Dostaję wiadomości na gg, wciągany jestem na konferencje

piotrekplay · 15 Styczeń 2007 18:55

ostatnio mam dziwną przypadłość otóż używam tlenu, lecz przez sieć gg zostaje wciągany na jakieś konferencje, później dostaje wiadomości typu “kim jesteś” od różnych numerów a nawet tych co mam na liście kontaktów i oni mnie mają na swoich listach. Gdy się ich pytałem czy coś wysyłali każdy zaprzeczał i nie widział o co biega. Używam Firefoxa 2.0 i najnowszej testowej wersji tlenu. Mój kolega również dostaje wiadomości od różnych numerów, a jest to troszkę wkurzające, gdyż w kilka minut można dostać 15-20 takich głupich pytań.

Daje logi:

Logfile of HijackThis v1.99.1

Scan saved at 19:51:40, on 2007-01-15

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Tlen.pl\tlen.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Documents and Settings\Piotrek\Pulpit\Różne\Programy\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dragonballrw.yoyo.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll

O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL

O2 - BHO: SafeIE Utility - {B5D4581D-ED6A-4905-A267-25BAF7BE79C1} - C:\WINDOWS\System32\safeie.dll

O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe

O8 - Extra context menu item: &Ściągnij wszystko za pomocą WellGeta - C:\Program Files\WellGet\nxall.htm

O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Not found - C:\Program Files\WellGet\nxcatch.htm

O8 - Extra context menu item: Ściągnij za pomocą &WellGeta - C:\Program Files\WellGet\nxcatch.htm

O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll

O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll

O9 - Extra button: WellGet - {35980F6E-A258-4E50-953D-813BB8556899} - C:\Program Files\WellGet\WellGet.exe

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [INTERNATIONAL] International*

O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab

O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156167845436

O17 - HKLM\System\CCS\Services\Tcpip\..\{B0F42C65-42B8-4FBF-ADB3-6DAEFDAF5477}: NameServer = 194.204.152.34 217.98.63.164

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\Plugin Manager\Skype4COM.dll

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live Mail desktop\mailcomm.dll

O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

"Silent Runners.vbs", revision 48, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

"PowerBar" = (empty string)

"RocketDock" = ""C:\Program Files\RocketDock\RocketDock.exe"" [null data]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]

"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]

"DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"

  -> {HKLM...CLSID} = "BitComet Helper"

                   \InProcServer32\(Default) = "C:\Program Files\BitComet\tools\BitCometBHO.dll" ["BitComet"]

{45AD732C-2CE2-4666-B366-B2214AD57A49}\(Default) = "Idea2 SidebarBrowserMonitor Class"

  -> {HKLM...CLSID} = "Idea2 SidebarBrowserMonitor Class"

                   \InProcServer32\(Default) = "C:\Program Files\Desktop Sidebar\sbhelp.dll" ["Idea2"]

{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "Megaupload Toolbar"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL" ["MegaUpload"]

{B5D4581D-ED6A-4905-A267-25BAF7BE79C1}\(Default) = "SafeIE Utility"

  -> {HKLM...CLSID} = "FiltrateIE Class"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\safeie.dll" [empty string]

{bf00e119-21a3-4fd1-b178-3b8537e75c92}\(Default) = "Mega Manager IE Click Monitor"

  -> {HKLM...CLSID} = "IeMonitorBho Class"

                   \InProcServer32\(Default) = "C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll" ["Megaupload Limited"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"

  -> {HKLM...CLSID} = "7-Zip Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

  -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

  -> {HKLM...CLSID} = "DesktopContext Class"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

  -> {HKLM...CLSID} = "Desktop Explorer"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

  -> {HKLM...CLSID} = "nView Desktop Context Menu"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{A02DEEEB-DD87-4a4f-8F2E-B633A59BA18A}" = "Private Folder Copyhook Extention"

  -> {HKLM...CLSID} = "Private Folder"

                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Private Folder 1.0\ShellExt.dll" [MS]

"{3B153CB3-A551-4fe6-A68B-F5C96650FF39}" = "Private Folder Copyhook Extention"

  -> {HKLM...CLSID} = "Private Folder"

                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Private Folder 1.0\ShellExt.dll" [MS]

"{78237F62-8EC8-438C-83B0-1DECB4303076}" = "Private Folder FSFolder Extention"

  -> {HKLM...CLSID} = "My Private Folder"

                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Private Folder 1.0\ShellExt.dll" [MS]

"{B0FAF2DA-13EA-41CA-A62F-850DC01D1C01}" = "Private Folder Shortcut Extention"

  -> {HKLM...CLSID} = "My Private Folder"

                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Private Folder 1.0\ShellExt.dll" [MS]

"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"

  -> {HKLM...CLSID} = "UnlockerShellExtension"

                   \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]

"{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"

  -> {HKLM...CLSID} = "ShellLink for Application References"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]

"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"

  -> {HKLM...CLSID} = "Shell Icon Handler for Application References"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

  -> {HKLM...CLSID} = "NVIDIA CPL Extension"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{4EFE464B-3D0B-4800-A5DE-2321283A3256}" = "QCD IconHandler"

  -> {HKLM...CLSID} = "QIconHandler Class"

                   \InProcServer32\(Default) = "C:\Program Files\Quintessential Player\QCDIcons.dll" [empty string]

"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{1CE8B2C9-EAEF-43fc-8218-F092E4F94A47}" = "Notepad++ Shell Extension"

  -> {HKLM...CLSID} = "Notepad++ Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Notepad++\nppshellext.dll" ["Notepad++ team"]

"{45670FA8-ED97-4F44-BC93-305082590BFB}" = "Microsoft.XPS.Shell.Metadata.1"

  -> {HKLM...CLSID} = "Windows XPS Document Metadata Handler"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\XPSSHHDR.DLL" [MS]

"{44121072-A222-48f2-A58A-6D9AD51EBBE9}" = "Microsoft.XPS.Shell.Thumbnail.1"

  -> {HKLM...CLSID} = "Windows XPS Document Thumbnail Handler"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\XPSSHHDR.DLL" [MS]

"{F2185E5D-720E-4956-90D9-75F6AC141575}" = "Idea2 SidebarIconHandler Class"

  -> {HKLM...CLSID} = "SidebarIconHandler Class"

                   \InProcServer32\(Default) = "C:\Program Files\Desktop Sidebar\sbhelp.dll" ["Idea2"]

"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

  -> {HKLM...CLSID} = "Portable Media Devices"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{35786D3C-B075-49b9-88DD-029876E11C01}" = "Portable Devices"

  -> {HKLM...CLSID} = "Portable Devices"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\wpdshext.dll" [MS]

"{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}" = "Portable Devices Menu"

  -> {HKLM...CLSID} = "Portable Devices Menu"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\wpdshext.dll" [MS]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

  -> {HKLM...CLSID} = "Microsoft Office Outlook"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"0aMCPClient" = "{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"

  -> {HKLM...CLSID} = "MCPShellInstantiator Class"

                   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\Stardock\MCPCore.dll" ["Stardock"]

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

  -> {HKLM...CLSID} = "WPDShServiceObj Class"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! MCPClient\DLLName = "C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll" ["Stardock"]


HKLM\Software\Classes\PROTOCOLS\Filter\

INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]


HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"

  -> {HKLM...CLSID} = "7-Zip Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

  -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

NppShellExt\(Default) = "{1CE8B2C9-EAEF-43fc-8218-F092E4F94A47}"

  -> {HKLM...CLSID} = "Notepad++ Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Notepad++\nppshellext.dll" ["Notepad++ team"]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"

  -> {HKLM...CLSID} = "7-Zip Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]

NppShellExt\(Default) = "{1CE8B2C9-EAEF-43fc-8218-F092E4F94A47}"

  -> {HKLM...CLSID} = "Notepad++ Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Notepad++\nppshellext.dll" ["Notepad++ team"]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

  -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"

  -> {HKLM...CLSID} = "UnlockerShellExtension"

                   \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]



Active Desktop and Wallpaper:

-----------------------------


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Startup items in "Piotrek" & "All Users" startup folders:

---------------------------------------------------------


C:\Documents and Settings\Piotrek\Menu Start\Programy\Autostart

"Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

"Yahoo! Widget Engine" -> shortcut to: "C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe" [file not found]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 22

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{4D5C8C2A-D075-11D0-B416-00C04FB90376}"

  -> {HKLM...CLSID} = "Pasek poleceń Microsoft"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]

"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}"

  -> {HKLM...CLSID} = "Megaupload Toolbar"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL" ["MegaUpload"]


HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" = (no title provided)

  -> {HKLM...CLSID} = "Megaupload Toolbar"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL" ["MegaUpload"]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{09FE188B-6E85-479E-9411-51FB2220DF80}\

"ButtonText" = "Subscribe in Desktop Sidebar"

"MenuText" = "Subscribe in Desktop Sidebar"

"CLSIDExtension" = "{45AD732C-2CE2-4666-B366-B2214AD57A49}"

  -> {HKLM...CLSID} = "Idea2 SidebarBrowserMonitor Class"

                   \InProcServer32\(Default) = "C:\Program Files\Desktop Sidebar\sbhelp.dll" ["Idea2"]


{35980F6E-A258-4E50-953D-813BB8556899}\

"ButtonText" = "WellGet"

"Exec" = "C:\Program Files\WellGet\WellGet.exe" [empty string]


{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Badanie"


{E2E2DD38-D088-4134-82B7-F2BA38496583}\

"MenuText" = "@xpsp3res.dll,-20001"

"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]


{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]

avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]

avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]

avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]

Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

HP Standard TCP/IP Port\Driver = "HpTcpMon.dll" ["Hewlett Packard"]

hpzlnt12\Driver = "hpzlnt12.dll" ["HP"]

Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]



----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

  use the -supp parameter or answer "No" at the first message box.

---------- (total run time: 32 seconds, including 2 seconds for message boxes)

Gutek · 15 Styczeń 2007 19:08

To nie wina syfu, jest Ok

bartus2003 · 15 Styczeń 2007 19:18

To wina tego kto tworzy konferencję GG, przejdź się do niego i mu powiedz co o tym myślisz :x :x :lol: :x :lol:

piotrekplay · 15 Styczeń 2007 19:24

z chęcią ale nie wiem gdzie mieszka xD nie ma go w katalogu :?

bartus2003 · 15 Styczeń 2007 19:26

Hmm to go zablokuj albo coś, jak tworzy konwerencję z tobą to musi cię znać jak cię ma na liście…

piotrekplay · 15 Styczeń 2007 19:28

heheh zablokowałem już go zrobiłem to najpierw a później jeszcze ze 30 numerów gg za głupie pytania “kim jesteś?” xD

radekskl · 15 Styczeń 2007 19:34

heh ale tego niesttety nie dojdzie - w tlenie zamiast numeru pojawia sie napis “konferencja gg”. Mialem to samo - najpierw wyskakuje konfencja(z 50 osob chyba nawet ci co nie sa na gg)a za chwile z 15 osob do mnie - co chesz? ktos ty? mimo ze nikogo z nich nei znam. Dogadalem sie z jednym gosciem, nasza rozmowa wygladala tak:

17:40:16 GG# xxxxxx 

?kto ty?

17:41:20 (moj nick) (GG #xxxxxx)

eee no wlasnie chce sie czegos dowiedziec - dostales cos ode mnie ze sie odzywasz? bo jakichs 15 numerow sie odzywa co ich nei znam

17:40:57 GG# 6255045 

nie

17:42:01 (moj nick) (GG #xxxxxx)

wiec z jakiej paki sie odzywasz?

17:41:32 GG# xxxxxx 

ja do ciebie nie pisalem

17:42:34 (moj nick) (GG #xxxxxx)


"?kto ty?" a to co niby


17:41:52 GG# xxxxxx

no bo ty do mnie takie cos 


(moj gg) 17:05:33

?


17:43:03 (moj nick) (GG #xxxxxx)

lol jakis smiec albo ja mam albo ty

17:43:11 (moj nick) (GG #xxxxxx)

rozszyla wiadomosci na gg ludziom

17:43:20 (moj nick) (GG #xxxxxx)

juz z 15 osoba sie odzywa

Heh i co wy na to? wbijam na tlena a tu 15 kontaktow z poza listy sie mnie pyta co chce. Troszke denerwujace - moj kumpel tez tak ma. mam nadzieje ze szybko bedzie jakas latka czy cos. Nie macie pomyslu jak sie tego pozbyc/zablokowac? Avast full scan - nic, Ad-avare - czysto, logi z hijacka - czyste. Jeszcze cos sprawdzic?

bartus2003 · 15 Styczeń 2007 20:14

No bo używacie tlena… czy wy nie kapujecie stanu rzeczy??

Zróbcie to samo na GG to nikt was nie zapyta czego chcecie ani kim jesteście… 8)

piotrekplay · 15 Styczeń 2007 20:32

nie za gg podziękuję… nie podoba mi się ten komunikator i żre pamięć… i problemy z update.tmp eee wolę tlenika… co dziwne nie rozsyłane jest to przez seć tlena tylko przez gg więc tlen nic do tego nie ma

radekskl · 16 Styczeń 2007 15:09

heh no wlasnie - to raczej wino protoolu gg ale myslalem ze ktos sie wypowie co z tym fantem zrobic (pomijajjac wypowiedzi w stylu zainstalowac gg, aqq i takie tam albo nie uzywac komunikatorow). Milo by bylo jkaby ktos na powaznie cos doradzil