SmitFraudFix v2.132 Scan done at 17:04:54,63, 2007-01-05 Run from D:\Documents and Settings\JPaziewski\Pulpit!LOGI!\SmitfraudFix OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT The filesystem type is FAT32 Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler’s .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files D:\Program Files\Video ActiveX Object\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] “System”="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning not selected. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler’s .dll »»»»»»»»»»»»»»»»»»»»»»»» End Silent: “Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}” = ““D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”” [“Nero AG”] “odk_mcd” = “(empty string)” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “NvCplDaemon” = “RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “NvMediaCenter” = “RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” [MS] “avast!” = “D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [null data] “ezShieldProtector for Px” = “D:\WINDOWS\System32\ezSP_Px.exe” [“Easy Systems Japan Ltd.”] “NeroFilterCheck” = “D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [“Nero AG”] “InCD” = “C:\Nero 7\InCD\InCD.exe” [“Nero AG”] “OFFICEKB” = “D:\Program Files\Klawiatura(sterowniki)\kbdap32a.exe” [empty string] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “SsAAD.exe” = “C:\PROGRA~1\SOny\SsAAD.exe” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {0000CC75-ACF3-4cac-A0A9-DD3868E06852}(Default) = (no title provided) - {HKLM…CLSID} = “DAPHelper Class” \InProcServer32(Default) = “D:\PROGRA~1\DAP\dapbho.dll” [“Speedbit Ltd.”] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) - {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {45AD732C-2CE2-4666-B366-B2214AD57A49}(Default) = “Idea2 SidebarBrowserMonitor Class” - {HKLM…CLSID} = “Idea2 SidebarBrowserMonitor Class” \InProcServer32(Default) = “D:\Program Files\Desktop Sidebar\sbhelp.dll” [“Idea2”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) - {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “D:\Program Files\Java\jre1.5.0_08\bin\ssv.dll” [“Sun Microsystems, Inc.”] {AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided) - {HKLM…CLSID} = “Google Toolbar Helper” \InProcServer32(Default) = “d:\program files\google\googletoolbar2.dll” [“Google Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” - {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” - {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “D:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” - {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “D:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” - {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “D:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\Program Files\Microsoft Office\Office10\msohev.dll” [MS] “{950FF917-7A57-46BC-8017-59D9BF474000}” = “Shell Extension for CDRW” - {HKLM…CLSID} = “Shell Extension for CDRW” \InProcServer32(Default) = “D:\Program Files\Ahead\InCD\incdshx.dll” [“Ahead Software AG”] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” - {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “D:\WINDOWS\system32\Audiodev.dll” [MS] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” - {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Program Files\WinRAR\rarext.dll” [null data] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” - {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “D:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” - {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “D:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” - {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “D:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{44440D00-FF19-4AFC-B765-9A0970567D97}” = “TuneUp Theme Extension” - {HKLM…CLSID} = “TuneUp Theme Extension” \InProcServer32(Default) = “D:\WINDOWS\system32\uxtuneup.dll” [“TuneUp Software GmbH”] “{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}” = “TuneUp Shredder Shell Extension” - {HKLM…CLSID} = “TuneUp Shredder Shell Extension” \InProcServer32(Default) = “D:\PROGRA~1\TUNEUP~2\SDShelEx-win32.dll” [“TuneUp Software GmbH”] “{B327765E-D724-4347-8B16-78AE18552FC3}” = “NeroDigitalIconHandler” - {HKLM…CLSID} = “NeroDigitalIconHandler Class” \InProcServer32(Default) = “D:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] “{7F1CF152-04F8-453A-B34C-E609530A9DC8}” = “NeroDigitalPropSheetHandler” - {HKLM…CLSID} = “NeroDigitalPropSheetHandler Class” \InProcServer32(Default) = “D:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] “{0AF221E8-29B6-46EB-B420-DC696F042596}” = “Find and Recover deleted files on you Computer” - {HKLM…CLSID} = “Find and Recover deleted files on you Computer” \InProcServer32(Default) = “D:\PROGRA~1\DISKIN~1\Uneraser\contmenu.dll” [null data] “{8e9d6600-f84a-11ce-8daa-00aa004a5691}” = “Shell extensions for NetWare” - {HKLM…CLSID} = “NetWare Objects” \InProcServer32(Default) = “nwprovau.dll” [MS] “{e3f2bac0-099f-11cf-8daa-00aa004a5691}” = “Shell extensions for NetWare” - {HKLM…CLSID} = “NetWare UNC Folder Menu” \InProcServer32(Default) = “nwprovau.dll” [MS] “{52c68510-09a0-11cf-8daa-00aa004a5691}” = “Shell extensions for NetWare” - {HKLM…CLSID} = “NetWare Hood Verbs” \InProcServer32(Default) = “nwprovau.dll” [MS] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” - {HKLM…CLSID} = “avast” \InProcServer32(Default) = “D:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] “{2F5AC606-70CF-461C-BFE1-734234536262}” = “WindowBlinds CPL Extension” - {HKLM…CLSID} = “DisplayCplExt Class” \InProcServer32(Default) = “D:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbui.dll” [“Stardock.Net, Inc”] “{F2185E5D-720E-4956-90D9-75F6AC141575}” = “Idea2 SidebarIconHandler Class” - {HKLM…CLSID} = “SidebarIconHandler Class” \InProcServer32(Default) = “D:\Program Files\Desktop Sidebar\sbhelp.dll” [“Idea2”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ “AppInit_DLLs” = " ,wbsys.dll" [file not found] HKLM\System\CurrentControlSet\Control\Session Manager\ “BootExecute” = “autocheck autochk *”|“OODBS” [“OO Software GmbH”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ WB\DLLName = “D:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\fastload.dll” [“Stardock”] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}(Default) = “NeroDigitalExt.NeroDigitalColumnHandler” - {HKLM…CLSID} = “NeroDigitalColumnHandler Class” \InProcServer32(Default) = “D:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” - {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” - {HKLM…CLSID} = “avast” \InProcServer32(Default) = “D:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] TuneUp Shredder Shell Extension(Default) = “{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}” - {HKLM…CLSID} = “TuneUp Shredder Shell Extension” \InProcServer32(Default) = “D:\PROGRA~1\TUNEUP~2\SDShelEx-win32.dll” [“TuneUp Software GmbH”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” - {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ DiskInternals_Uneraser(Default) = “{0AF221E8-29B6-46EB-B420-DC696F042596}” - {HKLM…CLSID} = “Find and Recover deleted files on you Computer” \InProcServer32(Default) = “D:\PROGRA~1\DISKIN~1\Uneraser\contmenu.dll” [null data] TuneUp Shredder Shell Extension(Default) = “{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}” - {HKLM…CLSID} = “TuneUp Shredder Shell Extension” \InProcServer32(Default) = “D:\PROGRA~1\TUNEUP~2\SDShelEx-win32.dll” [“TuneUp Software GmbH”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” - {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” - {HKLM…CLSID} = “avast” \InProcServer32(Default) = “D:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] NetWareUNCMenu(Default) = “{e3f2bac0-099f-11cf-8daa-00aa004a5691}” - {HKLM…CLSID} = “NetWare UNC Folder Menu” \InProcServer32(Default) = “nwprovau.dll” [MS] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” - {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “NoActiveDesktop” = (REG_BINARY) hex:00 00 00 00 {User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop| Disable Active Desktop} “NoSaveSettings” = (REG_BINARY) hex:00 00 00 00 {User Configuration|Administrative Templates|Desktop| Don’t save settings at exit} “ClearRecentDocsOnExit” = (REG_BINARY) hex:00 00 00 00 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “%APPDATA%\IrfanView\IrfanView_Wallpaper.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “D:\Documents and Settings\JPaziewski\Dane aplikacji\IrfanView\IrfanView_Wallpaper.bmp” Startup items in “JPaziewski” “All Users” startup folders: ------------------------------------------------------------ D:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Reader Speed Launch” - shortcut to: “D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] “Microsoft Office” - shortcut to: “D:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l” [MS] “HP Digital Imaging Monitor” - shortcut to: “C:\HP\Digital Imaging\bin\hpqtra08.exe” [file not found] Enabled Scheduled Tasks: ------------------------ “mks_vir - Zadanie 0” - WARNING – The file “mks_vir - Zadanie 0.job” is corrupt! (no executable) “1-Click Maintenance” - launches: “D:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe /schedulestart” [“TuneUp Software GmbH”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000004\LibraryPath = “%SystemRoot%\System32\nwprovau.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 37 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” - {HKLM…CLSID} = “Google” \InProcServer32(Default) = “d:\program files\google\googletoolbar2.dll” [“Google Inc.”] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” - {HKLM…CLSID} = “Google” \InProcServer32(Default) = “d:\program files\google\googletoolbar2.dll” [“Google Inc.”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided) - {HKLM…CLSID} = “Google” \InProcServer32(Default) = “d:\program files\google\googletoolbar2.dll” [“Google Inc.”] “{62999427-33FC-4BAF-9C9C-BCE6BD127F08}” = “DAP Bar” - {HKLM…CLSID} = “DAP Bar” \InProcServer32(Default) = “D:\Program Files\DAP\DAPIEBar.dll” [empty string] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}” - {HKCU…CLSID} = “Java Plug-in 1.5.0_08” \InProcServer32(Default) = “D:\Program Files\Java\jre1.5.0_08\bin\ssv.dll” [“Sun Microsystems, Inc.”] - {HKLM…CLSID} = “Java Plug-in 1.5.0_08” \InProcServer32(Default) = “D:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll” [“Sun Microsystems, Inc.”] {09FE188B-6E85-479E-9411-51FB2220DF80}\ “ButtonText” = “Subscribe in Desktop Sidebar” “MenuText” = “Subscribe in Desktop Sidebar” “CLSIDExtension” = “{45AD732C-2CE2-4666-B366-B2214AD57A49}” - {HKLM…CLSID} = “Idea2 SidebarBrowserMonitor Class” \InProcServer32(Default) = “D:\Program Files\Desktop Sidebar\sbhelp.dll” [“Idea2”] {669695BC-A811-4A9D-8CDF-BA8C795F261C}\ “ButtonText” = “Run DAP” “Exec” = “D:\PROGRA~1\DAP\DAP.EXE” [“Speedbit Ltd.”] {84536FE2-ABCD-3586-DCAB-40E286323737}\ “ButtonText” = “Pop-Up Blocker” “MenuText” = “Pop-Up Blocker” “Exec” = “D:\Program Files\WINnerTweak3\PopUp Blocker.exe” [“WINner Tweak Software Development Team”] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “D:\Program Files\Messenger\msmsgs.exe” [MS] Miscellaneous IE Hijack Points ------------------------------ HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ “TuneUp” = “file://D|/Documents and Settings/All Users/Dane aplikacji/TuneUp Software/Common/base.css” [file not found] All Non-Disabled Services (Display Name, Service Name, Path {Service DLL}): --------------------------------------------------------------------------- ArcaBit NetMonitor, ABNetMon, (null value) [file not found] ASP.NET State Service, aspnet_state, “D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe” [MS] avast! Antivirus, avast! Antivirus, ““D:\Program Files\Alwil Software\Avast4\ashServ.exe”” [null data] avast! iAVS4 Control Service, aswUpdSv, ““D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [null data] avast! Mail Scanner, avast! Mail Scanner, ““D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““D:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] HTTP SSL, HTTPFilter, “D:\WINDOWS\System32\svchost.exe -k HTTPFilter” {“D:\WINDOWS\System32\w3ssl.dll” [MS]} InCD Helper, InCDsrv, “C:\Nero 7\InCD\InCDsrv.exe” [“Nero AG”] Karta wydajności WMI, WmiApSrv, “D:\WINDOWS\System32\wbem\wmiapsrv.exe” [MS] MkS_Scan, MkS_Scan, (null value) [file not found] MkS_Vir Monitor, MksVirMonSvc, (null value) [file not found] MkSUpdateInt, MkSUpdateInt, (null value) [file not found] MSCSPTISRV, MSCSPTISRV, ““D:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe”” [“Sony Corporation”] NBService, NBService, “C:\Nero 7\Nero BackItUp\NBService.exe” [“Nero AG”] NVIDIA Display Driver Service, NVSvc, “D:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] OO Defrag, OO Defrag, “D:\WINDOWS\system32\oodag.exe” [“OO Software GmbH”] PACSPTISVR, PACSPTISVR, ““D:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe”” [“Sony Corporation”] Pml Driver HPZ12, Pml Driver HPZ12, “D:\WINDOWS\System32\HPZipm12.exe” [“HP”] Portable Media Serial Number Service, WmdmPmSN, “D:\WINDOWS\System32\svchost.exe -k netsvcs” {“D:\WINDOWS\system32\MsPMSNSv.dll” [MS]} SonicStage SCSI Service, SSScsiSV, “D:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe” [“Sony Corporation”] Sony SPTI Service, SPTISRV, ““D:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe”” [“Sony Corporation”] StarWind iSCSI Service, StarWindService, “C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe” [file not found] TrueVector Internet Monitor, vsmon, “D:\WINDOWS\system32\ZONELABS\vsmon.exe -service” [“Zone Labs, LLC”] TuneUp Design Expansion, UxTuneUp, “D:\WINDOWS\System32\svchost.exe -k netsvcs” {“D:\WINDOWS\System32\uxtuneup.dll” [“TuneUp Software GmbH”]} Usługa administracyjna Menedżera dysków logicznych, dmadmin, “D:\WINDOWS\System32\dmadmin.exe /com” [“Microsoft Corp., Veritas Software”] Usługa dostarczania sieci, xmlprov, “D:\WINDOWS\System32\svchost.exe -k netsvcs” {“D:\WINDOWS\System32\xmlprov.dll” [MS]} Usługa klienta dla systemu NetWare, NWCWorkstation, “D:\WINDOWS\system32\svchost.exe -k netsvcs” {“D:\WINDOWS\System32\nwwks.dll” [MS]} Usługa Pomocnik IPv6, 6to4, “D:\WINDOWS\system32\svchost.exe -k netsvcs” {“D:\WINDOWS\System32\6to4svc.dll” [MS]} Windows User Mode Driver Framework, UMWdf, “D:\WINDOWS\system32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ HP Standard TCP/IP Port\Driver = “HpTcpMon.dll” [“Hewlett Packard”] hpzlnt12\Driver = “hpzlnt12.dll” [“HP”] ---------- : Suspicious data at a malware launch point. : Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 104 seconds. ---------- (total run time: 185 seconds) HJT: Logfile of HijackThis v1.99.1 Scan saved at 17:06:58, on 2007-01-05 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\SYSTEM32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\explorer.exe D:\WINDOWS\notepad.exe D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe D:\WINDOWS\system32\ZoneLabs\vsmon.exe D:\Documents and Settings\JPaziewski\Pulpit!LOGI!\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ogame.pl/portal/?go=start〈=pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {EADDB4D2-7838-52B2-6BEC-5580084952C2} - (no file) O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\PROGRA~1\DAP\dapbho.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - D:\Program Files\Desktop Sidebar\sbhelp.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll O3 - Toolbar: Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Program Files\DAP\DAPIEBar.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [ezShieldProtector for Px] D:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM…\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [inCD] C:\Nero 7\InCD\InCD.exe O4 - HKLM…\Run: [OFFICEKB] D:\Program Files\Klawiatura(sterowniki)\kbdap32a.exe O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [ssAAD.exe] C:\PROGRA~1\SOny\SsAAD.exe O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Download with DAP - D:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download all with DAP - D:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: Eksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - D:\Program Files\Desktop Sidebar\sbhelp.dll O9 - Extra ‘Tools’ menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - D:\Program Files\Desktop Sidebar\sbhelp.dll O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\PROGRA~1\DAP\DAP.EXE O9 - Extra button: Pop-Up Blocker - {84536FE2-ABCD-3586-DCAB-40E286323737} - D:\Program Files\WINnerTweak3\PopUp Blocker.exe O9 - Extra ‘Tools’ menuitem: Pop-Up Blocker - {84536FE2-ABCD-3586-DCAB-40E286323737} - D:\Program Files\WINnerTweak3\PopUp Blocker.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: ,wbsys.dll O20 - Winlogon Notify: WB - D:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\fastload.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Nero 7\InCD\InCDsrv.exe O23 - Service: MSCSPTISRV - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NBService - Nero AG - C:\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: OO Defrag - OO Software GmbH - D:\WINDOWS\system32\oodag.exe O23 - Service: PACSPTISVR - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZONELABS\vsmon.exe Złączono Posta: 05.01.2007 (Pią) 17:08 rustock nic nie znalazł