Witam.
Mam taki problem, coraz częściej dostaję zwrot rzekomo z mojego konta wysłanych maili zawierających oczywiście spam. Konto mam na serwerze linuxpl.com hostującym moją stronę, w sumie konto utworzone mam tylko jedno, inne typu abuse@ webmaster@ admin@ postmaster@ czy coś, są tylko aliasami.
Mam w Thunderbirdzie skonfigurowane trzy konta - jedno to opisane powyżej, jedno na wp.pl i jedno na gmail.com. Zwroty przychodzą tylko z tego mojego konta (możliwe, że z wp.pl też się coś zdarzyło, ale nie pamiętam).
Używam Avasta i Kerio ale problem chyba leży po stronie jakiegoś ustrojstwa na kompie.
Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 23:35:34, on 2006-12-25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\prog\Avast4\ashDisp.exe
C:\Program Files\Common Files\{789B29A6-07E3-1045-0108-040504100030}\Update.exe
C:\prog\StatBar\StatBar.exe
C:\prog\TK8 EasyNote 1.1\EasyNote.exe
C:\prog\No-IP\DUC20.exe
C:\WINDOWS\system32\devldr32.exe
C:\prog\Avast4\aswUpdSv.exe
C:\prog\Avast4\ashServ.exe
C:\prog\Diskeeper\DkService.exe
C:\prog\Sunbelt Software\Personal Firewall\kpf4ss.exe
c:\usr\MYSQL\bin\mysqld.exe
C:\prog\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\prog\Avast4\ashMaiSv.exe
C:\prog\Avast4\ashWebSv.exe
C:\prog\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\prog\INTERIAPL\Stefan\Stefan.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Ajantis\Pulpit\dzwonek.exe
C:\prog\Mozilla Firefox\firefox.exe
C:\prog\Thunderbird\thunderbird.exe
F:\software\Total Commander\TOTALCMD\TOTALCMD\totalcmd.exe
C:\Documents and Settings\Ajantis\Pulpit\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\prog\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\prog\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{389B29A6-07E3-1045-0108-040504100030}\MyToolBar.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{389B29A6-07E3-1045-0108-040504100030}\MyToolBar.dll
O4 - HKLM\..\Run: [avast!] C:\prog\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\prog\Diskeeper\DkIcon.exe"
O4 - HKCU\..\Run: [StatBar] C:\prog\StatBar\StatBar.exe
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
O4 - Startup: No-IP DUC.lnk = C:\prog\No-IP\DUC20.exe
O4 - Global Startup: TK8 EasyNote 1.1.lnk = C:\prog\TK8 EasyNote 1.1\EasyNote.exe
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\prog\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\prog\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\prog\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\prog\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\prog\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\prog\MICROS~1\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C53DDB2-B2CB-4168-943E-9008E2A9C65D}: NameServer = 194.204.152.34 217.98.63.164
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\prog\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\prog\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\prog\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\prog\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\prog\Diskeeper\DkService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\prog\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: MySql - Unknown owner - c:\usr/MYSQL/bin/mysqld.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\prog\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
Silent runners
"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
"{789B29A6-07E3-1045-0108-040504100030}" = ""C:\Program Files\Common Files\{789B29A6-07E3-1045-0108-040504100030}\Update.exe" te-110-12-0000073" [null data]
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"StatBar" = "C:\prog\StatBar\StatBar.exe" ["Globe Software"]
"Update Service" = "C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup" ["Teknum Systems AS"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"avast!" = "C:\prog\Avast4\ashDisp.exe" [null data]
"DiskeeperSystray" = ""C:\prog\Diskeeper\DkIcon.exe"" ["Diskeeper Corporation"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\prog\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\prog\Java\jre1.5.0_08\bin\ssv.dll" ["Sun Microsystems, Inc."]
{C004DEC2-2623-438e-9CA2-C9043AB28508}\(Default) = (no title provided)
-> {HKLM...CLSID} = "ToolBar888"
\InProcServer32\(Default) = "C:\Program Files\Common Files\{389B29A6-07E3-1045-0108-040504100030}\MyToolBar.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{63AFBDFB-5EF8-4791-AF79-9A3C0DE48974}" = "EditPlus Context Menu Handler"
-> {HKLM...CLSID} = "EditPlus Context Menu Handler"
\InProcServer32\(Default) = "C:\prog\EditPlus 2\eppshell.dll" [null data]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\prog\WinRAR\rarext.dll" [null data]
"{A0752120-6D75-D111-B5B1-0800095A2318}" = "HandyBits EasyCrypto Shell Extensions"
-> {HKLM...CLSID} = "EasyCrypto Shell Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\tsseCryp.dll" [null data]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\prog\Avast4\ashShell.dll" ["ALWIL Software"]
"{A5110426-177D-4e08-AB3F-785F10B4439C}" = "Sony Ericsson File Manager"
-> {HKLM...CLSID} = "Sony Ericsson File Manager"
\InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile\File Manager\fmgrgui.dll" ["Sony Ericsson Mobile Communications AB"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\prog\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"
\InProcServer32\(Default) = ""C:\prog\TuneUp Utilities 2004\sdshelex.dll"" ["TuneUp Software GmbH"]
"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\prog\OpenOffice.org 2.1\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\prog\OpenOffice.org 2.1\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\prog\OpenOffice.org 2.1\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\prog\OpenOffice.org 2.1\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
HKLM\Software\Classes\PROTOCOLS\Filter\
<> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\prog\OpenOffice.org 2.1\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\prog\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\prog\Avast4\ashShell.dll" ["ALWIL Software"]
ContMenu\(Default) = "{EBDF1F20-C829-11D1-8233-0020AF3E97A9}"
-> {HKLM...CLSID} = " "
\InProcServer32\(Default) = "C:\prog\AnyReader\contmenu.dll" [null data]
EasyCryptoMenu\(Default) = "{A0752120-6D75-D111-B5B1-0800095A2318}"
-> {HKLM...CLSID} = "EasyCrypto Shell Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\tsseCryp.dll" [null data]
EditPlus\(Default) = "{63AFBDFB-5EF8-4791-AF79-9A3C0DE48974}"
-> {HKLM...CLSID} = "EditPlus Context Menu Handler"
\InProcServer32\(Default) = "C:\prog\EditPlus 2\eppshell.dll" [null data]
SharedMenuHandler\(Default) = "{916F1ADF-2F02-46C2-B7D2-310468390750}"
-> {HKLM...CLSID} = "Shared Shell Menu Handler"
\InProcServer32\(Default) = "ssmenu.dll" ["Teknum Systems AS"]
TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"
\InProcServer32\(Default) = ""C:\prog\TuneUp Utilities 2004\sdshelex.dll"" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\prog\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ContMenu\(Default) = "{EBDF1F20-C829-11D1-8233-0020AF3E97A9}"
-> {HKLM...CLSID} = " "
\InProcServer32\(Default) = "C:\prog\AnyReader\contmenu.dll" [null data]
EasyCryptoMenu\(Default) = "{A0752120-6D75-D111-B5B1-0800095A2318}"
-> {HKLM...CLSID} = "EasyCrypto Shell Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\tsseCryp.dll" [null data]
SharedMenuHandler\(Default) = "{916F1ADF-2F02-46C2-B7D2-310468390750}"
-> {HKLM...CLSID} = "Shared Shell Menu Handler"
\InProcServer32\(Default) = "ssmenu.dll" ["Teknum Systems AS"]
TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"
\InProcServer32\(Default) = ""C:\prog\TuneUp Utilities 2004\sdshelex.dll"" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\prog\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\prog\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\prog\WinRAR\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoRecentDocsMenu" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Ajantis\Dane aplikacji\IrfanView\IrfanView_Wallpaper.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]
Startup items in "Ajantis" & "All Users" startup folders:
---------------------------------------------------------
C:\Documents and Settings\Ajantis\Menu Start\Programy\Autostart
"No-IP DUC" -> shortcut to: "C:\prog\No-IP\DUC20.exe" ["Vitalwerks LLC"]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"TK8 EasyNote 1.1" -> shortcut to: "C:\prog\TK8 EasyNote 1.1\EasyNote.exe" [null data]
Enabled Scheduled Tasks:
------------------------
"1-Click Maintenance" -> launches: "C:\prog\TuneUp Utilities 2004\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\prog\NetLimiter\nl_lsp.dll [null data], 01 - 05, 11
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 12 - 25
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{C004DEC2-2623-438E-9CA2-C9043AB28508}"
-> {HKLM...CLSID} = "ToolBar888"
\InProcServer32\(Default) = "C:\Program Files\Common Files\{389B29A6-07E3-1045-0108-040504100030}\MyToolBar.dll" [null data]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{6932D140-ABC4-4073-A44C-D4A541665E35}" = "ImageShack Toolbar"
-> {HKLM...CLSID} = "ImageShack Toolbar"
\InProcServer32\(Default) = "C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll" ["ImageShack Corp."]
"{C004DEC2-2623-438E-9CA2-C9043AB28508}" = (no title provided)
-> {HKLM...CLSID} = "ToolBar888"
\InProcServer32\(Default) = "C:\Program Files\Common Files\{389B29A6-07E3-1045-0108-040504100030}\MyToolBar.dll" [null data]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\(Default) = "Volet Wanadoo"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]
HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\(Default) = "ToolBand Class"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]
HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\(Default) = "Volet Wanadoo"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]
HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\prog\MICROS~1\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{04849C74-016E-4A43-8AA5-1F01DE57F4A1}\
"ButtonText" = "Trace"
"MenuText" = "VisualRoute Trace"
"CLSIDExtension" = "{8C85E2EE-9FD6-11D5-B770-504D54C10000}"
-> {HKLM...CLSID} = "vrie"
\InProcServer32\(Default) = "C:\prog\VisualRoute\vrie.dll" ["VisualWare"]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.5.0_08"
\InProcServer32\(Default) = "C:\prog\Java\jre1.5.0_08\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_08"
\InProcServer32\(Default) = "C:\prog\Java\jre1.5.0_08\bin\npjpi150_08.dll" ["Sun Microsystems, Inc."]
{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [file not found]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Badanie"
Miscellaneous IE Hijack Points
------------------------------
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)
-> {HKLM...CLSID} = "Search Class"
\InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
avast! Antivirus, avast! Antivirus, ""C:\prog\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""C:\prog\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""C:\prog\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\prog\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
Diskeeper, Diskeeper, "C:\prog\Diskeeper\DkService.exe" ["Diskeeper Corporation"]
MySql, MySql, "c:\usr/MYSQL/bin/mysqld.exe" [null data]
Sunbelt Kerio Personal Firewall 4, KPF4, ""C:\prog\Sunbelt Software\Personal Firewall\kpf4ss.exe"" ["Sunbelt Software"]
VMware Authorization Service, VMAuthdService, "C:\Program Files\VMware\VMware Workstation\vmware-authd.exe" ["VMware, Inc."]
VMware DHCP Service, VMnetDHCP, "C:\WINDOWS\system32\vmnetdhcp.exe" ["VMware, Inc."]
VMware NAT Service, VMware NAT Service, "C:\WINDOWS\system32\vmnat.exe" ["VMware, Inc."]
VMware Virtual Mount Manager Extended, vmount2, ""C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe"" ["VMware, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
----------
<>: Suspicious data at a malware launch point.
<>: Suspicious data at a browser hijack point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 315 seconds.
---------- (total run time: 527 seconds)
Bardzo byłbym wdzięczny gdyby ktoś rzucił na to okiem .