mam problem z czerwona, migajaca ikonka, ktora pojawia sie przy zegarze i co jakis czas informuje, ze moj komputer jest zainfekowany. nie pomogl tego usunac advare, spybot i inne tego typu programy.
jesli ktos wie, jak sie tego pozbyc, prosze o pomoc.
ponizej moj log, nie wiem, co z tym zrobic, nie znam sie na kompach:
“Silent Runners.vbs”, revision 44, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
“CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
“wininet.dll” = (empty string)
“kernel32.dll” = (empty string)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
“SynTPLpr” = ““C:\Program Files\Synaptics\SynTP\SynTPLpr.exe”” [“Synaptics, Inc.”]
“SynTPEnh” = ““C:\Program Files\Synaptics\SynTP\SynTPEnh.exe”” [“Synaptics, Inc.”]
“IgfxTray” = ““C:\WINDOWS\system32\igfxtray.exe”” [“Intel Corporation”]
“HotKeysCmds” = ““C:\WINDOWS\system32\hkcmd.exe”” [“Intel Corporation”]
“TPKMAPHELPER” = "“C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe " -helper” [“IBM Corp.”]
“TPHOTKEY” = ““C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe”” [null data]
“EZEJMNAP” = ““C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe”” [“IBM Corp.”]
“UC_Start” = ““C:\Program Files\IBM\Updater\ucstartup.exe”” [null data]
“BMMLREF” = ““C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE”” [null data]
“BMMMONWND” = "“rundll32.exe " C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor” [MS]
“AVGCtrl” = ““C:\Program Files\AVPersonal\AVGNT.EXE” /min” [“H+BEDV Datentechnik GmbH”]
“QCTRAY” = “C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE” [“IBM Corp.”]
“QCWLICON” = “C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE” [“IBM Corp.”]
“PRONoMgrWired” = ““C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe”” [“Intel® Corporation”]
“IBMPRC” = “C:\IBMTOOLS\UTILS\ibmprc.exe” [“IBM Corp.”]
“WooCnxMon” = “C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [empty string]
“SpeedTouch USB Diagnostics” = ““C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon” [“THOMSON Telecom Belgium”]
“WOOWATCH” = “C:\PROGRA~1\NEOSTR~1\Watch.exe” [“France Télécom R&D”]
“WOOTASKBARICON” = “C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [“France Télécom R&D”]
“TkBellExe” = ““C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot” [“RealNetworks, Inc.”]
“HP Component Manager” = ““C:\Program Files\HP\hpcoretech\hpcmpmgr.exe”” [“Hewlett-Packard Company”]
“HPDJ Taskbar Utility” = “C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe” [“HP”]
“HP Software Update” = ““C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe”” [“Hewlett-Packard Company”]
“Windows Defender” = ““C:\Program Files\Windows Defender\MSASCui.exe” -hide” [MS]
“TpShocks” = ““TpShocks.exe”” [“IBM Corp.”]
“TP4EX” = ““tp4ex.exe”” [“IBM Corporation”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{8d83b16e-0de1-452b-ac52-96ec0b34aa4b}(Default) = (no title provided)
-> {HKLM…CLSID} = “Nothing”
\InProcServer32(Default) = “C:\WINDOWS\system32\hpF1DC.tmp” [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”
-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”
\InProcServer32(Default) = “deskpan.dll” [file not found]
“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”
-> {HKLM…CLSID} = “HyperTerminal Icon Ext”
\InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”]
“{640167b4-59b0-47a6-b335-a6b3c0695aea}” = “Portable Media Devices”
-> {HKLM…CLSID} = “Portable Media Devices”
\InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS]
“{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu”
-> {HKLM…CLSID} = “Portable Media Devices Menu”
\InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS]
“{21569614-B795-46b1-85F4-E737A8DC09AD}” = “Shell Search Band”
-> {HKLM…CLSID} = “Shell Search Band”
\InProcServer32(Default) = “C:\WINDOWS\system32\browseui.dll” [MS]
“{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player”
-> {HKLM…CLSID} = “RealOne Player Context Menu Class”
\InProcServer32(Default) = “C:\Program Files\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”]
“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\msohev.dll” [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
INFECTION WARNING! “{AC1B4DA2-12FA-31F2-1A7D-CD2B14E6AD4E}” = “USB Mouse Driver”
-> {HKCU…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\WINDOWS\system32\suprox.dll” [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! “{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}” = “Microsoft AntiMalware ShellExecuteHook”
-> {HKLM…CLSID} = “Microsoft AntiMalware ShellExecuteHook”
\InProcServer32(Default) = “C:\PROGRA~1\WIFD1F~1\MpShHook.dll” [MS]
INFECTION WARNING! “{54D9498B-CF93-414F-8984-8CE7FDE0D391}” = “ewido shell guard”
-> {HKLM…CLSID} = “CShellExecuteHookImpl Object”
\InProcServer32(Default) = “C:\Program Files\ewido anti-malware\shellhook.dll” ["TODO: "]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! igfxcui\DLLName = “igfxsrvc.dll” [“Intel Corporation”]
INFECTION WARNING! QConGina\DLLName = “QConGina.dll” [“IBM Corp.”]
INFECTION WARNING! tphotkey\DLLName = “tphklock.dll” [null data]
HKLM\Software\Classes*\shellex\ContextMenuHandlers\
AntiVir/Win(Default) = “{a7cda720-84ee-11d0-b5c0-00001b3ca278}”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\AVPersonal\AVShlExt.DLL” [“H+BEDV Datentechnik GmbH”]
ewido(Default) = “{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}”
-> {HKLM…CLSID} = “Ctest Object”
\InProcServer32(Default) = “C:\Program Files\ewido anti-malware\context.dll” [“ewido networks”]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido(Default) = “{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}”
-> {HKLM…CLSID} = “Ctest Object”
\InProcServer32(Default) = “C:\Program Files\ewido anti-malware\context.dll” [“ewido networks”]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AntiVir/Win(Default) = “{a7cda720-84ee-11d0-b5c0-00001b3ca278}”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\AVPersonal\AVShlExt.DLL” [“H+BEDV Datentechnik GmbH”]
Active Desktop and Wallpaper:
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
“Wallpaper” = “C:\WINDOWS\1400 x 1050 IBM EMEA Map.bmp”
Enabled Screen Saver:
HKCU\Control Panel\Desktop\
“SCRNSAVE.EXE” = “C:\WINDOWS\D&GSCR~1.SCR” [file not found]
Startup items in “P_DGHMP” & “All Users” startup folders:
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
“Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l” [MS]
Enabled Scheduled Tasks:
“MP Scheduled Scan” -> launches: “C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges” [MS]
“Przypomnienie o rejestracji 1” -> launches: “C:\WINDOWS\system32\OOBE\oobebaln.exe /sys /r /n:1” [MS]
“Przypomnienie o rejestracji 2” -> launches: “C:\WINDOWS\system32\OOBE\oobebaln.exe /sys /r /n:2” [MS]
“Przypomnienie o rejestracji 3” -> launches: “C:\WINDOWS\system32\OOBE\oobebaln.exe /sys /r /n:3” [MS]
Winsock2 Service Provider DLLs:
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]
000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 16
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
Explorer Bars
Dormant Explorer Bars in “View, Explorer Bar” menu
HKLM\Software\Classes\CLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = “Volet Wanadoo”
Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string]
HKLM\Software\Classes\CLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = “ToolBand Class”
Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string]
HKLM\Software\Classes\CLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = “Volet Wanadoo”
Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{D1A4DEBD-C2EE-449F-B9FB-E8409F9A0BC5}\
“ButtonText” = “Software Installer”
“Exec” = “C:\Program Files\ThinkPad\PkgMgr\PkgMgr.exe” [“Lenovo Group Limited”]
Miscellaneous IE Hijack Points
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
Missing lines (compared with English-language version):
“{08C06D61-F1F3-4799-86F8-BE1A89362C85}” = (no title provided)
-> {HKLM…CLSID} = “Search Class”
\InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL” [empty string]
Running Services (Display Name, Service Name, Path {Service DLL}):
AntiVir Service, AntiVirService, ““C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE”” [“H+BEDV Datentechnik GmbH”]
AntiVir Update, AVWUpSrv, ““C:\Program Files\AVPersonal\AVWUPSRV.EXE”” [“H+BEDV Datentechnik GmbH, Germany”]
ewido security suite control, ewido security suite control, “C:\Program Files\ewido anti-malware\ewidoctrl.exe” [“ewido networks”]
ewido security suite guard, ewido security suite guard, “C:\Program Files\ewido anti-malware\ewidoguard.exe” [“ewido networks”]
IBM HDD APS Logging Service, TPHDEXLGSVC, “System32\TPHDEXLG.EXE” [“IBM Corporation”]
IBM KCU Service, TpKmpSVC, “C:\WINDOWS\system32\TpKmpSVC.exe” [null data]
IBM Rapid Restore Ultra Service, IBM Rapid Restore Ultra Service, ““C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe”” [empty string]
QCONSVC, QCONSVC, “System32\QCONSVC.EXE” [“IBM Corp.”]
SoundMAX Agent Service, SoundMAX Agent Service (default), “C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe” [“Analog Devices, Inc.”]
ThinkPad PM Service, IBMPMSVC, “C:\WINDOWS\system32\ibmpmsvc.exe” [“Lenovo.”]
Windows Defender Service, WinDefend, ““C:\Program Files\Windows Defender\MsMpEng.exe”” [MS]
Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS]
Print Monitors:
HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzlnt10\Driver = “hpzlnt10.dll” [“HP”]
-
This report excludes default entries except where indicated.
-
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
- The search for DESKTOP.INI DLL launch points on all local fixed drives
took 309 seconds.
- The search for all Registry CLSIDs containing dormant Explorer Bars
took 31 seconds.
---------- (total run time: 403 seconds)