Turkojan


(Arco) #1

Nie moge tego Turkojana zlokalizować w rejestrze

Logfile of HijackThis v1.99.1

Scan saved at 11:11:53, on 2006-04-24

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Common Files\Acronis\ProcessActivityMonitor\paamsrv.exe

C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Softwin\BitDefender8\vsserv.exe

C:\Program Files\F-Group\Absolute StartUp\ASMon.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe

C:\progra~1\softwin\bitdef~1\bdnagent.exe

C:\Program Files\Softwin\BitDefender8\bdoesrv.exe

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

C:\Program Files\Acronis\PrivacyExpert\Shield.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

D:\Kalendarz XP\Kalendarz.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Arco\Moje dokumenty\Skróty\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [Absolute StartUp monitor] C:\Program Files\F-Group\Absolute StartUp\ASMon.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe

O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"

O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender8\bdoesrv.exe"

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz 10.1 Pro\odk_mcd.exe

O4 - HKLM\..\Run: [SpyWare Shield] C:\Program Files\Acronis\PrivacyExpert\Shield.exe

O4 - HKCU\..\Run: [Absolute StartUp monitor] C:\Program Files\F-Group\Absolute StartUp\ASMon.exe

O4 - Startup: Kalendarz.lnk = D:\Kalendarz XP\Kalendarz.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Pobierz stronę WEB z Free Download Manager - file://D:\Free Download Manager\dlpage.htm

O8 - Extra context menu item: Pobierz wszystko z Free Download Manager - file://D:\Free Download Manager\dlall.htm

O8 - Extra context menu item: Pobierz z Free Download Manager - file://D:\Free Download Manager\dllink.htm

O8 - Extra context menu item: Pobierz zaznaczenie z Free Download Manager - file://D:\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - D:\Spik\url_wpmsg.dll

O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Process Activity Monitor (paamsrv) - Unknown owner - C:\Program Files\Common Files\Acronis\ProcessActivityMonitor\paamsrv.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

(Maciejpiechocki) #2

http://www.symantec.com/avcenter/venc/d ... kojan.html


(Bbieniol) #3

W trybie awaryjynm usuwasz te dwa wpisy:

Poza tym czysto :slight_smile:

Skan EWIDO po update :slight_smile:

Wrzuć jeszcze log z Silent Runners


(Arco) #4

"Silent Runners.vbs", revision 45, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"Absolute StartUp monitor" = "C:\Program Files\F-Group\Absolute StartUp\ASMon.exe" ["F-Group Software"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"Absolute StartUp monitor" = "C:\Program Files\F-Group\Absolute StartUp\ASMon.exe" ["F-Group Software"]

"Acronis Scheduler2 Service" = ""C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"" ["Acronis"]

"BDMCon" = "C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" ["SOFTWIN S.R.L."]

"BDNewsAgent" = ""C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"" [null data]

"BDOESRV" = ""C:\Program Files\Softwin\BitDefender8\bdoesrv.exe"" ["SOFTWIN SRL"]

"gcasServ" = ""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" [MS]

"MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" ["McAfee, Inc"]

"MCUpdateExe" = "C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" ["McAfee, Inc"]

"MPFExe" = "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" ["McAfee Security"]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"Odkurzacz-MCD" = "C:\Program Files\Odkurzacz 10.1 Pro\odk_mcd.exe" ["FranmoSoft"]

"SpyWare Shield" = "C:\Program Files\Acronis\PrivacyExpert\Shield.exe" ["Acronis"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM...CLSID} = "Shell Search Band"

\InProcServer32(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"

-> {HKLM...CLSID} = "UnlockerShellExtension"

\InProcServer32(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]

"{D653647D-D607-4DF6-A5B8-48D2BA195F7B}" = "BitDefender Antivirus v8"

-> {HKLM...CLSID} = "BitDefender Antivirus v8"

\InProcServer32(Default) = "C:\Program Files\Softwin\BitDefender8\bdshelxt.dll" ["SOFTWIN S.R.L."]

"{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a˛ Context Menu Shell Extension"

-> {HKLM...CLSID} = "a˛ Context Menu Shell Extension"

\InProcServer32(Default) = "D:\A2FREE~1\A2CONT~1.DLL" [null data]

"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"

-> {HKCU...CLSID} = (no title provided)

\InProcServer32(Default) = ""C:\Program Files\OpenOffice.org 2.0.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"

-> {HKCU...CLSID} = (no title provided)

\InProcServer32(Default) = ""C:\Program Files\OpenOffice.org 2.0.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"

-> {HKCU...CLSID} = (no title provided)

\InProcServer32(Default) = ""C:\Program Files\OpenOffice.org 2.0.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"

-> {HKCU...CLSID} = (no title provided)

\InProcServer32(Default) = ""C:\Program Files\OpenOffice.org 2.0.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Dodatki Spika"

-> {HKLM...CLSID} = "SpikShellExt Class"

\InProcServer32(Default) = "D:\Spik\shellext_wpmsg.dll" ["Wirtualna Polska S.A."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"

-> {HKLM...CLSID} = "Microsoft.AntiSpyware.ShellExecuteHook.1"

\InProcServer32(Default) = "C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS]

INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"

-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"

\InProcServer32(Default) = "C:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: "]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\

INFECTION WARNING! "AppInit_DLLs" = " sockspy.dll sockspy.dll sockspy.dll sockspy.dll" [null data]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [MS]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

BitDefender Antivirus v8(Default) = "{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"

-> {HKLM...CLSID} = "BitDefender Antivirus v8"

\InProcServer32(Default) = "C:\Program Files\Softwin\BitDefender8\bdshelxt.dll" ["SOFTWIN S.R.L."]

ewido(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"

-> {HKLM...CLSID} = "Ctest Object"

\InProcServer32(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"]

Spik(Default) = "{5E2121EE-0300-11D4-8D3B-444553540000}"

-> {HKLM...CLSID} = "SpikShellExt Class"

\InProcServer32(Default) = "D:\Spik\shellext_wpmsg.dll" ["Wirtualna Polska S.A."]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

WPKontakt(Default) = "{5E2121EE-0300-11D4-8D3B-444553540000}"

-> {HKLM...CLSID} = "SpikShellExt Class"

\InProcServer32(Default) = "D:\Spik\shellext_wpmsg.dll" ["Wirtualna Polska S.A."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

ewido(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"

-> {HKLM...CLSID} = "Ctest Object"

\InProcServer32(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

a2ContMenu(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"

-> {HKLM...CLSID} = "a˛ Context Menu Shell Extension"

\InProcServer32(Default) = "D:\A2FREE~1\A2CONT~1.DLL" [null data]

BitDefender Antivirus v8(Default) = "{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"

-> {HKLM...CLSID} = "BitDefender Antivirus v8"

\InProcServer32(Default) = "C:\Program Files\Softwin\BitDefender8\bdshelxt.dll" ["SOFTWIN S.R.L."]

Spik(Default) = "{5E2121EE-0300-11D4-8D3B-444553540000}"

-> {HKLM...CLSID} = "SpikShellExt Class"

\InProcServer32(Default) = "D:\Spik\shellext_wpmsg.dll" ["Wirtualna Polska S.A."]

UnlockerShellExtension(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"

-> {HKLM...CLSID} = "UnlockerShellExtension"

\InProcServer32(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

Active Desktop and Wallpaper:


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Arco\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Enabled Screen Saver:


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\POLKOM~2.SCR" (PolKompLa.scr) [null data]

Startup items in "Arco" & "All Users" startup folders:


C:\Documents and Settings\Arco\Menu Start\Programy\Autostart

"Kalendarz" -> shortcut to: "D:\Kalendarz XP\Kalendarz.exe" [null data]

Winsock2 Service Provider DLLs:


Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:


Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"

-> {HKLM...CLSID} = "&Google"

\InProcServer32(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

Running Services (Display Name, Service Name, Path {Service DLL}):


Acronis Scheduler2 Service, AcrSch2Svc, ""C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe"" ["Acronis"]

BitDefender Communicator, XCOMM, ""C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service" ["Softwin"]

BitDefender Scan Server, bdss, ""C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service" [null data]

BitDefender Virus Shield, VSSERV, ""C:\Program Files\Softwin\BitDefender8\vsserv.exe" /service" ["SOFTWIN S.R.L."]

Diskeeper, Diskeeper, ""C:\Program Files\Executive Software\DiskeeperLite\DKService.exe"" ["Executive Software International, Inc."]

ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]

ewido security suite guard, ewido security suite guard, "C:\Program Files\ewido anti-malware\ewidoguard.exe" ["ewido networks"]

McAfee Personal Firewall Service, MpfService, "C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe" ["McAfee Corporation"]

McAfee Task Scheduler, McTskshd.exe, "c:\PROGRA~1\mcafee.com\agent\mctskshd.exe" ["McAfee, Inc"]

McAfee WSC Integration, McDetect.exe, "c:\program files\mcafee.com\agent\mcdetect.exe" ["McAfee, Inc"]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

Process Activity Monitor, paamsrv, ""C:\Program Files\Common Files\Acronis\ProcessActivityMonitor\paamsrv.exe"" [null data]


  • This report excludes default entries except where indicated.

  • To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

  • To search all directories of local fixed drives for DESKTOP.INI

DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

use the -supp parameter or answer "No" at the first message box.

---------- (total run time: 19 seconds, including 4 seconds for message boxes)-> {HKLM...CLSID} = "AcroIEHlprObj Class"

\InProcServer32(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

\InProcServer32(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

\InProcServer32(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

\InProcServer32(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

-> {HKLM...CLSID} = "Desktop Explorer"

\InProcServer32(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

\InProcServer32(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"


(Bbieniol) #5

Log nie jest cały... poczekaj, aż wyskoczy komunikat, że log skończony - dopiero wtedy wklej go na forum :slight_smile:


(Arco) #6

"Silent Runners.vbs", revision 45, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"Absolute StartUp monitor" = "C:\Program Files\F-Group\Absolute StartUp\ASMon.exe" ["F-Group Software"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"Absolute StartUp monitor" = "C:\Program Files\F-Group\Absolute StartUp\ASMon.exe" ["F-Group Software"]

"Acronis Scheduler2 Service" = ""C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"" ["Acronis"]

"BDMCon" = "C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" ["SOFTWIN S.R.L."]

"BDNewsAgent" = ""c:\progra~1\softwin\bitdef~1\bdnagent.exe"" [null data]

"BDOESRV" = ""C:\Program Files\Softwin\BitDefender8\bdoesrv.exe"" ["SOFTWIN SRL"]

"gcasServ" = ""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" [MS]

"MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" ["McAfee, Inc"]

"MCUpdateExe" = "C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" ["McAfee, Inc"]

"MPFExe" = "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" ["McAfee Security"]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"Odkurzacz-MCD" = "C:\Program Files\Odkurzacz 10.1 Pro\odk_mcd.exe" ["FranmoSoft"]

"SpyWare Shield" = "C:\Program Files\Acronis\PrivacyExpert\Shield.exe" ["Acronis"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM...CLSID} = "AcroIEHlprObj Class"

\InProcServer32(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

\InProcServer32(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

\InProcServer32(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

\InProcServer32(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

-> {HKLM...CLSID} = "Desktop Explorer"

\InProcServer32(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

\InProcServer32(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"

-> {HKLM...CLSID} = "Shell Search Band"

\InProcServer32(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"

-> {HKLM...CLSID} = "UnlockerShellExtension"

\InProcServer32(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]

"{D653647D-D607-4DF6-A5B8-48D2BA195F7B}" = "BitDefender Antivirus v8"

-> {HKLM...CLSID} = "BitDefender Antivirus v8"

\InProcServer32(Default) = "C:\Program Files\Softwin\BitDefender8\bdshelxt.dll" ["SOFTWIN S.R.L."]

"{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a˛ Context Menu Shell Extension"

-> {HKLM...CLSID} = "a˛ Context Menu Shell Extension"

\InProcServer32(Default) = "D:\A2FREE~1\A2CONT~1.DLL" [null data]

"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"

-> {HKCU...CLSID} = (no title provided)

\InProcServer32(Default) = ""C:\Program Files\OpenOffice.org 2.0.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"

-> {HKCU...CLSID} = (no title provided)

\InProcServer32(Default) = ""C:\Program Files\OpenOffice.org 2.0.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"

-> {HKCU...CLSID} = (no title provided)

\InProcServer32(Default) = ""C:\Program Files\OpenOffice.org 2.0.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"

-> {HKCU...CLSID} = (no title provided)

\InProcServer32(Default) = ""C:\Program Files\OpenOffice.org 2.0.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Dodatki Spika"

-> {HKLM...CLSID} = "SpikShellExt Class"

\InProcServer32(Default) = "D:\Spik\shellext_wpmsg.dll" ["Wirtualna Polska S.A."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"

-> {HKLM...CLSID} = "Microsoft.AntiSpyware.ShellExecuteHook.1"

\InProcServer32(Default) = "C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS]

INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"

-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"

\InProcServer32(Default) = "C:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: "]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\

INFECTION WARNING! "AppInit_DLLs" = " sockspy.dll sockspy.dll sockspy.dll sockspy.dll" [null data]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [MS]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

BitDefender Antivirus v8(Default) = "{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"

-> {HKLM...CLSID} = "BitDefender Antivirus v8"

\InProcServer32(Default) = "C:\Program Files\Softwin\BitDefender8\bdshelxt.dll" ["SOFTWIN S.R.L."]

ewido(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"

-> {HKLM...CLSID} = "Ctest Object"

\InProcServer32(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"]

Spik(Default) = "{5E2121EE-0300-11D4-8D3B-444553540000}"

-> {HKLM...CLSID} = "SpikShellExt Class"

\InProcServer32(Default) = "D:\Spik\shellext_wpmsg.dll" ["Wirtualna Polska S.A."]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

WPKontakt(Default) = "{5E2121EE-0300-11D4-8D3B-444553540000}"

-> {HKLM...CLSID} = "SpikShellExt Class"

\InProcServer32(Default) = "D:\Spik\shellext_wpmsg.dll" ["Wirtualna Polska S.A."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

ewido(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"

-> {HKLM...CLSID} = "Ctest Object"

\InProcServer32(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

a2ContMenu(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"

-> {HKLM...CLSID} = "a˛ Context Menu Shell Extension"

\InProcServer32(Default) = "D:\A2FREE~1\A2CONT~1.DLL" [null data]

BitDefender Antivirus v8(Default) = "{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"

-> {HKLM...CLSID} = "BitDefender Antivirus v8"

\InProcServer32(Default) = "C:\Program Files\Softwin\BitDefender8\bdshelxt.dll" ["SOFTWIN S.R.L."]

Spik(Default) = "{5E2121EE-0300-11D4-8D3B-444553540000}"

-> {HKLM...CLSID} = "SpikShellExt Class"

\InProcServer32(Default) = "D:\Spik\shellext_wpmsg.dll" ["Wirtualna Polska S.A."]

UnlockerShellExtension(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"

-> {HKLM...CLSID} = "UnlockerShellExtension"

\InProcServer32(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

Active Desktop and Wallpaper:


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Arco\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Enabled Screen Saver:


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\POLKOM~2.SCR" (PolKompLa.scr) [null data]

Startup items in "Arco" & "All Users" startup folders:


C:\Documents and Settings\Arco\Menu Start\Programy\Autostart

"Kalendarz" -> shortcut to: "D:\Kalendarz XP\Kalendarz.exe" [null data]

Winsock2 Service Provider DLLs:


Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:


Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"

-> {HKLM...CLSID} = "&Google"

\InProcServer32(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

Running Services (Display Name, Service Name, Path {Service DLL}):


Acronis Scheduler2 Service, AcrSch2Svc, ""C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe"" ["Acronis"]

BitDefender Communicator, XCOMM, ""C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service" ["Softwin"]

BitDefender Scan Server, bdss, ""C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service" [null data]

BitDefender Virus Shield, VSSERV, ""C:\Program Files\Softwin\BitDefender8\vsserv.exe" /service" ["SOFTWIN S.R.L."]

Diskeeper, Diskeeper, ""C:\Program Files\Executive Software\DiskeeperLite\DKService.exe"" ["Executive Software International, Inc."]

ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]

ewido security suite guard, ewido security suite guard, "C:\Program Files\ewido anti-malware\ewidoguard.exe" ["ewido networks"]

McAfee Personal Firewall Service, MpfService, "C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe" ["McAfee Corporation"]

McAfee Task Scheduler, McTskshd.exe, "c:\PROGRA~1\mcafee.com\agent\mctskshd.exe" ["McAfee, Inc"]

McAfee WSC Integration, McDetect.exe, "c:\program files\mcafee.com\agent\mcdetect.exe" ["McAfee, Inc"]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

Process Activity Monitor, paamsrv, ""C:\Program Files\Common Files\Acronis\ProcessActivityMonitor\paamsrv.exe"" [null data]


  • This report excludes default entries except where indicated.

  • To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

  • To search all directories of local fixed drives for DESKTOP.INI

DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

use the -supp parameter or answer "No" at the first message box.

---------- (total run time: 24 seconds, including 6 seconds for message boxes)

Złączono Posta : 24.04.2006 (Pon) 17:40

Teraz chyba komplet


(Bbieniol) #7

Czysto :slight_smile:


(Arco) #8

ok dzieki