Nydagdok
(Bity)
22 Grudzień 2006 22:30
#1
Witam! Miałem ostatnio problemy z trojanem TR/Dldr.Agent.29697 i chyba się go do końca nie pozbyłem. Cały czas ma miejsce jakiś transfer, a firewall (outpost) wskazuje na dwa pliki wykonywalne antyvira (avira). Z góry dziękuję.
Logfile of HijackThis v1.99.1 Scan saved at 20:08:04, on 2006-12-22 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\PROGRA~1\Agnitum\Outpost\outpost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Updater.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\svchost.exe D:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file) O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file) O4 - HKLM…\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM…\Run: [NvMixerTray] “C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe” O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe” O4 - HKLM…\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe O4 - HKLM…\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\Outpost\outpost.exe /waitservice O4 - HKLM…\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM…\Run: [avgnt] “C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” /min O4 - HKLM…\Run: [iRiver Updater] \Updater.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent O4 - HKLM…\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM…\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM…\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM…\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU…\Run: [LogitechSoftwareUpdate] “C:\Program Files\Logitech\Video\ManifestEngine.exe” boot O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 5428283954 O17 - HKLM\System\CCS\Services\Tcpip…{EF2DF0C2-7B3D-463E-800F-C164645C9C4B}: NameServer = 10.0.0.1,193.110.120.5,217.96.97.226,194.204.159.1,194.204.152.34 O18 - Filter: text/html - (no CLSID) - (no file) O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll O20 - Winlogon Notify: rpccd - C:\WINDOWS\system32\rpccd.dll (file missing) O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\Outpost\outpost.exe O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe (file missing) O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
adam9870
(adam9870)
22 Grudzień 2006 22:35
#2
Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (wszystkie znaczki maja być na zielono, jeżeli któryś z nich będzie na żółto to go zostaw). Po użyciu narzędzia wymagany jest restart.
Ściągasz program KillBox , zaznaczasz Delete on reboot , w polu full path of file wklej ścieżkę:
C:\WINDOWS\system32\rpcc.dll
Klikasz X czerwony i restart kompa.
Zaznaczony folder usuń ręcznie z dysku w trybie awaryjnym natomiast wpisy w HijackThis.
Po wykonaniu proszę pokazać nowy log z HijackThis plus z SilentRunners .
Nydagdok
(Bity)
22 Grudzień 2006 23:44
#3
Log z HiJacka
Logfile of HijackThis v1.99.1 Scan saved at 00:45:44, on 2006-12-23 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\PROGRA~1\Agnitum\Outpost\outpost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Updater.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\wuauclt.exe D:\hijackthis\HijackThis.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx O4 - HKLM…\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM…\Run: [NvMixerTray] “C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe” O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe” O4 - HKLM…\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe O4 - HKLM…\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\Outpost\outpost.exe /waitservice O4 - HKLM…\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM…\Run: [avgnt] “C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” /min O4 - HKLM…\Run: [iRiver Updater] \Updater.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent O4 - HKLM…\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM…\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM…\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM…\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU…\Run: [LogitechSoftwareUpdate] “C:\Program Files\Logitech\Video\ManifestEngine.exe” boot O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 5428283954 O17 - HKLM\System\CCS\Services\Tcpip…{EF2DF0C2-7B3D-463E-800F-C164645C9C4B}: NameServer = 10.0.0.1,193.110.120.5,217.96.97.226,194.204.159.1,194.204.152.34 O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll (file missing) O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\Outpost\outpost.exe O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe (file missing) O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
rpcc wciąż jakby aktualny
Loga z SIlentrunners nie mogę na razie zrobić, gdyż nie mam dostępu do hosta skryptów i nie wiem, jak to zmienić.
Gutek
(Gutek)
22 Grudzień 2006 23:53
#4
Otwórz Notatnik i wklej w nim to:
Plik >>> Zapisz jako >>> Ustaw rozszerzenie z TXT na Wszystkie pliki >>> zapisz pod nazwą FIX.REG >>> kliknij podwójnie zrobiony plik i potwierdź >>> reset kompa
Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ
Pozdrawiam Gutek2222
Jak masz problem z Silentaem poczytaj - http://www.searchengines.pl/phpbb203/in … opic=15989
Nydagdok
(Bity)
24 Grudzień 2006 10:00
#5
Witam! Oto log z silentrunners:
“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “LogitechSoftwareUpdate” = ““C:\Program Files\Logitech\Video\ManifestEngine.exe” boot” [“Logitech Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “MsmqIntCert” = “regsvr32 /s mqrt.dll” [MS] “NvMixerTray” = ““C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe”” [“NVIDIA Corporation”] “QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “ccApp” = ““C:\Program Files\Common Files\Symantec Shared\ccApp.exe”” [“Symantec Corporation”] “(Default)” = “(empty string)” [file not found] “Norton Ghost 9.0” = “C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe” [file not found] “Outpost Firewall” = “C:\PROGRA~1\Agnitum\Outpost\outpost.exe /waitservice” [“Agnitum”] “Logitech Hardware Abstraction Layer” = “KHALMNPR.EXE” [“Logitech Inc.”] “avgnt” = ““C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” /min” [“Avira GmbH”] “iRiver Updater” = “\Updater.exe” [file not found] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “BluetoothAuthenticationAgent” = “rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent” [MS] “LVCOMSX” = “C:\WINDOWS\system32\LVCOMSX.EXE” [“Logitech Inc.”] “LogitechVideoRepair” = "C:\Program Files\Logitech\Video\ISStart.exe " [“Logitech Inc.”] “LogitechVideoTray” = “C:\Program Files\Logitech\Video\LogiTray.exe” [“Logitech Inc.”] “VGAUtil” = “C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe” [empty string] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {0000CC75-ACF3-4cac-A0A9-DD3868E06852}(Default) = (no title provided) -> {HKLM…CLSID} = “DAPHelper Class” \InProcServer32(Default) = “C:\Program Files\DAP\DAPBHO.dll” [“Speedbit Ltd.”] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx” [empty string] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{D3796116-94D3-4009-96D7-51578411CC7D}” = “Outpost Shell Extension” -> {HKLM…CLSID} = “oshdlr.ShellHandler” \InProcServer32(Default) = “C:\PROGRA~1\Agnitum\Outpost\oshdlr.dll” [“Agnitum Ltd.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{609D111E-13F4-40d5-A87D-AFB3B63FE6FE}” = “AviInfo ShellExt” -> {HKLM…CLSID} = “AviInfo ShellExt” \InProcServer32(Default) = “C:\WINDOWS\system32\AviInfoShell.dll” [“Starsoft”] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}” = “Shell Extension for Malware scanning” -> {HKLM…CLSID} = “Shell Extension for Malware scanning” \InProcServer32(Default) = “C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll” [“H+BEDV Datentechnik GmbH”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}” = “My Logitech Pictures” -> {HKLM…CLSID} = “My Logitech Pictures” \InProcServer32(Default) = “C:\Program Files\Logitech\Video\Namespc2.dll” [“Logitech Inc.”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] HKLM\System\CurrentControlSet\Control\Session Manager\ <> “BootExecute” = “autocheck autochk *”|“OODBS” [“O&O Software GmbH”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ 7-Zip(Default) = “{23170F69-40C1-278A-1000-000100020000}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\7-Zip\7-zipn.dll” [“Igor Pavlov”] AviInfoMenu(Default) = “{609D111E-13F4-40d5-A87D-AFB3B63FE6FE}” -> {HKLM…CLSID} = “AviInfo ShellExt” \InProcServer32(Default) = “C:\WINDOWS\system32\AviInfoShell.dll” [“Starsoft”] Shell Extension for Malware scanning(Default) = “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}” -> {HKLM…CLSID} = “Shell Extension for Malware scanning” \InProcServer32(Default) = “C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll” [“H+BEDV Datentechnik GmbH”] TheCleaner(Default) = “{2DE506B9-4320-11d3-8E42-002035221EDA}” -> {HKLM…CLSID} = “The Cleaner” \InProcServer32(Default) = “C:\Program Files\The Cleaner\tcshellex.dll” [“MooSoft Development”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ 7-Zip(Default) = “{23170F69-40C1-278A-1000-000100020000}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\7-Zip\7-zipn.dll” [“Igor Pavlov”] TheCleaner(Default) = “{2DE506B9-4320-11D3-8E42-002035221EDA}” -> {HKLM…CLSID} = “The Cleaner” \InProcServer32(Default) = “C:\Program Files\The Cleaner\tcshellex.dll” [“MooSoft Development”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ 7-Zip(Default) = “{23170F69-40C1-278A-1000-000100020000}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\7-Zip\7-zipn.dll” [“Igor Pavlov”] Shell Extension for Malware scanning(Default) = “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}” -> {HKLM…CLSID} = “Shell Extension for Malware scanning” \InProcServer32(Default) = “C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll” [“H+BEDV Datentechnik GmbH”] TheCleaner(Default) = “{2DE506B9-4320-11D3-8E42-002035221EDA}” -> {HKLM…CLSID} = “The Cleaner” \InProcServer32(Default) = “C:\Program Files\The Cleaner\tcshellex.dll” [“MooSoft Development”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Startup items in “Bity” & “All Users” startup folders: ------------------------------------------------------ C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Logitech SetPoint” -> shortcut to: “C:\Program Files\Logitech\SetPoint\SetPoint.exe” [“Logitech Inc.”] Enabled Scheduled Tasks: ------------------------ “Symantec Drmc” -> launches: “C:\Program Files\Common Files\Symantec Shared\SymDrmc.exe /CUSTOM /SCHEDULE” [“Symantec Corporation”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000004\LibraryPath = “%SystemRoot%\system32\wshbth.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 20 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {669695BC-A811-4A9D-8CDF-BA8C795F261C}\ “ButtonText” = “Run DAP” “Exec” = “C:\PROGRA~1\DAP\DAP.EXE” [“Speedbit Ltd.”] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AntiVir PersonalEdition Classic Service, AntiVirService, “C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe” [“AVIRA GmbH”] AntiVir Scheduler, AntiVirScheduler, “C:\Program Files\AntiVir PersonalEdition Classic\sched.exe” [“Avira GmbH”] Bluetooth Support Service, BthServ, “C:\WINDOWS\system32\svchost.exe -k bthsvcs” {“C:\WINDOWS\System32\bthserv.dll” [MS]} Message Queuing, MSMQ, “C:\WINDOWS\system32\mqsvc.exe” [MS] Message Queuing Triggers, MSMQTriggers, “C:\WINDOWS\system32\mqtgsvc.exe” [MS] Norton AntiVirus Firewall Monitor Service, NPFMntor, ““C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe”” [“Symantec Corporation”] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] O&O Defrag, O&O Defrag, “C:\WINDOWS\system32\oodag.exe” [“O&O Software GmbH”] Outpost Firewall Service, OutpostFirewall, “C:\PROGRA~1\Agnitum\Outpost\outpost.exe /service” [“Agnitum”] Symantec Core LC, Symantec Core LC, “C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe” [“Symantec Corporation”] Symantec Event Manager, ccEvtMgr, ““C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe”” [“Symantec Corporation”] Symantec Network Drivers Service, SNDSrvc, ““C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe”” [“Symantec Corporation”] Symantec Settings Manager, ccSetMgr, ““C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe”” [“Symantec Corporation”] Symantec SPBBCSvc, SPBBCSvc, ““C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe”” [“Symantec Corporation”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Monitor 2 języka BJ\Driver = “CNBJMON2.DLL” [MS] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 51 seconds. ---------- (total run time: 110 seconds)
Sorki za temat, ale tak to jest z “nowymi”. Widzi człowiek, że wielu tak ma, to chyba znaczy, że tak jest ok. A jednak nie.
Pozdrawiam!
Bieniol
(Bbieniol)
24 Grudzień 2006 10:24
#6
Czysto
Przeczyść rejestr (polecam do tego jv16 PowerTools ), zrób defragmentację, oraz przejrzyj: Optymalizacja XP
Wejdź: Start -> uruchom -> msconfig i w zakładce uruchamianie odznacz (według Ciebie) niepotrzebne przy autostarcie programy
Monczkin
(Monczkin)
24 Grudzień 2006 12:01
#7
Nydagdok byłeś proszony o coś przez moderatora - za chwilę temat wyleci do kosza.
Nydagdok
(Bity)
26 Grudzień 2006 18:02
#8
Dziękuję pięknie za helpa! Pozdrawiam!