i chcą sie teraz zapisywać w zupełnie innym miejscu, program antyvirusowy wariuje ale nie umie usunąć problemu

wdzięczny będę za pomoc

Logfile of HijackThis v1.99.1

Scan saved at 10:18:01, on 2006-05-25

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\ibmpmsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\S24EvMon.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\setrysvc.exe

C:\WINDOWS\System32\semwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe

C:\Program Files\IBM\Security\uvmserv.exe

C:\WINDOWS\system32\IRCPAcousticDriver.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\PROGRA~1\IBM\Security\tsscore.exe

C:\WINDOWS\System32\QCONSVC.EXE

C:\WINDOWS\system32\RegSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\TpKmpSVC.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\TpShocks.exe

C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\IBM\Messages By IBM\ibmmessages.exe

C:\IBMTOOLS\UTILS\ibmprc.exe

C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\IBM\Security\certtool.exe

C:\Program Files\Winamp\winampa.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe

C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe

C:\WINDOWS\system32\semwltray.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\WINDOWS\system32\kernels8.exe

C:\WINDOWS\system32\kerneld16.exe

C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE

C:\Program Files\Spyware Soft Stop\Spyware Soft Stop.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Gadu-Gadu\gg.exe

C:\WINDOWS\system32\dlh9jkdq1.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\programy\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.evko.biz

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.evko.biz

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.evko.biz

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.evko.biz

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.evko.biz

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.evko.biz

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.evko.biz

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.evko.biz

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.evko.biz

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O1 - Hosts: localhost 127.0.0.1

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\system32\xpqcl.dll (file missing)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe

O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper

O4 - HKLM\..\Run: [TpShocks] TpShocks.exe

O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

O4 - HKLM\..\Run: [TP4EX] tp4ex.exe

O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe

O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe

O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe

O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE

O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor

O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE

O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor

O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [ISS_Certtool] C:\PROGRA~1\IBM\Security\certtool.exe

O4 - HKLM\..\Run: [FineReader7NewsReaderPro] "C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe"

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray

O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe

O4 - HKLM\..\Run: [GCXX-Manager-Class] "C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe" -startup

O4 - HKLM\..\Run: [Sony Ericsson Wireless Manager UI] C:\WINDOWS\system32\semwltray

O4 - HKLM\..\Run: [iPlusManager] C:\Program Files\iPlus\iPlusChecker.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels8.exe

O4 - HKLM\..\Run: [Systems] C:\WINDOWS\system32\kerneld16.exe

O4 - HKLM\..\Run: [Software Soft Stop] C:\Program Files\Spyware Soft Stop\Spyware Soft Stop.exe

O4 - HKLM\..\Run: [dmfvv.exe] C:\WINDOWS\system32\dmfvv.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe

O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"

O4 - HKCU\..\Run: [WinMedia] C:\WINDOWS\system32\vxgame6.exe3072.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Konsola IBM Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [JAVA_IBM] Java (IBM)

O15 - Trusted Zone: http://www.mks.com.pl

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138009117744

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bressnet.com

O17 - HKLM\Software\..\Telephony: DomainName = bressnet.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{7D7F2588-89A0-474E-AF0B-AE9BCE9DFD81}: NameServer = 85.255.114.34,85.255.112.9

O17 - HKLM\System\CCS\Services\Tcpip\..\{91419FF2-8D86-435E-8991-04C657C5C442}: NameServer = 85.255.114.34,85.255.112.9

O17 - HKLM\System\CCS\Services\Tcpip\..\{9E20CE88-7057-4667-A097-32C74CD0E91A}: NameServer = 85.255.114.34,85.255.112.9

O17 - HKLM\System\CCS\Services\Tcpip\..\{B075055D-8EC4-48D3-AD70-14B1258F02FA}: NameServer = 85.255.114.34,85.255.112.9

O17 - HKLM\System\CCS\Services\Tcpip\..\{DB9D5FBB-8BA9-4FE1-A12C-CFF43141D807}: NameServer = 85.255.114.34,85.255.112.9

O17 - HKLM\System\CCS\Services\Tcpip\..\{E65621C4-4380-46CD-AE06-ADF48D81A8ED}: NameServer = 85.255.114.34,85.255.112.9

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bressnet.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = bressnet.com

O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Dokumenty\Settings\artm_new.dll

O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll

O20 - Winlogon Notify: s_reg - C:\WINDOWS\SYSTEM32\notifysb.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe

O23 - Service: IBM User Verification Manager - IBM - C:\Program Files\IBM\Security\uvmserv.exe

O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe

O23 - Service: IRCPAcousticDriver - Unknown owner - C:\WINDOWS\system32\IRCPAcousticDriver.exe

O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)

O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE

O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe

O23 - Service: Sony Ericsson Wireless LAN Tray Service (setrysvc) - Unknown owner - C:\WINDOWS\System32\setrysvc.exe

O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

==========================================

Widziałeś ten komunikat Ważny komunikat dotyczący tytułowania tematów zastosuj sie do niego => inaczej temat poleci do śmietnika :evil:

Pozdrawiam kuz5

InfinityToJa · 25 Maj 2006 08:37

Ściągnij Windows Woorms Door Cleaner, odpal>>>zmień wszystkie znaczki z disable na enable>>>po użyciu narzedzia wymagany jest reset kompa.

W dodaj/usuń odinstaluj Spyware Soft Stop i UnSpyPC

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.evko.biz R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.evko.biz R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.evko.biz R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.evko.biz R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.evko.biz R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.evko.biz R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.evko.biz R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.evko.biz R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.evko.biz O1 - Hosts: localhost 127.0.0.1 O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\system32\xpqcl.dll (file missing) O4 - HKLM…\Run: [system] C:\WINDOWS\system32\kernels8.exe O4 - HKLM…\Run: [systems] C:\WINDOWS\system32\kerneld16.exe O4 - HKLM…\Run: [software Soft Stop] C:\Program Files\Spyware Soft Stop\Spyware Soft Stop.exe O4 - HKLM…\Run: [dmfvv.exe] C:\WINDOWS\system32\dmfvv.exe O4 - HKCU…\Run: [unSpyPC] “C:\Program Files\UnSpyPC\UnSpyPC.exe” O4 - HKCU…\Run: [WinMedia] C:\WINDOWS\system32\vxgame6.exe3072.exe O17 - HKLM\System\CCS\Services\Tcpip…{7D7F2588-89A0-474E-AF0B-AE9BCE9DFD81}: NameServer = 85.255.114.34,85.255.112.9 O17 - HKLM\System\CCS\Services\Tcpip…{91419FF2-8D86-435E-8991-04C657C5C442}: NameServer = 85.255.114.34,85.255.112.9 O17 - HKLM\System\CCS\Services\Tcpip…{9E20CE88-7057-4667-A097-32C74CD0E91A}: NameServer = 85.255.114.34,85.255.112.9 O17 - HKLM\System\CCS\Services\Tcpip…{B075055D-8EC4-48D3-AD70-14B1258F02FA}: NameServer = 85.255.114.34,85.255.112.9 O17 - HKLM\System\CCS\Services\Tcpip…{DB9D5FBB-8BA9-4FE1-A12C-CFF43141D807}: NameServer = 85.255.114.34,85.255.112.9 O17 - HKLM\System\CCS\Services\Tcpip…{E65621C4-4380-46CD-AE06-ADF48D81A8ED}: NameServer = 85.255.114.34,85.255.112.9 O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Dokumenty\Settings\artm_new.dll O20 - Winlogon Notify: s_reg - C:\WINDOWS\SYSTEM32\notifysb.dll

1.Startujesz do trybu awaryjnego

2.Wyłanczasz przywracanie systemu (tylko Me/Xp)

3.Kasujesz wpisy w HijackThis

4.Kasujesz pogrubione pliki/foldery

5.Dajesz nowy log z hjt + log z Silent Runners

bako7 · 25 Maj 2006 14:16

No cos mi sie tam udało powalczyć wilkie dzieki, ale chyba jesczez coś przeoczyłem

przesyłm nowe logi

Logfile of HijackThis v1.99.1

Scan saved at 16:18:49, on 2006-05-25

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\ibmpmsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\S24EvMon.exe

C:\WINDOWS\System32\setrysvc.exe

C:\WINDOWS\System32\semwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe

C:\Program Files\IBM\Security\uvmserv.exe

C:\WINDOWS\system32\IRCPAcousticDriver.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\QCONSVC.EXE

C:\WINDOWS\system32\RegSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\TpKmpSVC.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\TpShocks.exe

C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\IBM\Messages By IBM\ibmmessages.exe

C:\IBMTOOLS\UTILS\ibmprc.exe

C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\IBM\Security\certtool.exe

C:\Program Files\Winamp\winampa.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe

C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe

C:\WINDOWS\system32\semwltray.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe

C:\programy\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe

O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper

O4 - HKLM\..\Run: [TpShocks] TpShocks.exe

O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

O4 - HKLM\..\Run: [TP4EX] tp4ex.exe

O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe

O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe

O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe

O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE

O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor

O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE

O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor

O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [ISS_Certtool] C:\PROGRA~1\IBM\Security\certtool.exe

O4 - HKLM\..\Run: [FineReader7NewsReaderPro] "C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe"

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray

O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe

O4 - HKLM\..\Run: [GCXX-Manager-Class] "C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe" -startup

O4 - HKLM\..\Run: [Sony Ericsson Wireless Manager UI] C:\WINDOWS\system32\semwltray

O4 - HKLM\..\Run: [iPlusManager] C:\Program Files\iPlus\iPlusChecker.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O11 - Options group: [JAVA_IBM] Java (IBM)

O15 - Trusted Zone: http://www.mks.com.pl

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138009117744

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bressnet.com

O17 - HKLM\Software\..\Telephony: DomainName = bressnet.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bressnet.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = bressnet.com

O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe

O23 - Service: IBM User Verification Manager - IBM - C:\Program Files\IBM\Security\uvmserv.exe

O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe

O23 - Service: IRCPAcousticDriver - Unknown owner - C:\WINDOWS\system32\IRCPAcousticDriver.exe

O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)

O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE

O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe

O23 - Service: Sony Ericsson Wireless LAN Tray Service (setrysvc) - Unknown owner - C:\WINDOWS\System32\setrysvc.exe

O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

"Silent Runners.vbs", revision 45, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"" [MS]

"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu Sp. z oo"]

"UnSpyPC" = ""C:\Program Files\UnSpyPC\UnSpyPC.exe"" [file not found]

"WinMedia" = "C:\WINDOWS\system32\vxgame6.exe3072.exe" [null data]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"S3TRAY2" = "S3Tray2.exe" ["S3 Graphics, Inc."]

"SynTPLpr" = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]

"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]

"TPKMAPHELPER" = "C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper" ["IBM Corp."]

"TpShocks" = "TpShocks.exe" ["IBM Corp."]

"TPHOTKEY" = "C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [null data]

"TP4EX" = "tp4ex.exe" ["IBM Corporation"]

"EZEJMNAP" = "C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" ["IBM Corp."]

"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]

"UC_Start" = "C:\Program Files\IBM\Updater\\ucstartup.exe" [null data]

"UC_SMB" = (empty string)

"UpdateManager" = ""C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"]

"dla" = "C:\WINDOWS\system32\dla\tfswctrl.exe" ["Sonic Solutions"]

"ibmmessages" = "C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe" ["IBM"]

"IBMPRC" = "C:\IBMTOOLS\UTILS\ibmprc.exe" ["IBM Corp."]

"QCWLICON" = "C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE" ["IBM Corp."]

"BMMGAG" = "RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor" [MS]

"BMMLREF" = "C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [null data]

"BMMMONWND" = "rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor" [MS]

"BluetoothAuthenticationAgent" = "rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" [MS]

"ISS_Certtool" = "C:\PROGRA~1\IBM\Security\certtool.exe" ["IBM"]

"FineReader7NewsReaderPro" = ""C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe"" ["ABBYY (BIT Software)"]

"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."]

"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]

"ISUSPM Startup" = "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup" ["InstallShield Software Corporation"]

"ISUSScheduler" = ""C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start" ["InstallShield Software Corporation"]

"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]

"PCSuiteTrayApplication" = "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray" ["Nokia"]

"DataLayer" = "C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" ["Nokia Mobile Phones Ltd."]

"GCXX-Manager-Class" = ""C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe" -startup" ["Sony Ericsson"]

"Sony Ericsson Wireless Manager UI" = "C:\WINDOWS\system32\semwltray" ["Sony Ericsson Mobile Communications AB"]

"iPlusManager" = "C:\Program Files\iPlus\iPlusChecker.exe" [null data]

"DeviceDiscovery" = "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" ["Hewlett-Packard"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "AcroIEHlprObj Class"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = "*n" (unwritable string)

  -> {HKLM...CLSID} = "DriveLetterAccess"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"

  -> {HKLM...CLSID} = "RecordNow! SendToExt"

                   \InProcServer32\(Default) = "C:\Program Files\IBM RecordNow!\shlext.dll" [null data]

"{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess"

  -> {HKLM...CLSID} = "DriveLetterAccess"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]

"{DC1ACE86-FA01-11D0-9924-444553540000}" = "AESFileDecryption"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\rcdecryption.dll" ["IBM"]

"{19FAA194-2377-11D3-A007-00062917F7F3}" = "AESFileEncryption"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\rcencryption.dll" ["IBM"]

"{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}" = "Autodesk Drawing Preview"

  -> {HKLM...CLSID} = "ACTHUMBNAIL"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll" ["Autodesk"]

"{36A21736-36C2-4C11-8ACB-D4136F2B57BD}" = "Uchwyt nakładania ikony podpisu cyfrowego"

  -> {HKLM...CLSID} = "AcSignIcon"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\AcSignIcon.dll" ["Autodesk"]

"{6DEA92E9-8682-4b6a-97DE-354772FE5727}" = "Autodesk DWF Preview"

  -> {HKLM...CLSID} = "ACDWFTHMBPRXY"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll" ["Autodesk"]

"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Uniwersalne urządzenia Plug and Play"

  -> {HKLM...CLSID} = "Uniwersalne urządzenia Plug and Play"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]

"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

  -> {HKLM...CLSID} = "Portable Media Devices"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

  -> {HKLM...CLSID} = "Portable Media Devices Menu"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{E0D79300-84BE-11CE-9641-444553540000}" = "WinZip"

  -> {HKLM...CLSID} = "WinZip"

                   \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]

"{E0D79301-84BE-11CE-9641-444553540000}" = "WinZip"

  -> {HKLM...CLSID} = "WinZip"

                   \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]

"{E0D79302-84BE-11CE-9641-444553540000}" = "WinZip"

  -> {HKLM...CLSID} = "WinZip"

                   \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

  -> {HKLM...CLSID} = "Microsoft Office Outlook"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\program files\microsoft office\OFFICE11\msohev.dll" [MS]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]

"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"

  -> {HKLM...CLSID} = "Shell Search Band"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"

  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"

                   \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"

  -> {HKLM...CLSID} = "AVG7 Find Extension Class"

                   \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

"{40950107-FEA6-4d53-A65F-B2DCBA57DD58}" = "Nokia Phone Browser"

  -> {HKLM...CLSID} = "Nokia Phone Browser"

                   \InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]

"{FBFE7864-D495-41f0-B7DC-4BB601CC295E}" = "Contact View"

  -> {HKLM...CLSID} = "Contact View"

                   \InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\ContactView.dll" ["Nokia"]

"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}" = "Message View"

  -> {HKLM...CLSID} = "Message View"

                   \InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! artm_newreg\DLLName = "C:\Documents and Settings\All Users\Dokumenty\Settings\artm_new.dll" [file not found]

INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

INFECTION WARNING! QConGina\DLLName = "QConGina.dll" ["IBM Corp."]


HKLM\Software\Classes\PROTOCOLS\Filter\

INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

AESFileDecryption\(Default) = "{DC1ACE86-FA01-11D0-9924-444553540000}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\rcdecryption.dll" ["IBM"]

AESFileEncryption\(Default) = "{19FAA194-2377-11D3-A007-00062917F7F3}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\rcencryption.dll" ["IBM"]

AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"

                   \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79300-84BE-11CE-9641-444553540000}"

  -> {HKLM...CLSID} = "WinZip"

                   \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

AESFileDecryption\(Default) = "{DC1ACE86-FA01-11D0-9924-444553540000}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\rcdecryption.dll" ["IBM"]

AESFileEncryption\(Default) = "{19FAA194-2377-11D3-A007-00062917F7F3}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\rcencryption.dll" ["IBM"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79300-84BE-11CE-9641-444553540000}"

  -> {HKLM...CLSID} = "WinZip"

                   \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"

                   \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

FineReader\(Default) = "{AC0DD14A-8F29-4F88-BE1D-0F0ED1B06C9F}"

  -> {HKLM...CLSID} = "FineReaderExplorerContextMenuHandler"

                   \InProcServer32\(Default) = "c:\program files\abbyy finereader 7.0 professional edition\fecmenu.dll" ["ABBYY (BIT Software)"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79300-84BE-11CE-9641-444553540000}"

  -> {HKLM...CLSID} = "WinZip"

                   \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]



Default executables:

--------------------


HKCU\Software\Classes\.scr\(Default) = "AutoCADScriptFile"

HKCU\Software\Classes\AutoCADScriptFile\shell\open\command\(Default) = ""C:\WINDOWS\notepad.exe" "%1"" [MS]



Group Policies [Description] {enabled Group Policy setting}:

------------------------------------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

HIJACK WARNING! "NoBandCustomize"=dword:00000001 

[disables toolbar status changes in Internet Explorer|View|Toolbars]

{User Configuration|Administrative Templates|Windows Components|

Internet Explorer|Toolbars|Disable customizing browser toolbars}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\bako.BRESSNET\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssmypics.scr" [MS]



Startup items in "bako" & "All Users" startup folders:

------------------------------------------------------


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"Digital Line Detect" -> shortcut to: "C:\Program Files\Digital Line Detect\DLG.exe" ["BVRP Software"]

"Kaspersky Anti-Hacker" -> shortcut to: "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe /silence" ["Kaspersky Lab"]



Enabled Scheduled Tasks:

------------------------


"Przypomnienie o rejestracji 3" -> launches: "C:\WINDOWS\system32\OOBE\oobebaln.exe /sys /r /n:3" [MS]

"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDetect.exe" [file not found]

"{22BE3D0D-8159-469F-97E5-315436838456}_BRESSNET_bako" -> launches: "C:\WINDOWS\system32\mobsync.exe /Schedule="{22BE3D0D-8159-469F-97E5-315436838456}_BRESSNET_bako"" [MS]

"{AB9AC502-46B4-4C35-AB28-52F8D1FCC7DD}_BRESSNET_bako" -> launches: "C:\WINDOWS\system32\mobsync.exe /Schedule="{AB9AC502-46B4-4C35-AB28-52F8D1FCC7DD}_BRESSNET_bako"" [MS]

"{CF9A8785-47AF-428F-A2A6-CB329EA61B00}_BRESSNET_bako" -> launches: "C:\WINDOWS\system32\mobsync.exe /Schedule="{CF9A8785-47AF-428F-A2A6-CB329EA61B00}_BRESSNET_bako"" [MS]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000004\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 27

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Explorer Bars


Dormant Explorer Bars in "View, Explorer Bar" menu


HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]



Miscellaneous IE Hijack Points

------------------------------


HKLM\Software\Microsoft\Internet Explorer\Version = (invalid data)

The Internet Explorer version cannot be found!


C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

The contents of IERESET.INF cannot be reliably checked!


Added lines (compared with English-language version):

[Strings]: START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[Strings]: MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"


Missing lines (compared with English-language version):

[Strings]: 2 lines



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]

AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]

AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]

Bluetooth Support Service, BthServ, "C:\WINDOWS\system32\svchost.exe -k bthsvcs" {"C:\WINDOWS\System32\bthserv.dll" [MS]}

IBM KCU Service, TpKmpSVC, "C:\WINDOWS\system32\TpKmpSVC.exe" [null data]

IBM PM Service, IBMPMSVC, "C:\WINDOWS\System32\ibmpmsvc.exe" [null data]

IBM Rapid Restore Ultra Service, IBM Rapid Restore Ultra Service, ""C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe"" [empty string]

IBM User Verification Manager, IBM User Verification Manager, "C:\Program Files\IBM\Security\uvmserv.exe" ["IBM"]

IRCPAcousticDriver, IRCPAcousticDriver, "C:\WINDOWS\system32\IRCPAcousticDriver.exe" [null data]

Karta wydajności WMI, WmiApSrv, "C:\WINDOWS\System32\wbem\wmiapsrv.exe" [MS]

Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]

QCONSVC, QCONSVC, "System32\QCONSVC.EXE" ["IBM Corp."]

RegSrvc, RegSrvc, "C:\WINDOWS\system32\RegSrvc.exe" ["Intel Corporation"]

Sony Ericsson Wireless LAN Tray Service, setrysvc, "C:\WINDOWS\System32\setrysvc.exe C:\WINDOWS\System32\semwltry.exe" [null data]

Spectrum24 Event Monitor, S24EventMonitor, "C:\WINDOWS\system32\S24EvMon.exe" ["Intel Corporation "]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

HP Standard TCP/IP Port\Driver = "HPTcpMon.dll" ["Hewlett Packard"]

Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

Monitor języka PJL\Driver = "PJLMON.DLL" [MS]

OKI HiperC Language Monitor2\Driver = "OPDMN014.DLL" ["Okidata Corporation"]

OKI LPR Port\Driver = "oklprmon.dll" ["Oki Data Corporation"]



----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 142 seconds.

+ The search for all Registry CLSIDs containing dormant Explorer Bars

  took 11 seconds.

---------- (total run time: 213 seconds)

czy coś jeszcze zrobić ? z góry dziękuje za pomoc

kuz5 · 25 Maj 2006 14:35

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG i uruchom go w trybie awaryjnym

bako7 · 26 Maj 2006 11:02

znaczna poprawa

czy możecie polecić jakiś dobry zestawik programów żeby uchronic sie przed tego typu problemami ?

Bieniol · 26 Maj 2006 11:18

Masz AVG, więc AV jest

Do tego radzę zainstalować jakiegoś Firewalla

Oraz co jakiś czas skanować system narzędziem --> EWIDO