z silenta juz sie bedzie robil - 27.11.2006 15:07:37 - ##### check started #####
27.11.2006 15:07:37 - ### Version: 1.4
27.11.2006 15:07:37 - ### Date: 2006-11-27 15:07:37
27.11.2006 15:07:38 - ##### checking bots #####
27.11.2006 15:14:06 - found: Microsoft.WindowsSecurityCenter.AntiVirusOverride Ustawienia
27.11.2006 15:18:30 - ##### checking usage tracking #####
27.11.2006 15:18:30 - found: Common Dialogs History 4 files
27.11.2006 15:18:31 - found: Log Activity: SchedLgU.Txt SchedLgU.Txt
27.11.2006 15:18:31 - found: Log Shutdown: System32\wbem\logs\wbemess.log System32\wbem\logs\wbemess.log
27.11.2006 15:18:31 - found: Log Shutdown: System32\wbem\logs\wbemprox.log System32\wbem\logs\wbemprox.log
27.11.2006 15:18:31 - found: Log Shutdown: System32\wbem\logs\wmiprov.log System32\wbem\logs\wmiprov.log
27.11.2006 15:18:31 - found: Ahead Nero Burning Rom Browser directory
27.11.2006 15:18:31 - found: Ahead Nero Burning Rom Working directory
27.11.2006 15:18:31 - found: Ahead Nero Burning Rom Last ISO directory
27.11.2006 15:18:32 - found: Internet Explorer Download directory
27.11.2006 15:18:32 - found: MS Management Console Recent command list 1 plików
27.11.2006 15:18:32 - found: MS Media Player Recent file list 1 plików
27.11.2006 15:18:33 - found: MS Media Player Anonymous ID
27.11.2006 15:18:33 - found: MS Direct3D Most recent application
27.11.2006 15:18:33 - found: MS DirectDraw Most recent application
27.11.2006 15:18:34 - found: MS Office 11.0 (Excel) Recent file list 1 plików
27.11.2006 15:18:34 - found: MS Office 11.0 (Word) Recent file list
27.11.2006 15:18:34 - found: MS Regedit Recent open key
27.11.2006 15:18:34 - found: MS Search Assistant Typed search terms history
27.11.2006 15:18:35 - found: Windows.OpenWith Open with list - .BMP extension 4 plików
27.11.2006 15:18:35 - found: Windows Explorer Recent wallpaper list 501 plików
27.11.2006 15:18:35 - found: Windows Explorer Stream history 4 plików
27.11.2006 15:18:35 - found: Windows Explorer User Assistant history IE 6 plików
27.11.2006 15:18:35 - found: Windows Explorer User Assistant history files 64 plików
27.11.2006 15:18:36 - found: Windows Explorer Last visited history 2 plików
27.11.2006 15:18:36 - found: Windows Explorer Recent file global history
27.11.2006 15:18:36 - found: Windows Media SDK Computer name
27.11.2006 15:18:36 - found: Windows Media SDK Computer name
27.11.2006 15:18:36 - found: Windows Media SDK Computer name
27.11.2006 15:18:36 - found: Windows Media SDK Unique ID
27.11.2006 15:18:36 - found: Windows Media SDK Volume serial number
27.11.2006 15:18:36 - found: WinRAR Last used directory
27.11.2006 15:18:36 - found: Cookie Cookie (23)
27.11.2006 15:18:36 - found: Cache Bufor (950)
27.11.2006 15:18:37 - ##### check finished #####
— Report generated: 2006-11-27 15:18 —
Microsoft.WindowsSecurityCenter.AntiVirusOverride: Ustawienia (Zmiany w rejestrze, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0
Common Dialogs: History (4 files) (Klucz rejestru, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU
Log: Activity: SchedLgU.Txt (Plik kopii zapasowej, nothing done)
C:\WINDOWS\SchedLgU.Txt
Log: Shutdown: System32\wbem\logs\wbemess.log (Plik kopii zapasowej, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log
Log: Shutdown: System32\wbem\logs\wbemprox.log (Plik kopii zapasowej, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemprox.log
Log: Shutdown: System32\wbem\logs\wmiprov.log (Plik kopii zapasowej, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log
Ahead Nero Burning Rom: Browser directory (Zmiany w rejestrze, nothing done)
HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\Ahead\Nero - Burning Rom\Settings\BrowserDir!=
Ahead Nero Burning Rom: Working directory (Zmiany w rejestrze, nothing done)
HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\Ahead\Nero - Burning Rom\Settings\WorkingDir!=
Ahead Nero Burning Rom: Last ISO directory (Zmiany w rejestrze, nothing done)
HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\ahead\Nero - Burning Rom\General\OFDLastISODir!=
Internet Explorer: Download directory (Zmiany w rejestrze, nothing done)
HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\Microsoft\Internet Explorer\Download Directory!=
MS Management Console: Recent command list (1 plików) (Klucz rejestru, nothing done)
HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\Microsoft\Microsoft Management Console\Recent File List
MS Media Player: Recent file list (1 plików) (Klucz rejestru, nothing done)
HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\Microsoft\MediaPlayer\Player\RecentFileList
MS Media Player: Anonymous ID (Zmiany w rejestrze, nothing done)
HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID!=B=0
MS Direct3D: Most recent application (Zmiany w rejestrze, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name!=
MS DirectDraw: Most recent application (Zmiany w rejestrze, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name!=
MS Office 11.0 (Excel): Recent file list (1 plików) (Klucz rejestru, nothing done)
HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\Microsoft\Office\11.0\Excel\Recent Files
MS Office 11.0 (Word): Recent file list (Wartość rejestru, nothing done)
HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\Microsoft\Office\11.0\Word\Data\Settings
MS Regedit: Recent open key (Zmiany w rejestrze, nothing done)
HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey!=
MS Search Assistant: Typed search terms history (Klucz rejestru, nothing done)
HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\Microsoft\Search Assistant\ACMru
Windows.OpenWith: Open with list - .BMP extension (4 plików) (Klucz rejestru, nothing done)
HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts.BMP\OpenWithList
Windows Explorer: Recent wallpaper list (501 plików) (Klucz rejestru, nothing done)
HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU
Windows Explorer: Stream history (4 plików) (Klucz rejestru, nothing done)
HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: User Assistant history IE (6 plików) (Klucz rejestru, nothing done)
HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: User Assistant history files (64 plików) (Klucz rejestru, nothing done)
HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: Last visited history (2 plików) (Klucz rejestru, nothing done)
HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
Windows Explorer: Recent file global history (Klucz rejestru, nothing done)
HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Media SDK: Computer name (Zmiany w rejestrze, nothing done)
HKEY_USERS.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName
Windows Media SDK: Computer name (Zmiany w rejestrze, nothing done)
HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName
Windows Media SDK: Computer name (Zmiany w rejestrze, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName
Windows Media SDK: Unique ID (Zmiany w rejestrze, nothing done)
HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}
Windows Media SDK: Volume serial number (Wartość rejestru, nothing done)
HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
WinRAR: Last used directory (Zmiany w rejestrze, nothing done)
HKEY_USERS\S-1-5-21-1275210071-1614895754-1801674531-1003\Software\WinRAR\General\LastFolder!=
Cookie: Cookie (23) (Cookie, nothing done)
Cache: Bufor (950) (Bufor, nothing done)
— Spybot - Search & Destroy version: 1.4 (build: 20050523) —
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-09-06 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-11-24 Includes\Cookies.sbi (*)
2006-10-13 Includes\Dialer.sbi (*)
2006-11-24 Includes\DialerC.sbi (*)
2006-11-24 Includes\Hijackers.sbi (*)
2006-11-24 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2006-11-24 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-10-13 Includes\Malware.sbi (*)
2006-11-24 Includes\MalwareC.sbi (*)
2006-10-20 Includes\PUPS.sbi (*)
2006-11-24 Includes\PUPSC.sbi (*)
2006-11-24 Includes\Revision.sbi (*)
2006-10-13 Includes\Security.sbi (*)
2006-11-24 Includes\SecurityC.sbi (*)
2006-10-13 Includes\Spybots.sbi (*)
2006-11-24 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2006-11-24 Includes\Trojans.sbi (*)
2006-11-24 Includes\TrojansC.sbi (*)
Złączono Posta : 27.11.2006 (Pon) 16:29
“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“ctfmon.exe” = “C:\WINDOWS\system32\ctfmon.exe” [MS]
“Windows Registry Repair Pro” = “C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4” [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“KAVWks50” = ““C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe” /minimize /chkas” [“Kaspersky Lab”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM…CLSID} = “AcroIEHlprObj Class”
\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)
-> {HKLM…CLSID} = “SSVHelper Class”
\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Display Panning CPL Extension”
-> {HKLM…CLSID} = “Display Panning CPL Extension”
\InProcServer32(Default) = “deskpan.dll” [file not found]
“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “HyperTerminal Icon Ext”
-> {HKLM…CLSID} = “HyperTerminal Icon Ext”
\InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”]
“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS]
“{e57ce731-33e8-4c51-8354-bb4de9d215d1}” = “Universal Plug and Play Devices”
-> {HKLM…CLSID} = “Universal Plug and Play Devices”
\InProcServer32(Default) = “C:\WINDOWS\system32\upnpui.dll” [MS]
“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [file not found]
“{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu”
-> {HKLM…CLSID} = “Portable Media Devices Menu”
\InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<> “{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}” = “Microsoft AntiMalware ShellExecuteHook”
-> {HKLM…CLSID} = “Microsoft AntiMalware ShellExecuteHook”
\InProcServer32(Default) = “C:\PROGRA~1\WIFD1F~1\MpShHook.dll” [MS]
<> “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “ewido anti-spyware 4.0”
-> {HKLM…CLSID} = “CShellExecuteHookImpl Object”
\InProcServer32(Default) = “C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll” [“Anti-Malware Development a.s.”]
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
“WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}”
-> {HKLM…CLSID} = “WPDShServiceObj Class”
\InProcServer32(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll” [MS]
HKLM\Software\Classes\PROTOCOLS\Filter\
<> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info”
-> {HKLM…CLSID} = “PDF Shell Extension”
\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”]
HKLM\Software\Classes*\shellex\ContextMenuHandlers\
ewido anti-spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}”
-> {HKLM…CLSID} = “CContextScan Object”
\InProcServer32(Default) = “C:\Program Files\ewido anti-spyware 4.0\context.dll” [“Anti-Malware Development a.s.”]
Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\shellex.dll” [“Kaspersky Lab”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [file not found]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido anti-spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}”
-> {HKLM…CLSID} = “CContextScan Object”
\InProcServer32(Default) = “C:\Program Files\ewido anti-spyware 4.0\context.dll” [“Anti-Malware Development a.s.”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [file not found]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\shellex.dll” [“Kaspersky Lab”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [file not found]
Group Policies {GPedit.msc branch and setting}:
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
“ClearRecentDocsOnExit” = (REG_DWORD) hex:0x00000001
{unrecognized setting}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
Złączono Posta : 27.11.2006 (Pon) 16:45
No i przepraszam za dlugi czas wysylania tych logow. Niestety ale moj pc strasznie sie tym zmeczyl. Z tego co zauwazylem i Ad Aware se personal jak i Ewido anti-spyware wciaz co drugi dzien pokazuje jeszcze zainfekowanie przez pliki jak : tradedoubler, mediaplex, trojan.win32.tz no i sporadycznie (juz dwa razy w pzreciagu ostatnich dwoch tygodni) wyszukuje need2find i virusbursta.
Dzieki za ewentualna pomoc i jak cos to gdzie wysylac dobrowolne datki za okazana pomoc
Złączono Posta : 27.11.2006 (Pon) 17:48
ewido anti-spyware - Scan Report
C:\Documents and Settings\john\Cookies\john@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
::Report end
Złączono Posta : 27.11.2006 (Pon) 21:41
Wiec moj komputer bedzie chodzil normalnie czy nie ma juz szans by cos z nim zrobic ?
Czym mam go jeszcze zeskanowac by ktos powiedzial co robic ?