Nie chce zapeszać… ale po Twoich radach, system wygląda już dużo “ładniej” :D…
HiJack:
Logfile of HijackThis v1.99.1
Scan saved at 16:46:29, on 2007-01-20
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\cleanmgr.exe
F:\WINDOWS\explorer.exe
X:\Piter\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVMenu] F:\Program Files\ArcaBit\ArcaVir\AVMenu.exe
O4 - HKLM\..\Run: [ArcaCheck] F:\Program Files\ArcaBit\ArcaVir\ArcaCheck.exe /startup
O4 - HKLM\..\Run: [abregmon] F:\Program Files\ArcaBit\ArcaVir\ABregmon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] F:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DAEMON Tools] "X:\Piter\daemon tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WheelMouse] F:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "F:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "F:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSConfig] F:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Steam] "f:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [VoipDiscount] "X:\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Microsoft Location Finder] "F:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - Startup: Adobe Gamma.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Sonic CinePlayer Quick Launch.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Server4PC.lnk = F:\Program Files\TechniSat DVB\bin\Server4PC.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pobierz używając Download &Express'a - F:\Program Files\Download Express\Add_Url.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/sezam/components/SignActivX.cab
O20 - Winlogon Notify: TS_LogonListener - F:\WINDOWS\SYSTEM32\TS_LogonListener.dll
O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit - F:\Program Files\ArcaBit\ArcaVir\NetMonSV.exe
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ArcaBit.Core.Configurator - ArcaBit - F:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe
O23 - Service: ArcaBit.Core.LoggingService - ArcaBit - F:\Program Files\ArcaBit\Common\ArcaBit.Core.LoggingService.exe
O23 - Service: ArcaBit.TaskScheduler - ArcaBit sp. z o.o. - F:\Program Files\ArcaBit\Common\TaskScheduler.exe
O23 - Service: ArcaVir Antivirus Monitor Service (ArcaVirMonitor) - ArcaBit - F:\Program Files\ArcaBit\ArcaVir\AvMon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - V:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: NetLimiter (nlsvc) - Locktime Software - X:\Piter\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - v:\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - V:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Silent Runners:
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "F:\WINDOWS\system32\ctfmon.exe" [MS]
"MSMSGS" = ""F:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""F:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"" ["Nero AG"]
"Steam" = ""f:\program files\valve\steam\steam.exe" -silent" ["Valve Corporation"]
"VoipDiscount" = ""X:\VoipDiscount\VoipDiscount.exe" -nosplash -minimized" [file not found]
"Start WingMan Profiler" = "(empty string)" [file not found]
"Microsoft Location Finder" = ""F:\Program Files\Microsoft Location Finder\LocationFinder.exe"" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
"none" = "F:\Program Files\Video ActiveX Object\pmsngr.exe" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Ptipbmf" = "rundll32.exe ptipbmf.dll,SetWriteCacheMode" [MS]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"AVMenu" = "F:\Program Files\ArcaBit\ArcaVir\AVMenu.exe" ["ArcaBit"]
"ArcaCheck" = "F:\Program Files\ArcaBit\ArcaVir\ArcaCheck.exe /startup" ["ArcaBit"]
"abregmon" = "F:\Program Files\ArcaBit\ArcaVir\ABregmon.exe" ["ArcaBit"]
"SunJavaUpdateSched" = ""F:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"NWEReboot" = "(empty string)" [file not found]
"NeroFilterCheck" = "F:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"AtiPTA" = "atiptaxx.exe" ["ATI Technologies, Inc."]
"PinnacleDriverCheck" = "F:\WINDOWS\system32\PSDrvCheck.exe -CheckReg" [empty string]
"HP Software Update" = "F:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]
"DAEMON Tools" = ""X:\Piter\daemon tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]
"WheelMouse" = "F:\Program Files\A4Tech\Mouse\Amoumain.exe" ["A4Tech Co., Ltd."]
"ISUSPM Startup" = ""F:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup" ["Macrovision Corporation"]
"ISUSScheduler" = ""F:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start" ["Macrovision Corporation"]
"MSConfig" = "F:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "F:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "F:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "F:\Program Files\WinRAR\rarext.dll" [null data]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "F:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{506F4668-F13E-4AA1-BB04-B43203AB3CC0}" = "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"
-> {HKLM...CLSID} = "ImageExtractorShellExt Class"
\InProcServer32\(Default) = "F:\Program Files\Microsoft Office\Visio11\VISSHE.DLL" [null data]
"{D66DC78C-4F61-447F-942B-3FB6980118CF}" = "{D66DC78C-4F61-447F-942B-3FB6980118CF}"
-> {HKLM...CLSID} = "CInfoTipShellExt Class"
\InProcServer32\(Default) = "F:\Program Files\Microsoft Office\Visio11\VISSHE.DLL" [null data]
"{D7824897-C8DC-49b4-B790-30F7ED16A5FD}" = "ArcaVir Shell Extension"
-> {HKLM...CLSID} = "ArcaVir Shell Extension"
\InProcServer32\(Default) = "F:\Program Files\ArcaBit\arcavir\avshell.dll" [null data]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "F:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "F:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
\InProcServer32\(Default) = "F:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll" ["Alcohol Soft Development Team"]
"{79BC0345-1015-11D2-A299-006008312725}" = "blue.shell"
-> {HKLM...CLSID} = "Studio.Project"
\InProcServer32\(Default) = "V:\program\programs\BlueShellExt.dll" [null data]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "F:\WINDOWS\system32\Audiodev.dll" [MS]
"{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}" = "Autodesk Drawing Preview"
-> {HKLM...CLSID} = "ACTHUMBNAIL"
\InProcServer32\(Default) = "F:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll" ["Autodesk"]
"{36A21736-36C2-4C11-8ACB-D4136F2B57BD}" = "AutoCAD Digital Signatures Icon Overlay Handler"
-> {HKLM...CLSID} = "AcSignIcon"
\InProcServer32\(Default) = "F:\WINDOWS\system32\AcSignIcon.dll" ["Autodesk"]
"{6DEA92E9-8682-4b6a-97DE-354772FE5727}" = "Autodesk DWF Preview"
-> {HKLM...CLSID} = "ACDWFTHMBPRXY"
\InProcServer32\(Default) = "F:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll" ["Autodesk"]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
<> TS_LogonListener\DLLName = "TS_LogonListener.dll" ["ArcaBit sp. z o.o."]
HKLM\Software\Classes\PROTOCOLS\Filter\
<> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "F:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "F:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ArcaVirShell\(Default) = "{D7824897-C8DC-49b4-B790-30F7ED16A5FD}"
-> {HKLM...CLSID} = "ArcaVir Shell Extension"
\InProcServer32\(Default) = "F:\Program Files\ArcaBit\arcavir\avshell.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "F:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "F:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
ArcaVirShell\(Default) = "{D7824897-C8DC-49b4-B790-30F7ED16A5FD}"
-> {HKLM...CLSID} = "ArcaVir Shell Extension"
\InProcServer32\(Default) = "F:\Program Files\ArcaBit\arcavir\avshell.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "F:\Program Files\WinRAR\rarext.dll" [null data]
Default executables:
--------------------
HKCU\Software\Classes\.scr\(Default) = "DWGTrueViewScriptFile"
<> HKCU\Software\Classes\DWGTrueViewScriptFile\shell\open\command\(Default) = ""F:\WINDOWS\system32\notepad.exe" "%1"" [MS]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "F:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "F:\WINDOWS\system32\logon.scr" [MS]
Startup items in "dom" & "All Users" startup folders:
-----------------------------------------------------
F:\Documents and Settings\dom\Menu Start\Programy\Autostart
"Adobe Gamma" -> shortcut to: "F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Sonic CinePlayer Quick Launch" -> shortcut to: "F:\Program Files\Common Files\Sonic Shared\cinetray.exe" ["Sonic Solutions"]
F:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"HP Digital Imaging Monitor" -> shortcut to: "F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]
"HP Image Zone - szybkie uruchamianie" -> shortcut to: "F:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe -s" [null data]
"Server4PC" -> shortcut to: "F:\Program Files\TechniSat DVB\bin\Server4PC.exe" ["B2C2, Inc."]
Enabled Scheduled Tasks:
------------------------
"HPpromotions journeysoftware" -> launches: "F:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe /N "journeysoftware" -r" ["hp"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 18
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.5.0_10"
\InProcServer32\(Default) = "F:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_10"
\InProcServer32\(Default) = "F:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll" ["Sun Microsystems, Inc."]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Badanie"
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "F:\Program Files\Messenger\msmsgs.exe" [MS]
All Non-Disabled Services (Display Name, Service Name, Path {Service DLL}):
---------------------------------------------------------------------------
.NET Runtime Optimization Service v2.0.50727_X86, clr_optimization_v2.0.50727_32, "F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe" [MS]
Adobe LM Service, Adobe LM Service, ""F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"" ["Adobe Systems"]
ArcaBit NetMonitor, ABNetMon, "F:\Program Files\ArcaBit\ArcaVir\NetMonSV.exe" ["ArcaBit"]
ArcaBit.Core.Configurator, ArcaBit.Core.Configurator, ""F:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe"" ["ArcaBit"]
ArcaBit.Core.LoggingService, ArcaBit.Core.LoggingService, ""F:\Program Files\ArcaBit\Common\ArcaBit.Core.LoggingService.exe"" ["ArcaBit"]
ArcaBit.TaskScheduler, ArcaBit.TaskScheduler, "F:\Program Files\ArcaBit\Common\TaskScheduler.exe" ["ArcaBit sp. z o.o."]
ArcaVir Antivirus Monitor Service, ArcaVirMonitor, "F:\Program Files\ArcaBit\ArcaVir\AvMon.exe" ["ArcaBit"]
ASP.NET State Service, aspnet_state, "F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe" [MS]
Ati HotKey Poller, Ati HotKey Poller, "F:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
ATI Smart, ATI Smart, "F:\WINDOWS\system32\ati2sgag.exe" [empty string]
Karta wydajności WMI, WmiApSrv, "F:\WINDOWS\system32\wbem\wmiapsrv.exe" [MS]
MSSQL$PINNACLESYS, MSSQL$PINNACLESYS, ""V:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS" [MS]
MSSQLServerADHelper, MSSQLServerADHelper, ""F:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe"" [MS]
NetLimiter, nlsvc, ""X:\Piter\NetLimiter 2 Pro\nlsvc.exe"" ["Locktime Software"]
Office Source Engine, ose, ""F:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"" [MS]
Pinnacle Systems Media Service, PinnacleSys.MediaServer, "v:\pinnacle\shared files\programs\mediaserver\pmshost.exe" [null data]
Pml Driver HPZ12, Pml Driver HPZ12, "F:\WINDOWS\system32\HPZipm12.exe" ["HP"]
SQLAgent$PINNACLESYS, SQLAgent$PINNACLESYS, ""V:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS" [MS]
StarWind iSCSI Service, StarWindService, "F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]
Usługa administracyjna Menedżera dysków logicznych, dmadmin, "F:\WINDOWS\System32\dmadmin.exe /com" ["Microsoft Corp., Veritas Software"]
Usługa dostarczania sieci, xmlprov, "F:\WINDOWS\System32\svchost.exe -k netsvcs" {"F:\WINDOWS\System32\xmlprov.dll" [MS]}
Usługa numeru seryjnego multimediów przenośnych, WmdmPmSN, "F:\WINDOWS\System32\svchost.exe -k netsvcs" {"F:\WINDOWS\system32\MsPMSNSv.dll" [MS]}
Windows User Mode Driver Framework, UMWdf, "F:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzlnt12\Driver = "hpzlnt12.dll" ["HP"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
----------
<>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 8 seconds.
---------- (total run time: 36 seconds)
Rapport:
SmitFraudFix v2.132
Scan done at 16:32:33,70, 2007-01-20
Run from X:\Piter\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!Attention, following keys are not inevitably infected!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
F:\DOCUME~1\dom\Ulubione\Online Security Test.url Deleted
F:\Program Files\Video ActiveX Object\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!Attention, following keys are not inevitably infected!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!Attention, following keys are not inevitably infected!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End[/code]
To chyba jest to.