Logfile of HijackThis v1.99.1 Scan saved at 19:44:14, on 2006-12-29 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe C:\WINDOWS\System32\RUNDLL32.EXE D:\Programy\Comodo Firewall\Personal Firewall\CPF.exe C:\Program Files\Comodo\LaunchPad\CLPTray.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\system32\RaConfig.exe D:\Programy\Tlen.pl\tlen.exe D:\Programy\Firefox PL\firefox.exe D:\Programy\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programy\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Programy\Free Download Manager 2.1 PL (Full)\Free Download Manager\iefdmcks.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM…\Run: [C-Media Mixer] C:\Program Files\PCI Audio Applications\Bin\AudioRack.exe /MixerStartup O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\Winampa.exe” O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [Tray Temperature] C:\PROGRA~1\AWS\MINIBUG.EXE 1 O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe O4 - HKLM…\Run: [AVAUTODELETE] “C:\Documents and Settings\All Users\Dane aplikacji\AntiVir PersonalEdition classic\UPGRADE\upgrade.exe” O4 - HKLM…\Run: [avgnt] “D:\Programy\AntiVir PersonalEdition Classic\avgnt.exe” /min O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [Comodo Personal Firewall] D:\Programy\Comodo Firewall\Personal Firewall\CPF.exe sysrestart O4 - HKLM…\Run: [Comodo Launch Pad Tray] C:\Program Files\Comodo\LaunchPad\CLPTray.exe O4 - HKLM…\Run: [Name of App] D:\Programy\nagr\Liveupdate.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [Komunikator] D:\Programy\Tlen.pl\tlen.exe O4 - HKCU…\Run: [NBJ] “D:\Programy\Nero Vision\Nero BackItUp\NBJ.exe” O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: RaConfig.lnk = C:\WINDOWS\system32\RaConfig.exe O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Programy\Free Download Manager 2.1 PL (Full)\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Programy\Free Download Manager 2.1 PL (Full)\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://D:\Programy\Free Download Manager 2.1 PL (Full)\Free Download Manager\dllink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra ‘Tools’ menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} - http://scripts.dlv4.com/binaries/IA/svcia32_EN_XP.cab O16 - DPF: {9EB4F647-FE4A-42F9-9F5C-B8FB28DD02F9} - http://scripts.dlv4.com/binaries/IA/sys … _EN_XP.cab O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downloadv3.com/binaries/ … _EN_XP.cab O17 - HKLM\System\CCS\Services\Tcpip…{9759F774-A012-4E4C-A4B4-279406B4B4EA}: NameServer = 192.168.18.1,195.114.161.61 O18 - Filter: text/html - {F83BFB1A-51CC-4365-BF45-DB003230B159} - C:\WINDOWS\System32\binm.dll O18 - Filter: text/plain - {F83BFB1A-51CC-4365-BF45-DB003230B159} - C:\WINDOWS\System32\binm.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Programy\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - D:\Programy\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - D:\Programy\Comodo Firewall\Personal Firewall\cmdagent.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
Silent:
“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\System32\ctfmon.exe” [MS] “Komunikator” = “D:\Programy\Tlen.pl\tlen.exe” [“o2.pl Sp. z o.o.”] “NBJ” = ““D:\Programy\Nero Vision\Nero BackItUp\NBJ.exe”” [“Ahead Software AG”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “HPDJ Taskbar Utility” = “C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe” [“HP”] “C-Media Mixer” = “C:\Program Files\PCI Audio Applications\Bin\AudioRack.exe /MixerStartup” [file not found] “WinampAgent” = ““C:\Program Files\Winamp\Winampa.exe”” [file not found] “QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”] “Tray Temperature” = “C:\PROGRA~1\AWS\MINIBUG.EXE 1” [file not found] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit” [MS] “Ocaux” = “C:\Program Files\Ivistu\Qchvj.exe” [file not found] “SunJavaUpdateSched” = “C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [“Sun Microsystems, Inc.”] “MyWebSearch Email Plugin” = “C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe” [file not found] “AVAUTODELETE” = ““C:\Documents and Settings\All Users\Dane aplikacji\AntiVir PersonalEdition classic\UPGRADE\upgrade.exe”” [file not found] “avgnt” = ““D:\Programy\AntiVir PersonalEdition Classic\avgnt.exe” /min” [“Avira GmbH”] “KernelFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -k” “Comodo Personal Firewall” = “D:\Programy\Comodo Firewall\Personal Firewall\CPF.exe sysrestart” [“COMODO”] “Comodo Launch Pad Tray” = “C:\Program Files\Comodo\LaunchPad\CLPTray.exe” [“COMODO”] “Name of App” = “D:\Programy\nagr\Liveupdate.exe” [" "] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\Programy\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] {CC59E0F9-7E43-44FA-9FAA-8377850BF205}(Default) = (no title provided) -> {HKLM…CLSID} = “FDMIECookiesBHO Class” \InProcServer32(Default) = “D:\Programy\Free Download Manager 2.1 PL (Full)\Free Download Manager\iefdmcks.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL” [MS] “{0A082D00-EC93-11D0-B1E6-80580BC10627}” = “Corel Media Folder Root Menu Handler” -> {HKLM…CLSID} = “Corel Media Folder Root Menu Handler” \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CMFFld80.dll” [empty string] “{0FBF99C1-4127-11D1-B1E6-C17E96D9180A}” = “Folder To Corel Media Folder Menu Handler” -> {HKLM…CLSID} = “Folder To Corel Media Folder Menu Handler” \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CMFFld80.dll” [empty string] “{854AF161-1AE1-11D1-AB9B-00C0F00683EB}” = “Corel Media Folder” -> {HKLM…CLSID} = “Corel Media Folder” \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CMFFld80.dll” [empty string] “{E856F161-1AE5-11d1-AB9B-00C0F00683EB}” = “Corel Media Folder” -> {HKLM…CLSID} = “Corel Media Folder” \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CMFFld80.dll” [empty string] “{CDB89701-262F-11D1-AB9C-00C0F00683EB}” = “Corel Media Find Folder” -> {HKLM…CLSID} = “Corel Media Find Folder” \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CMFFld80.dll” [empty string] “{F8152501-455F-11D1-B1E6-444553540000}” = “Corel Media Folder Copy Hook Handler” -> {HKLM…CLSID} = “Corel Media Folder Copy Hook Handler” \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CMFFld80.dll” [empty string] “{8E524B0D-04F0-11D1-B74A-00A0C90646A4}” = “IconFactTemp.NSIconHandlerFactory” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CNSFlt80.dll” [file not found] “{A2AC368A-F883-11D0-B745-00A0C90646A4}” = “NSFiltManDll.FiltManCom” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CNSFlt80.dll” [file not found] “{B63FCD5A-2396-11D1-B762-00A0C90646A4}” = “*d” (unwritable string) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CMFFnd80.dll” [file not found] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\System32\Audiodev.dll” [MS] “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}” = “Shell Extension for Malware scanning” -> {HKLM…CLSID} = “Shell Extension for Malware scanning” \InProcServer32(Default) = “D:\Programy\AntiVir PersonalEdition Classic\shlext.dll” [“H+BEDV Datentechnik GmbH”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Programy\WinRAR 3.61 pl\rarext.dll” [file not found] HKLM\System\CurrentControlSet\Control\Session Manager\ <> “BootExecute” = “autocheck autochk *”|“stera” [file not found] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/html\CLSID = “{F83BFB1A-51CC-4365-BF45-DB003230B159}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\binm.dll” [file not found] <> text/plain\CLSID = “{F83BFB1A-51CC-4365-BF45-DB003230B159}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\binm.dll” [file not found] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ Shell Extension for Malware scanning(Default) = “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}” -> {HKLM…CLSID} = “Shell Extension for Malware scanning” \InProcServer32(Default) = “D:\Programy\AntiVir PersonalEdition Classic\shlext.dll” [“H+BEDV Datentechnik GmbH”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Programy\WinRAR 3.61 pl\rarext.dll” [file not found] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ FolderToCorelMediaFolder(Default) = “{0FBF99C1-4127-11D1-B1E6-C17E96D9180A}” -> {HKLM…CLSID} = “Folder To Corel Media Folder Menu Handler” \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CMFFld80.dll” [empty string] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Programy\WinRAR 3.61 pl\rarext.dll” [file not found] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Shell Extension for Malware scanning(Default) = “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}” -> {HKLM…CLSID} = “Shell Extension for Malware scanning” \InProcServer32(Default) = “D:\Programy\AntiVir PersonalEdition Classic\shlext.dll” [“H+BEDV Datentechnik GmbH”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Programy\WinRAR 3.61 pl\rarext.dll” [file not found] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\Documents and Settings\Dominik\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Dominik\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Startup items in “Dominik” & “All Users” startup folders: --------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS] “RaConfig” -> shortcut to: “C:\WINDOWS\system32\RaConfig.exe” [“Ralink Technology, Corp.”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_06” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll” [“Sun Microsystems, Inc.”] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Messenger” “Exec” = “C:\Program Files\Messenger\MSMSGS.EXE” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AntiVir PersonalEdition Classic Guard, AntiVirService, “D:\Programy\AntiVir PersonalEdition Classic\avguard.exe” [“AVIRA GmbH”] AntiVir PersonalEdition Classic Scheduler, AntiVirScheduler, “D:\Programy\AntiVir PersonalEdition Classic\sched.exe” [“Avira GmbH”] Comodo Application Agent, CmdAgent, “D:\Programy\Comodo Firewall\Personal Firewall\cmdagent.exe” [“COMODO”] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\System32\nvsvc32.exe” [“NVIDIA Corporation”] SecuROM User Access Service (V7), UserAccess7, “C:\WINDOWS\System32\UAService7.exe” [“Sony DADC Austria AG.”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\System32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzsnt05\Driver = “hpzsnt05.dll” [“HP”] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 231 seconds. ---------- (total run time: 2233 seconds)
komp spowolnił, coś zżera wolne miejsce na twardym systemowym, nie pomagają Ccleaner, Easy Cleaner, ATF Cleaner, oczyszczanie dysku itd.
Nic nie instalowałem a miejsca ubywa i to w potwornym tempie, w dodatku nic ostatnio nie instalowałem.
adam9870
(adam9870)
29 Grudzień 2006 19:55
#2
Otwórz Notatnik i wklej w nim to:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] “C-Media Mixer”=- “WinampAgent”=- “Tray Temperature”=- “Ocaux”=- “MyWebSearch Email Plugin”=- “AVAUTODELETE”=- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager] “BootExecute”=hex(7):61,00,75,00,74,00,6f,00,63,00,68,00,65,00,63,00,6b,00,20,\ 00,61,00,75,00,74,00,6f,00,63,00,68,00,6b,00,20,00,2a,00,00,00,00,00
Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG i uruchom go w trybie awaryjnym.
Czy to Twój program ??
jeśli nie to usuń folder w awaryjnym.
Po wykonaniu nowe logi.
Gutek
(Gutek)
29 Grudzień 2006 23:17
#3
Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ
Pozdrawiam Gutek2222
Oto logi po opisanych przez Ciebie zabiegach:
Logfile of HijackThis v1.99.1 Scan saved at 12:12:12, on 2006-12-30 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe D:\Programy\AntiVir PersonalEdition Classic\avgnt.exe D:\Programy\Comodo Firewall\Personal Firewall\CPF.exe C:\Program Files\Comodo\LaunchPad\CLPTray.exe C:\WINDOWS\System32\ctfmon.exe D:\Programy\Tlen.pl\tlen.exe C:\WINDOWS\system32\RaConfig.exe D:\Programy\Mozilla Firefox 2.0\firefox.exe D:\Programy\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programy\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Programy\Free Download Manager 2.1 PL (Full)\Free Download Manager\iefdmcks.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [avgnt] “D:\Programy\AntiVir PersonalEdition Classic\avgnt.exe” /min O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [Comodo Personal Firewall] D:\Programy\Comodo Firewall\Personal Firewall\CPF.exe sysrestart O4 - HKLM…\Run: [Comodo Launch Pad Tray] C:\Program Files\Comodo\LaunchPad\CLPTray.exe O4 - HKLM…\Run: [Name of App] D:\Programy\nagr\Liveupdate.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [Komunikator] D:\Programy\Tlen.pl\tlen.exe O4 - HKCU…\Run: [NBJ] “D:\Programy\Nero Vision\Nero BackItUp\NBJ.exe” O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: RaConfig.lnk = C:\WINDOWS\system32\RaConfig.exe O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Programy\Free Download Manager 2.1 PL (Full)\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Programy\Free Download Manager 2.1 PL (Full)\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://D:\Programy\Free Download Manager 2.1 PL (Full)\Free Download Manager\dllink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra ‘Tools’ menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} - http://scripts.dlv4.com/binaries/IA/svcia32_EN_XP.cab O16 - DPF: {9EB4F647-FE4A-42F9-9F5C-B8FB28DD02F9} - http://scripts.dlv4.com/binaries/IA/sys … _EN_XP.cab O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downloadv3.com/binaries/ … _EN_XP.cab O17 - HKLM\System\CCS\Services\Tcpip…{9759F774-A012-4E4C-A4B4-279406B4B4EA}: NameServer = 192.168.18.1,195.114.161.61 O18 - Filter: text/html - {F83BFB1A-51CC-4365-BF45-DB003230B159} - C:\WINDOWS\System32\binm.dll O18 - Filter: text/plain - {F83BFB1A-51CC-4365-BF45-DB003230B159} - C:\WINDOWS\System32\binm.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Programy\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - D:\Programy\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - D:\Programy\Comodo Firewall\Personal Firewall\cmdagent.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
Silent:
“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\System32\ctfmon.exe” [MS] “Komunikator” = “D:\Programy\Tlen.pl\tlen.exe” [“o2.pl Sp. z o.o.”] “NBJ” = ““D:\Programy\Nero Vision\Nero BackItUp\NBJ.exe”” [“Ahead Software AG”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “HPDJ Taskbar Utility” = “C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe” [“HP”] “QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit” [MS] “SunJavaUpdateSched” = “C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [“Sun Microsystems, Inc.”] “avgnt” = ““D:\Programy\AntiVir PersonalEdition Classic\avgnt.exe” /min” [“Avira GmbH”] “KernelFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -k” “Comodo Personal Firewall” = “D:\Programy\Comodo Firewall\Personal Firewall\CPF.exe sysrestart” [“COMODO”] “Comodo Launch Pad Tray” = “C:\Program Files\Comodo\LaunchPad\CLPTray.exe” [“COMODO”] “Name of App” = “D:\Programy\nagr\Liveupdate.exe” [" "] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\Programy\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] {CC59E0F9-7E43-44FA-9FAA-8377850BF205}(Default) = (no title provided) -> {HKLM…CLSID} = “FDMIECookiesBHO Class” \InProcServer32(Default) = “D:\Programy\Free Download Manager 2.1 PL (Full)\Free Download Manager\iefdmcks.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL” [MS] “{0A082D00-EC93-11D0-B1E6-80580BC10627}” = “Corel Media Folder Root Menu Handler” -> {HKLM…CLSID} = “Corel Media Folder Root Menu Handler” \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CMFFld80.dll” [empty string] “{0FBF99C1-4127-11D1-B1E6-C17E96D9180A}” = “Folder To Corel Media Folder Menu Handler” -> {HKLM…CLSID} = “Folder To Corel Media Folder Menu Handler” \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CMFFld80.dll” [empty string] “{854AF161-1AE1-11D1-AB9B-00C0F00683EB}” = “Corel Media Folder” -> {HKLM…CLSID} = “Corel Media Folder” \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CMFFld80.dll” [empty string] “{E856F161-1AE5-11d1-AB9B-00C0F00683EB}” = “Corel Media Folder” -> {HKLM…CLSID} = “Corel Media Folder” \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CMFFld80.dll” [empty string] “{CDB89701-262F-11D1-AB9C-00C0F00683EB}” = “Corel Media Find Folder” -> {HKLM…CLSID} = “Corel Media Find Folder” \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CMFFld80.dll” [empty string] “{F8152501-455F-11D1-B1E6-444553540000}” = “Corel Media Folder Copy Hook Handler” -> {HKLM…CLSID} = “Corel Media Folder Copy Hook Handler” \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CMFFld80.dll” [empty string] “{8E524B0D-04F0-11D1-B74A-00A0C90646A4}” = “IconFactTemp.NSIconHandlerFactory” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CNSFlt80.dll” [file not found] “{A2AC368A-F883-11D0-B745-00A0C90646A4}” = “NSFiltManDll.FiltManCom” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CNSFlt80.dll” [file not found] “{B63FCD5A-2396-11D1-B762-00A0C90646A4}” = “*]” (unwritable string) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CMFFnd80.dll” [file not found] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\System32\Audiodev.dll” [MS] “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}” = “Shell Extension for Malware scanning” -> {HKLM…CLSID} = “Shell Extension for Malware scanning” \InProcServer32(Default) = “D:\Programy\AntiVir PersonalEdition Classic\shlext.dll” [“H+BEDV Datentechnik GmbH”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Programy\WinRAR 3.61 pl\rarext.dll” [file not found] HKLM\System\CurrentControlSet\Control\Session Manager\ <> “BootExecute” = “autocheck autochk *”|“stera” [file not found] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/html\CLSID = “{F83BFB1A-51CC-4365-BF45-DB003230B159}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\binm.dll” [file not found] <> text/plain\CLSID = “{F83BFB1A-51CC-4365-BF45-DB003230B159}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\binm.dll” [file not found] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ Shell Extension for Malware scanning(Default) = “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}” -> {HKLM…CLSID} = “Shell Extension for Malware scanning” \InProcServer32(Default) = “D:\Programy\AntiVir PersonalEdition Classic\shlext.dll” [“H+BEDV Datentechnik GmbH”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Programy\WinRAR 3.61 pl\rarext.dll” [file not found] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ FolderToCorelMediaFolder(Default) = “{0FBF99C1-4127-11D1-B1E6-C17E96D9180A}” -> {HKLM…CLSID} = “Folder To Corel Media Folder Menu Handler” \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CMFFld80.dll” [empty string] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Programy\WinRAR 3.61 pl\rarext.dll” [file not found] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Shell Extension for Malware scanning(Default) = “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}” -> {HKLM…CLSID} = “Shell Extension for Malware scanning” \InProcServer32(Default) = “D:\Programy\AntiVir PersonalEdition Classic\shlext.dll” [“H+BEDV Datentechnik GmbH”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Programy\WinRAR 3.61 pl\rarext.dll” [file not found] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\Documents and Settings\Dominik\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Dominik\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Startup items in “Dominik” & “All Users” startup folders: --------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS] “RaConfig” -> shortcut to: “C:\WINDOWS\system32\RaConfig.exe” [“Ralink Technology, Corp.”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_06” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll” [“Sun Microsystems, Inc.”] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Messenger” “Exec” = “C:\Program Files\Messenger\MSMSGS.EXE” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AntiVir PersonalEdition Classic Guard, AntiVirService, “D:\Programy\AntiVir PersonalEdition Classic\avguard.exe” [“AVIRA GmbH”] AntiVir PersonalEdition Classic Scheduler, AntiVirScheduler, “D:\Programy\AntiVir PersonalEdition Classic\sched.exe” [“Avira GmbH”] Comodo Application Agent, CmdAgent, “D:\Programy\Comodo Firewall\Personal Firewall\cmdagent.exe” [“COMODO”] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\System32\nvsvc32.exe” [“NVIDIA Corporation”] SecuROM User Access Service (V7), UserAccess7, “C:\WINDOWS\System32\UAService7.exe” [“Sony DADC Austria AG.”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\System32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzsnt05\Driver = “hpzsnt05.dll” [“HP”] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 233 seconds. ---------- (total run time: 2387 seconds)
Dziwna sprawa, w awaryjnym jest napisane że na dysku C: jest 451 MB wolnej przestrzeni, gdy uruchomiłem w normalnym pokazuje, że jest 41 MB… Co jest?! Czyściłem już wszystko i wszystkim co się da i dalej marne efekty. Sytuacja jest trudna.
PS:Ten programik: “Name of App” = “D:\Programy\nagr\Liveupdate.exe” [" "] jest jak najbardziej mój. Pomocy
Złączono Posta : 30.12.2006 (Sob) 13:12
Oto logi po opisanych przez ciebie zabiegach:
Logfile of HijackThis v1.99.1 Scan saved at 12:12:12, on 2006-12-30 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe D:\Programy\AntiVir PersonalEdition Classic\avgnt.exe D:\Programy\Comodo Firewall\Personal Firewall\CPF.exe C:\Program Files\Comodo\LaunchPad\CLPTray.exe C:\WINDOWS\System32\ctfmon.exe D:\Programy\Tlen.pl\tlen.exe C:\WINDOWS\system32\RaConfig.exe D:\Programy\Mozilla Firefox 2.0\firefox.exe D:\Programy\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programy\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Programy\Free Download Manager 2.1 PL (Full)\Free Download Manager\iefdmcks.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [avgnt] “D:\Programy\AntiVir PersonalEdition Classic\avgnt.exe” /min O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [Comodo Personal Firewall] D:\Programy\Comodo Firewall\Personal Firewall\CPF.exe sysrestart O4 - HKLM…\Run: [Comodo Launch Pad Tray] C:\Program Files\Comodo\LaunchPad\CLPTray.exe O4 - HKLM…\Run: [Name of App] D:\Programy\nagr\Liveupdate.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [Komunikator] D:\Programy\Tlen.pl\tlen.exe O4 - HKCU…\Run: [NBJ] “D:\Programy\Nero Vision\Nero BackItUp\NBJ.exe” O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: RaConfig.lnk = C:\WINDOWS\system32\RaConfig.exe O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Programy\Free Download Manager 2.1 PL (Full)\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Programy\Free Download Manager 2.1 PL (Full)\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://D:\Programy\Free Download Manager 2.1 PL (Full)\Free Download Manager\dllink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra ‘Tools’ menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} - http://scripts.dlv4.com/binaries/IA/svcia32_EN_XP.cab O16 - DPF: {9EB4F647-FE4A-42F9-9F5C-B8FB28DD02F9} - http://scripts.dlv4.com/binaries/IA/sys … _EN_XP.cab O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downloadv3.com/binaries/ … _EN_XP.cab O17 - HKLM\System\CCS\Services\Tcpip…{9759F774-A012-4E4C-A4B4-279406B4B4EA}: NameServer = 192.168.18.1,195.114.161.61 O18 - Filter: text/html - {F83BFB1A-51CC-4365-BF45-DB003230B159} - C:\WINDOWS\System32\binm.dll O18 - Filter: text/plain - {F83BFB1A-51CC-4365-BF45-DB003230B159} - C:\WINDOWS\System32\binm.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Programy\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - D:\Programy\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - D:\Programy\Comodo Firewall\Personal Firewall\cmdagent.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
Silent:
“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\System32\ctfmon.exe” [MS] “Komunikator” = “D:\Programy\Tlen.pl\tlen.exe” [“o2.pl Sp. z o.o.”] “NBJ” = ““D:\Programy\Nero Vision\Nero BackItUp\NBJ.exe”” [“Ahead Software AG”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “HPDJ Taskbar Utility” = “C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe” [“HP”] “QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit” [MS] “SunJavaUpdateSched” = “C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [“Sun Microsystems, Inc.”] “avgnt” = ““D:\Programy\AntiVir PersonalEdition Classic\avgnt.exe” /min” [“Avira GmbH”] “KernelFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -k” “Comodo Personal Firewall” = “D:\Programy\Comodo Firewall\Personal Firewall\CPF.exe sysrestart” [“COMODO”] “Comodo Launch Pad Tray” = “C:\Program Files\Comodo\LaunchPad\CLPTray.exe” [“COMODO”] “Name of App” = “D:\Programy\nagr\Liveupdate.exe” [" "] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\Programy\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] {CC59E0F9-7E43-44FA-9FAA-8377850BF205}(Default) = (no title provided) -> {HKLM…CLSID} = “FDMIECookiesBHO Class” \InProcServer32(Default) = “D:\Programy\Free Download Manager 2.1 PL (Full)\Free Download Manager\iefdmcks.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL” [MS] “{0A082D00-EC93-11D0-B1E6-80580BC10627}” = “Corel Media Folder Root Menu Handler” -> {HKLM…CLSID} = “Corel Media Folder Root Menu Handler” \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CMFFld80.dll” [empty string] “{0FBF99C1-4127-11D1-B1E6-C17E96D9180A}” = “Folder To Corel Media Folder Menu Handler” -> {HKLM…CLSID} = “Folder To Corel Media Folder Menu Handler” \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CMFFld80.dll” [empty string] “{854AF161-1AE1-11D1-AB9B-00C0F00683EB}” = “Corel Media Folder” -> {HKLM…CLSID} = “Corel Media Folder” \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CMFFld80.dll” [empty string] “{E856F161-1AE5-11d1-AB9B-00C0F00683EB}” = “Corel Media Folder” -> {HKLM…CLSID} = “Corel Media Folder” \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CMFFld80.dll” [empty string] “{CDB89701-262F-11D1-AB9C-00C0F00683EB}” = “Corel Media Find Folder” -> {HKLM…CLSID} = “Corel Media Find Folder” \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CMFFld80.dll” [empty string] “{F8152501-455F-11D1-B1E6-444553540000}” = “Corel Media Folder Copy Hook Handler” -> {HKLM…CLSID} = “Corel Media Folder Copy Hook Handler” \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CMFFld80.dll” [empty string] “{8E524B0D-04F0-11D1-B74A-00A0C90646A4}” = “IconFactTemp.NSIconHandlerFactory” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CNSFlt80.dll” [file not found] “{A2AC368A-F883-11D0-B745-00A0C90646A4}” = “NSFiltManDll.FiltManCom” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CNSFlt80.dll” [file not found] “{B63FCD5A-2396-11D1-B762-00A0C90646A4}” = “*]” (unwritable string) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CMFFnd80.dll” [file not found] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\System32\Audiodev.dll” [MS] “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}” = “Shell Extension for Malware scanning” -> {HKLM…CLSID} = “Shell Extension for Malware scanning” \InProcServer32(Default) = “D:\Programy\AntiVir PersonalEdition Classic\shlext.dll” [“H+BEDV Datentechnik GmbH”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Programy\WinRAR 3.61 pl\rarext.dll” [file not found] HKLM\System\CurrentControlSet\Control\Session Manager\ <> “BootExecute” = “autocheck autochk *”|“stera” [file not found] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/html\CLSID = “{F83BFB1A-51CC-4365-BF45-DB003230B159}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\binm.dll” [file not found] <> text/plain\CLSID = “{F83BFB1A-51CC-4365-BF45-DB003230B159}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\binm.dll” [file not found] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ Shell Extension for Malware scanning(Default) = “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}” -> {HKLM…CLSID} = “Shell Extension for Malware scanning” \InProcServer32(Default) = “D:\Programy\AntiVir PersonalEdition Classic\shlext.dll” [“H+BEDV Datentechnik GmbH”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Programy\WinRAR 3.61 pl\rarext.dll” [file not found] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ FolderToCorelMediaFolder(Default) = “{0FBF99C1-4127-11D1-B1E6-C17E96D9180A}” -> {HKLM…CLSID} = “Folder To Corel Media Folder Menu Handler” \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CMFFld80.dll” [empty string] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Programy\WinRAR 3.61 pl\rarext.dll” [file not found] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Shell Extension for Malware scanning(Default) = “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}” -> {HKLM…CLSID} = “Shell Extension for Malware scanning” \InProcServer32(Default) = “D:\Programy\AntiVir PersonalEdition Classic\shlext.dll” [“H+BEDV Datentechnik GmbH”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Programy\WinRAR 3.61 pl\rarext.dll” [file not found] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\Documents and Settings\Dominik\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Dominik\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Startup items in “Dominik” & “All Users” startup folders: --------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS] “RaConfig” -> shortcut to: “C:\WINDOWS\system32\RaConfig.exe” [“Ralink Technology, Corp.”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_06” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll” [“Sun Microsystems, Inc.”] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Messenger” “Exec” = “C:\Program Files\Messenger\MSMSGS.EXE” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AntiVir PersonalEdition Classic Guard, AntiVirService, “D:\Programy\AntiVir PersonalEdition Classic\avguard.exe” [“AVIRA GmbH”] AntiVir PersonalEdition Classic Scheduler, AntiVirScheduler, “D:\Programy\AntiVir PersonalEdition Classic\sched.exe” [“Avira GmbH”] Comodo Application Agent, CmdAgent, “D:\Programy\Comodo Firewall\Personal Firewall\cmdagent.exe” [“COMODO”] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\System32\nvsvc32.exe” [“NVIDIA Corporation”] SecuROM User Access Service (V7), UserAccess7, “C:\WINDOWS\System32\UAService7.exe” [“Sony DADC Austria AG.”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\System32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzsnt05\Driver = “hpzsnt05.dll” [“HP”] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 233 seconds. ---------- (total run time: 2387 seconds)
Dziwna sprawa, w awaryjnym jest napisane że na dysku C: jest 451 MB wolnej przestrzeni, gdy uruchomiłem w normalnym pokazuje, że jest 35 MB MB… Co jest?! Czyściłem już wszystko i wszystkim co się da i dalej marne efekty. Sytuacja jest trudna.
PS:Ten programik: “Name of App” = “D:\Programy\nagr\Liveupdate.exe” [" "] jest jak najbardziej mój. Pomocy
adam9870
(adam9870)
30 Grudzień 2006 12:18
#5
Usuń jeszcze ten plik w awaryjnym, a wpisy w hjt - przepraszam za małe niedopatrzenie.
Start >>> uruchom >>> regedit >>> Powinien otworzyć się edytor rejestru w którym przejdź do:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager
Kliknij podwójnie na znajdującą nie tam wartość BootExecute i w okienku które się otworzy skasuj wszystko poza autocheck autochk *
Po wykonaniu nowe logi.
Zajrzyj tutaj:
http://forum.dobreprogramy.pl/viewtopic.php?t=119342&
Logfile of HijackThis v1.99.1 Scan saved at 15:26:39, on 2006-12-30 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe D:\Programy\AntiVir PersonalEdition Classic\avgnt.exe D:\Programy\Comodo Firewall\Personal Firewall\CPF.exe C:\Program Files\Comodo\LaunchPad\CLPTray.exe C:\WINDOWS\System32\ctfmon.exe D:\Programy\Tlen.pl\tlen.exe C:\WINDOWS\system32\RaConfig.exe D:\Programy\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programy\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Programy\Free Download Manager 2.1 PL (Full)\Free Download Manager\iefdmcks.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [avgnt] “D:\Programy\AntiVir PersonalEdition Classic\avgnt.exe” /min O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [Comodo Personal Firewall] D:\Programy\Comodo Firewall\Personal Firewall\CPF.exe sysrestart O4 - HKLM…\Run: [Comodo Launch Pad Tray] C:\Program Files\Comodo\LaunchPad\CLPTray.exe O4 - HKLM…\Run: [Name of App] D:\Programy\nagr\Liveupdate.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [Komunikator] D:\Programy\Tlen.pl\tlen.exe O4 - HKCU…\Run: [NBJ] “D:\Programy\Nero Vision\Nero BackItUp\NBJ.exe” O4 - HKCU…\Run: [Odkurzacz-MCD] D:\Programy\Odkurzacz\odk_mcd.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: RaConfig.lnk = C:\WINDOWS\system32\RaConfig.exe O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Programy\Free Download Manager 2.1 PL (Full)\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Programy\Free Download Manager 2.1 PL (Full)\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://D:\Programy\Free Download Manager 2.1 PL (Full)\Free Download Manager\dllink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra ‘Tools’ menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O17 - HKLM\System\CCS\Services\Tcpip…{9759F774-A012-4E4C-A4B4-279406B4B4EA}: NameServer = 192.168.18.1,195.114.161.61 O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Programy\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - D:\Programy\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - D:\Programy\Comodo Firewall\Personal Firewall\cmdagent.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
Silent:
“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\System32\ctfmon.exe” [MS] “Komunikator” = “D:\Programy\Tlen.pl\tlen.exe” [“o2.pl Sp. z o.o.”] “NBJ” = ““D:\Programy\Nero Vision\Nero BackItUp\NBJ.exe”” [“Ahead Software AG”] “Odkurzacz-MCD” = “D:\Programy\Odkurzacz\odk_mcd.exe” [“Franmo Software”] “odk_mcd” = “(empty string)” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “HPDJ Taskbar Utility” = “C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe” [“HP”] “QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit” [MS] “SunJavaUpdateSched” = “C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [“Sun Microsystems, Inc.”] “avgnt” = ““D:\Programy\AntiVir PersonalEdition Classic\avgnt.exe” /min” [“Avira GmbH”] “KernelFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -k” “Comodo Personal Firewall” = “D:\Programy\Comodo Firewall\Personal Firewall\CPF.exe sysrestart” [“COMODO”] “Comodo Launch Pad Tray” = “C:\Program Files\Comodo\LaunchPad\CLPTray.exe” [“COMODO”] “Name of App” = “D:\Programy\nagr\Liveupdate.exe” [" "] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\Programy\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] {CC59E0F9-7E43-44FA-9FAA-8377850BF205}(Default) = (no title provided) -> {HKLM…CLSID} = “FDMIECookiesBHO Class” \InProcServer32(Default) = “D:\Programy\Free Download Manager 2.1 PL (Full)\Free Download Manager\iefdmcks.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL” [MS] “{0A082D00-EC93-11D0-B1E6-80580BC10627}” = “Corel Media Folder Root Menu Handler” -> {HKLM…CLSID} = “Corel Media Folder Root Menu Handler” \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CMFFld80.dll” [empty string] “{0FBF99C1-4127-11D1-B1E6-C17E96D9180A}” = “Folder To Corel Media Folder Menu Handler” -> {HKLM…CLSID} = “Folder To Corel Media Folder Menu Handler” \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CMFFld80.dll” [empty string] “{854AF161-1AE1-11D1-AB9B-00C0F00683EB}” = “Corel Media Folder” -> {HKLM…CLSID} = “Corel Media Folder” \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CMFFld80.dll” [empty string] “{E856F161-1AE5-11d1-AB9B-00C0F00683EB}” = “Corel Media Folder” -> {HKLM…CLSID} = “Corel Media Folder” \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CMFFld80.dll” [empty string] “{CDB89701-262F-11D1-AB9C-00C0F00683EB}” = “Corel Media Find Folder” -> {HKLM…CLSID} = “Corel Media Find Folder” \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CMFFld80.dll” [empty string] “{F8152501-455F-11D1-B1E6-444553540000}” = “Corel Media Folder Copy Hook Handler” -> {HKLM…CLSID} = “Corel Media Folder Copy Hook Handler” \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CMFFld80.dll” [empty string] “{8E524B0D-04F0-11D1-B74A-00A0C90646A4}” = “IconFactTemp.NSIconHandlerFactory” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CNSFlt80.dll” [file not found] “{A2AC368A-F883-11D0-B745-00A0C90646A4}” = “NSFiltManDll.FiltManCom” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CNSFlt80.dll” [file not found] “{B63FCD5A-2396-11D1-B762-00A0C90646A4}” = “*d” (unwritable string) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CMFFnd80.dll” [file not found] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\System32\Audiodev.dll” [MS] “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}” = “Shell Extension for Malware scanning” -> {HKLM…CLSID} = “Shell Extension for Malware scanning” \InProcServer32(Default) = “D:\Programy\AntiVir PersonalEdition Classic\shlext.dll” [“H+BEDV Datentechnik GmbH”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Programy\WinRAR 3.61 pl\rarext.dll” [file not found] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ Shell Extension for Malware scanning(Default) = “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}” -> {HKLM…CLSID} = “Shell Extension for Malware scanning” \InProcServer32(Default) = “D:\Programy\AntiVir PersonalEdition Classic\shlext.dll” [“H+BEDV Datentechnik GmbH”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Programy\WinRAR 3.61 pl\rarext.dll” [file not found] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ FolderToCorelMediaFolder(Default) = “{0FBF99C1-4127-11D1-B1E6-C17E96D9180A}” -> {HKLM…CLSID} = “Folder To Corel Media Folder Menu Handler” \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CMFFld80.dll” [empty string] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Programy\WinRAR 3.61 pl\rarext.dll” [file not found] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Shell Extension for Malware scanning(Default) = “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}” -> {HKLM…CLSID} = “Shell Extension for Malware scanning” \InProcServer32(Default) = “D:\Programy\AntiVir PersonalEdition Classic\shlext.dll” [“H+BEDV Datentechnik GmbH”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Programy\WinRAR 3.61 pl\rarext.dll” [file not found] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\Documents and Settings\Dominik\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Dominik\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Startup items in “Dominik” & “All Users” startup folders: --------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS] “RaConfig” -> shortcut to: “C:\WINDOWS\system32\RaConfig.exe” [“Ralink Technology, Corp.”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_06” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll” [“Sun Microsystems, Inc.”] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Messenger” “Exec” = “C:\Program Files\Messenger\MSMSGS.EXE” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AntiVir PersonalEdition Classic Guard, AntiVirService, “D:\Programy\AntiVir PersonalEdition Classic\avguard.exe” [“AVIRA GmbH”] AntiVir PersonalEdition Classic Scheduler, AntiVirScheduler, “D:\Programy\AntiVir PersonalEdition Classic\sched.exe” [“Avira GmbH”] Comodo Application Agent, CmdAgent, “D:\Programy\Comodo Firewall\Personal Firewall\cmdagent.exe” [“COMODO”] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\System32\nvsvc32.exe” [“NVIDIA Corporation”] SecuROM User Access Service (V7), UserAccess7, “C:\WINDOWS\System32\UAService7.exe” [“Sony DADC Austria AG.”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\System32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzsnt05\Driver = “hpzsnt05.dll” [“HP”] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 261 seconds. ---------- (total run time: 2706 seconds)
Oto nowe logi. Dalej większych efektów nie widać, ale wywalczyłem 40 mb. A to już coś! :mrgreen:
adam9870
(adam9870)
30 Grudzień 2006 15:39
#7
Czysto.
Proponuję przeczyścić rejestr ponieważ masz trochę pustych kluczy (opis ) oraz poczytać Optymalizacja i odchudzanie Windowsa XP .