Proszę o sprawdzenie loga
Bardzo proszę o sprawdzenie loga
Logfile of HijackThis v1.99.1
Scan saved at 12:29:12, on 2006–01–25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\G DATA\AVKMail\AVKPOP.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\AntiVirenKit\AVKService.exe
C:\Program Files\AntiVirenKit\AVKWCtl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ANNA\USTAWI~1\Temp\Rar$EX00.610\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wpisz własny tekst który ukaźe się na belce Internet Explorera
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O1 – Hosts: 23:00 2006–01–22#
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: SSVHelper Class – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar1.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar1.dll
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd2.exe
O4 – HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 – HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
O4 – HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 – HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe –onlytray
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [AVK Mail Checker] "C:\Program Files\Common Files\G DATA\AVKMail\AVKPOP.EXE"
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 – HKCU\..\Run: [AVKBar] "C:\Program Files\AntiVirenKit\AVKBar.exe"
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 – Extra context menu item: &Google Search – res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: Backward &Links – res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cac&hed Snapshot of Page – res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Si&milar Pages – res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate into English – res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O16 – DPF: {1A781DED–C22D–4153–3213–A3211E29DF13} (GameDesire Card Games) – http://67.15.101.3/g_bin/pl/cards_2_0_0_66.cab
O16 – DPF: {644E432F–49D3–41A1–8DD5–E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 – DPF: {6E32070A–766D–4EE6–879C–DC1FA91D2FC3} (MUWebControl Class) – http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135237774578
O16 – DPF: {EB387D2F–E27B–4D36–979E–847D1036C65D} (QDiagHUpdateObj Class) – http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O23 – Service: AVK Service (AVKService) – Unknown owner – C:\Program Files\AntiVirenKit\AVKService.exe
O23 – Service: Straźnik AVK (AVKWCtl) – Unknown owner – C:\Program Files\AntiVirenKit\AVKWCtl.exe
O23 – Service: Kodak Camera Connection Software (KodakCCS) – Eastman Kodak Company – C:\WINDOWS\system32\drivers\KodakCCS.exe
Logfile of HijackThis v1.99.1
Scan saved at 12:29:12, on 2006–01–25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\G DATA\AVKMail\AVKPOP.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\AntiVirenKit\AVKService.exe
C:\Program Files\AntiVirenKit\AVKWCtl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ANNA\USTAWI~1\Temp\Rar$EX00.610\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wpisz własny tekst który ukaźe się na belce Internet Explorera
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O1 – Hosts: 23:00 2006–01–22#
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: SSVHelper Class – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar1.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar1.dll
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd2.exe
O4 – HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 – HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
O4 – HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 – HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe –onlytray
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [AVK Mail Checker] "C:\Program Files\Common Files\G DATA\AVKMail\AVKPOP.EXE"
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 – HKCU\..\Run: [AVKBar] "C:\Program Files\AntiVirenKit\AVKBar.exe"
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 – Extra context menu item: &Google Search – res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: Backward &Links – res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cac&hed Snapshot of Page – res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Si&milar Pages – res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate into English – res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O16 – DPF: {1A781DED–C22D–4153–3213–A3211E29DF13} (GameDesire Card Games) – http://67.15.101.3/g_bin/pl/cards_2_0_0_66.cab
O16 – DPF: {644E432F–49D3–41A1–8DD5–E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 – DPF: {6E32070A–766D–4EE6–879C–DC1FA91D2FC3} (MUWebControl Class) – http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135237774578
O16 – DPF: {EB387D2F–E27B–4D36–979E–847D1036C65D} (QDiagHUpdateObj Class) – http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O23 – Service: AVK Service (AVKService) – Unknown owner – C:\Program Files\AntiVirenKit\AVKService.exe
O23 – Service: Straźnik AVK (AVKWCtl) – Unknown owner – C:\Program Files\AntiVirenKit\AVKWCtl.exe
O23 – Service: Kodak Camera Connection Software (KodakCCS) – Eastman Kodak Company – C:\WINDOWS\system32\drivers\KodakCCS.exe
Odpowiedzi: 8
Chcę serdecznie podziękować za sprawdzenie loga.
I juź zaczynam się brać do uwuwania wpisu.
Jeszcze raz wielkie dzie dzięki!
Pozdrawiam Tomasz
I juź zaczynam się brać do uwuwania wpisu.
Jeszcze raz wielkie dzie dzięki!
Pozdrawiam Tomasz
Straszne spowolnienie komputera;]
szzzzz:
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar1.dll
w dodaj usun odinstaluj to
Start>>>panel sterowania>>>Dodaj usun..
Po co ma to odinstalować. Moźe on tego uźywa przecieź to nie jest syf.
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar1.dll
w dodaj usun odinstaluj to
Start>>>panel sterowania>>>Dodaj usun..
O1 – Hosts: 23:00 2006–01–22#
Usuń ten wpis poleceniem fixchecked w HijackThis.
Reszta jest ok
O1 – Hosts: 23:00 2006–01–22#
Usuń ten wpis poleceniem fixchecked w HijackThis.
Reszta jest ok
Witaj
O1 – Hosts: 23:00 2006–01–22# Te coś wywala mi G DATA
informuje mnie źe to jest uszkodzone przez robaka.
Silent Runners.vbs", revision 43, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non–default values, except where indicated by "{++}"
Startup items buried in registry:
–––––––––––––––––––––––––––––––––
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"AVKBar" = ""C:\Program Files\AntiVirenKit\AVKBar.exe"" ["1, 0, 0, 4"]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"HP Software Update" = "C:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd2.exe" ["Hewlett–Packard Co."]
"HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett–Packard Company"]
"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" ["HP"]
"DeviceDiscovery" = "C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe" ["Hewlett–Packard"]
"DataLayer" = "C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" ["Nokia Mobile Phones Ltd."]
"PCSuiteTrayApplication" = "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe –onlytray" ["Nokia"]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"AVK Mail Checker" = ""C:\Program Files\Common Files\G DATA\AVKMail\AVKPOP.EXE"" ["G DATA Software AG"]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F–C8D7–4D59–B87D–784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB–D6F0–462C–B6EB–D4DAF1D92D43}\(Default) = "SSVHelper Class" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58–01DD–4d91–8333–CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714–76d4–11d1–8b24–00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
–> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560–9AA2–1069–930E–00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{E0D79304–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{640167b4–59b0–47a6–b335–a6b3c0695aea}" = "Portable Media Devices"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a–b60a–48e6–996b–41d25ed39a1e}" = "Portable Media Devices Menu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{416651E4–9C3C–11D9–8BDE–F66BAD1E3F3A}" = "PhoneBrowser"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
"{FBFE7864–D495–41f0–B7DC–4BB601CC295E}" = "Contact View"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\ContactView.dll" ["Nokia"]
"{C0C4375A–5B72–4efe–929D–3B848C3A1E91}" = "Message View"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"]
"{21569614–B795–46b1–85F4–E737A8DC09AD}" = "Shell Search Band"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{B41DB860–8EE4–11D2–9906–E49FADC173CA}" = "WinRAR shell extension"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{00020D75–0000–0000–C000–000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045–0000–0000–C000–000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206–2D85–11D3–8CFF–005004838597}" = "Microsoft Office HTML Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{acb4a560–3606–11d3–aef4–00104bd0f92d}" = "KodakShellExtension"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Kodak\ifscore\KodakShX.dll" ["Eastman Kodak Company"]
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5–5146–11D5–A672–00B0D022E945}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVK9CM\(Default) = "{CAF4C320–32F5–11D3–A222–004095200FF2}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AntiVirenKit\ShellExt.dll" [empty string]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304–84BE–11CE–9641–444553540000}"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304–84BE–11CE–9641–444553540000}"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVK9CM\(Default) = "{CAF4C320–32F5–11D3–A222–004095200FF2}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AntiVirenKit\ShellExt.dll" [empty string]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304–84BE–11CE–9641–444553540000}"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
Active Desktop and Wallpaper:
–––––––––––––––––––––––––––––
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\ANNA\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
–––––––––––––––––––––
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]
Winsock2 Service Provider DLLs:
–––––––––––––––––––––––––––––––
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 – 03, 06 – 14
%SystemRoot%\system32\rsvpsp.dll [MS], 04 – 05
Toolbars, Explorer Bars, Extensions:
––––––––––––––––––––––––––––––––––––
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1–4965–11D4–9B18–009027A5CD4F}" = "&Google" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1–4965–11D4–9B18–009027A5CD4F}" = "&Google" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
HOSTS file
––––––––––
C:\WINDOWS\System32\drivers\etc\HOSTS
maps: 4314 domain names to IP addresses,
1 of the IP addresses is *not* localhost!
Running Services (Display Name, Service Name, Path {Service DLL}):
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
AVK Service, AVKService, "C:\Program Files\AntiVirenKit\AVKService.exe" [empty string]
Straźnik AVK, AVKWCtl, "C:\Program Files\AntiVirenKit\AVKWCtl.exe" [empty string]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
–––––––––––––––
HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt09\Driver = "hpzsnt09.dll" ["HP"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
––––––––––
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the –all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the –supp parameter or answer "No" at the first message box.
–––––––––– (total run time: 118 seconds, including 16 seconds for message boxes)
O1 – Hosts: 23:00 2006–01–22# Te coś wywala mi G DATA
informuje mnie źe to jest uszkodzone przez robaka.
Silent Runners.vbs", revision 43, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non–default values, except where indicated by "{++}"
Startup items buried in registry:
–––––––––––––––––––––––––––––––––
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"AVKBar" = ""C:\Program Files\AntiVirenKit\AVKBar.exe"" ["1, 0, 0, 4"]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"HP Software Update" = "C:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd2.exe" ["Hewlett–Packard Co."]
"HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett–Packard Company"]
"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" ["HP"]
"DeviceDiscovery" = "C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe" ["Hewlett–Packard"]
"DataLayer" = "C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" ["Nokia Mobile Phones Ltd."]
"PCSuiteTrayApplication" = "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe –onlytray" ["Nokia"]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"AVK Mail Checker" = ""C:\Program Files\Common Files\G DATA\AVKMail\AVKPOP.EXE"" ["G DATA Software AG"]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F–C8D7–4D59–B87D–784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB–D6F0–462C–B6EB–D4DAF1D92D43}\(Default) = "SSVHelper Class" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58–01DD–4d91–8333–CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714–76d4–11d1–8b24–00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
–> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560–9AA2–1069–930E–00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{E0D79304–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{640167b4–59b0–47a6–b335–a6b3c0695aea}" = "Portable Media Devices"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a–b60a–48e6–996b–41d25ed39a1e}" = "Portable Media Devices Menu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{416651E4–9C3C–11D9–8BDE–F66BAD1E3F3A}" = "PhoneBrowser"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
"{FBFE7864–D495–41f0–B7DC–4BB601CC295E}" = "Contact View"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\ContactView.dll" ["Nokia"]
"{C0C4375A–5B72–4efe–929D–3B848C3A1E91}" = "Message View"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"]
"{21569614–B795–46b1–85F4–E737A8DC09AD}" = "Shell Search Band"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{B41DB860–8EE4–11D2–9906–E49FADC173CA}" = "WinRAR shell extension"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{00020D75–0000–0000–C000–000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045–0000–0000–C000–000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206–2D85–11D3–8CFF–005004838597}" = "Microsoft Office HTML Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{acb4a560–3606–11d3–aef4–00104bd0f92d}" = "KodakShellExtension"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Kodak\ifscore\KodakShX.dll" ["Eastman Kodak Company"]
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5–5146–11D5–A672–00B0D022E945}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVK9CM\(Default) = "{CAF4C320–32F5–11D3–A222–004095200FF2}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AntiVirenKit\ShellExt.dll" [empty string]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304–84BE–11CE–9641–444553540000}"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304–84BE–11CE–9641–444553540000}"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVK9CM\(Default) = "{CAF4C320–32F5–11D3–A222–004095200FF2}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AntiVirenKit\ShellExt.dll" [empty string]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304–84BE–11CE–9641–444553540000}"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
Active Desktop and Wallpaper:
–––––––––––––––––––––––––––––
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\ANNA\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
–––––––––––––––––––––
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]
Winsock2 Service Provider DLLs:
–––––––––––––––––––––––––––––––
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 – 03, 06 – 14
%SystemRoot%\system32\rsvpsp.dll [MS], 04 – 05
Toolbars, Explorer Bars, Extensions:
––––––––––––––––––––––––––––––––––––
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1–4965–11D4–9B18–009027A5CD4F}" = "&Google" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1–4965–11D4–9B18–009027A5CD4F}" = "&Google" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
HOSTS file
––––––––––
C:\WINDOWS\System32\drivers\etc\HOSTS
maps: 4314 domain names to IP addresses,
1 of the IP addresses is *not* localhost!
Running Services (Display Name, Service Name, Path {Service DLL}):
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
AVK Service, AVKService, "C:\Program Files\AntiVirenKit\AVKService.exe" [empty string]
Straźnik AVK, AVKWCtl, "C:\Program Files\AntiVirenKit\AVKWCtl.exe" [empty string]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
–––––––––––––––
HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt09\Driver = "hpzsnt09.dll" ["HP"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
––––––––––
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the –all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the –supp parameter or answer "No" at the first message box.
–––––––––– (total run time: 118 seconds, including 16 seconds for message boxes)
Strona 1 / 1