CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo Znak zapytania na pasku

Znak zapytania na pasku

Witam. Mam duzy problem. Co chwile mi wyskakuje jakas ikonka ze znakiem zapytania na pasku start obok zegarka scren jest umieszczony na tej stronie pod tym linkiem: http://www.rogepost.com/n/9928747395 bo inaczej zapisac sie nie dalo. dolanczam loga. Logfile of HijackThis v1.99.1 Scan saved at 13:03, on 07-05-12 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe D:\POWER DVD \PDVDServ.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Common Files\VideoMate\ComproRemote.exe C:\Program Files\Common Files\VideoMate\ComproScheduler.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\REALTEK Semiconductor Corp\REALTEK RTL8185 Wireless LAN Driver and Utility\RtlWake.exe D:\Skaner\CalCheck.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Avant Browser\avant.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\RYSIEK\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1cza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program PDF\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [RemoteControl] "D:\POWER DVD \PDVDServ.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe" O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program PDF\Reader\reader_sl.exe O4 - Global Startup: ComproRemote.lnk = C:\Program Files\Common Files\VideoMate\ComproRemote.exe O4 - Global Startup: ComproScheduler.lnk = C:\Program Files\Common Files\VideoMate\ComproScheduler.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Ulead Photo Express Calendar Checker For My Custom Edition.lnk = D:\Skaner\CalCheck.exe O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:\Program Files\Avant Browser\AddAllToADBlackList.htm O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program Files\Avant Browser\AddToADBlackList.htm O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Otwórz w nowym Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... - C:\Program Files\Avant Browser\OpenAllLinks.htm O8 - Extra context menu item: Podświetl - C:\Program Files\Avant Browser\Highlight.htm O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Wyolij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyolij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1014809117906 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: CLKERN.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe Z GORY DZIEKUJE ZA POMOC.

Odpowiedzi: 9

Jasne... ikonka znikla :) teraz tylko skasowac zadanie musze i wszystko powinnno byc dobrze :P Tymczasem dzieki wielkie naprawde... BOSKI JESTES :)
djahmen
Dodano
13.05.2007 15:15:45
To zadanie do skasowania tylko zostało. clkern.dll - pomimo tego, że mam co do niego wątpliwosci to zostaw. Znikła ikonka z traya ??
Żółty
Dodano
13.05.2007 15:13:33
[b]LOG Z HIJACKTHIS[/b] Logfile of HijackThis v1.99.1 Scan saved at 13:03, on 07-05-13 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\CTHELPER.EXE D:\POWER DVD \PDVDServ.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\Common Files\VideoMate\ComproRemote.exe C:\Program Files\Common Files\VideoMate\ComproScheduler.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe D:\Skaner\CalCheck.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\RYSIEK\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1cza O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [RemoteControl] "D:\POWER DVD \PDVDServ.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program PDF\Reader\reader_sl.exe O4 - Global Startup: ComproRemote.lnk = C:\Program Files\Common Files\VideoMate\ComproRemote.exe O4 - Global Startup: ComproScheduler.lnk = C:\Program Files\Common Files\VideoMate\ComproScheduler.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Ulead Photo Express Calendar Checker For My Custom Edition.lnk = D:\Skaner\CalCheck.exe O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Wyolij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyolij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1014809117906 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: CLKERN.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [b] LOG Z Silent Runners[/b] "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "RocketDock" = ""C:\Program Files\RocketDock\RocketDock.exe"" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "WINDVDPatch" = "CTHELPER.EXE" ["Creative Technology Ltd"] "UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."] "Jet Detection" = ""C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"" [empty string] "CTStartup" = "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run" ["Creative Technology Ltd."] "RemoteControl" = ""D:\POWER DVD \PDVDServ.exe"" ["Cyberlink Corp."] "HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."] "AVG7_CC" = "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"" ["Sun Microsystems, Inc."] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "DAEMON Tools-1033" = ""C:\Program Files\D-Tools\daemon.exe" -lang 1033" ["DAEMON'S HOME"] "(Default)" = "(empty string)" [file not found] "Sony Ericsson PC Suite" = ""C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions" ["Sony Ericsson Mobile Communications AB"] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "GrooveMonitor" = ""C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"" [MS] "WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture" -> {HKLM...CLSID} = "BitComet Helper" \InProcServer32\(Default) = "C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll" ["BitComet"] {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided) -> {HKLM...CLSID} = "Groove GFS Browser Helper" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [MS] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete" -> {HKLM...CLSID} = "IE Microsoft AutoComplete" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" -> {HKLM...CLSID} = "History Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{E0F7D46B-01EC-4C2F-93F9-6E8C96C7266E}" = "ComproDTVMenu" -> {HKLM...CLSID} = "ComproDTVMenu" \InProcServer32\(Default) = "C:\WINDOWS\system32\CpDTVMen.dll" ["Compro Tech."] "{8BE13461-936F-11D1-A87D-444553540000}" = "Eraser Shell Extension" -> {HKLM...CLSID} = "Eraser Shell Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\erasext.dll" ["-"] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {HKLM...CLSID} = "AlcoholShellEx" \InProcServer32\(Default) = "C:\PROGRA~1\Alcohol\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"] "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."] "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension" -> {HKLM...CLSID} = "AVG7 Find Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."] "{A5110426-177D-4e08-AB3F-785F10B4439C}" = "Sony Ericsson File Manager" -> {HKLM...CLSID} = "Sony Ericsson File Manager" \InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll" ["Sony Ericsson Mobile Communications AB"] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "D:\K-Lite Codec Pack\Real\rpshell.dll" ["RealNetworks, Inc."] "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper" -> {HKLM...CLSID} = "Groove GFS Browser Helper" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [MS] "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar" -> {HKLM...CLSID} = "Groove Folder Synchronization" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [MS] "{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler" -> {HKLM...CLSID} = "Groove GFS Stub Icon Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [MS] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook" -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [MS] "{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [MS] "{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler" -> {HKLM...CLSID} = "Groove XML Icon Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [MS] "{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [MS] "{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [MS] "{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [MS] "{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [MS] "{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\OLKFSTUB.DLL" [MS] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\MLSHEXT.DLL" [MS] "{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" -> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\ONFILTER.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks<> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook" -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows<> "AppInit_DLLs" = "CLKERN.DLL" ["William Blum"] HKLM\Software\Classes\PROTOCOLS\Filter<> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "D:\Program PDF\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlersAVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."] Erasext\(Default) = "{8BE13461-936F-11D1-A87D-444553540000}" -> {HKLM...CLSID} = "Eraser Shell Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\erasext.dll" ["-"] PowerArchiver\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}" -> {HKLM...CLSID} = "PowerArchiver Shell Extensions" \InProcServer32\(Default) = "C:\Program Files\PowerArchiver\PASHLEXT.DLL" ["ConeXware, Inc."] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [MS] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlersXXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlersAVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."] Erasext\(Default) = "{8BE13461-936F-11D1-A87D-444553540000}" -> {HKLM...CLSID} = "Eraser Shell Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\erasext.dll" ["-"] PowerArchiver\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}" -> {HKLM...CLSID} = "PowerArchiver Shell Extensions" \InProcServer32\(Default) = "C:\Program Files\PowerArchiver\PASHLEXT.DLL" ["ConeXware, Inc."] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [MS] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlersXXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [MS] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop"Wallpaper" = "C:\Documents and Settings\RYSIEK\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS] Startup items in "RYSIEK" & "All Users" startup folders: -------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart "Adobe Reader Speed Launch" -> shortcut to: "D:\Program PDF\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "ComproRemote" -> shortcut to: "C:\Program Files\Common Files\VideoMate\ComproRemote.exe" ["Compro Technology, Inc."] "ComproScheduler" -> shortcut to: "C:\Program Files\Common Files\VideoMate\ComproScheduler.exe" ["Compro Technology, Inc."] "HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."] "Ulead Photo Express Calendar Checker For My Custom Edition" -> shortcut to: "D:\Skaner\CalCheck.exe" ["Ulead Systems, Inc."] Enabled Scheduled Tasks: ------------------------ "A655048F9196BF7F" -> launches: "c:\docume~1\rysiek\daneap~1\cakeco~1\Mp3 Does Bleh.exe" [file not found] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars HKLM\Software\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [MS] HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_01" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_01" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll" ["Sun Microsystems, Inc."] {2670000A-7350-4F3C-8081-5663EE0C6C49}"ButtonText" = "Wyślij do programu OneNote" "MenuText" = "Wyślij &do programu OneNote" "CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}" -> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll" [MS] {92780B25-18CC-41C8-B9BE-3C9C571A8263}"ButtonText" = "Research" {FB5F1910-F110-11D2-BB9E-00C04F795683}"ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): : ˙ţ[ V e r s i o n ] : S i g n a t u r e = " $ C H I C A G O $ " : A d v a n c e d I N F = 2 . 5 , " Y o u n e e d a n e w v e r s i o n o f a d v p a c k . d l l " : : [ R e s t o r e H o m e P a g e ] : A d d R e g = R e s t o r e H o m e P a g e . r e g : : [ R e s t o r e B r o w s e r S e t t i n g s ] : A d d R e g = R e s t o r e B r o w s e r S e t t i n g s . r e g : D e l R e g = D e l e t e T e m p l a t e s . r e g , D e l e t e A u t o s e a r c h . r e g : : [ R e s t o r e H o m e P a g e . r e g ] : H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " S t a r t P a g e " , 0 , % S T A R T _ P A G E _ U R L % : : [ R e s t o r e B r o w s e r S e t t i n g s . r e g ] : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " D e f a u l t _ P a g e _ U R L " , 0 , % S T A R T _ P A G E _ U R L % : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " D e f a u l t _ S e a r c h _ U R L " , 0 , % S E A R C H _ P A G E _ U R L % : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " S e a r c h P a g e " , 0 , % S E A R C H _ P A G E _ U R L % : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 1 " , 0 , " w w w . % s . c o m " : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 2 " , 0 , " w w w . % s . o r g " : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 3 " , 0 , " w w w . % s . n e t " : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 4 " , 0 , " w w w . % s . e d u " : H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " S e a r c h P a g e " , 0 , % S E A R C H _ P A G E _ U R L % : : ; N O T E ( a n d r e w g u ) i e 5 . 5 b # 1 0 8 2 5 9 - a u t o s e a r c h s e t t i n g s a r e n o t p r o p e r l y r e s e t : H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ S e a r c h U r l " , " P r o v i d e r " , 0 , " " : : t m " : t m " : H K L M , " S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ I n t e r n e t S e t t i n g s \ S a f e S i t e s " , % S A F E S I T E _ V A L U E % , 0 , " h t t p : / / i e . s e a r c h . m s n . c o m / * " : : [ D e l e t e T e m p l a t e s . r e g ] : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 5 " : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 6 " : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 7 " : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 8 " : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 9 " : : [ D e l e t e A u t o s e a r c h . r e g ] : ; N O T E ( a n d r e w g u ) i e 5 . 5 b # 1 0 8 2 5 9 - a u t o s e a r c h s e t t i n g s a r e n o t p r o p e r l y r e s e t : H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " A u t o S e a r c h " : : [ S t r i n g s ] : S T A R T _ P A G E _ U R L = " h t t p : / / w w w . m i c r o s o f t . c o m / i s a p i / r e d i r . d l l ? p r d = i e & p v e r = 6 & a r = m s n h o m e " : S E A R C H _ P A G E _ U R L = " h t t p : / / w w w . m i c r o s o f t . c o m / i s a p i / r e d i r . d l l ? p r d = i e & a r = i e s e a r c h " : S A F E S I T E _ V A L U E = " i e . s e a r c h . m s n . c o m " : : ; I M P O R T A N T N O T E : : ; I E b r a n d i n g d l l ( i e d k c s 3 2 . d l l ) u s e s t h e f o l l o w i n g e n t r i e s t o r e s t o r e t h e d e f a u l t M S v a l u e s . : ; I n t h e v a n i l l a v e r s i o n o f I E , t h e v a l u e s m u s t b e t h e s a m e a s t h e i r c o r r e s p o n d i n g n o n M S _ * v a l u e s . : ; F o r e x a m p l e , S T A R T _ P A G E _ U R L a n d M S _ S T A R T _ P A G E _ U R L m u s t h a v e t h e s a m e U R L i n t h e I E v e r s i o n r e l e a s e d b y M S . : M S _ S T A R T _ P A G E _ U R L = " h t t p : / / w w w . m i c r o s o f t . c o m / i s a p i / r e d i r . d l l ? p r d = i e & p v e r = 6 & a r = m s n h o m e " : Missing lines (compared with English-language version): [Version]: 2 lines [RestoreHomePage]: 1 line [RestoreHomePage.reg]: 1 line [RestoreBrowserSettings.reg]: 12 lines [DeleteTemplates.reg]: 5 lines [DeleteAutosearch.reg]: 1 line [Strings]: 1 line [RestoreBrowserSettings]: 2 lines [Strings]: 3 lines Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe" ["GRISOFT, s.r.o."] AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe" ["GRISOFT, s.r.o."] Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.exe" ["Creative Technology Ltd"] LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"] Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] StarWind iSCSI Service, StarWindService, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"] WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\system32\MsPMSPSv.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\MonitorsPCL Language Monitor\Driver = "hpz3l3xu.dll" ["Hewlett-Packard Company"] Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 78 seconds, including 6 seconds for message boxes)
djahmen
Dodano
13.05.2007 15:04:54
A reszta logów ?? A zadanie skasujesz z z menu start -> programy -> Akcesoria -> narzedzia systemowe -> Harmonogram zadań (czy jakoś tak)
Żółty
Dodano
13.05.2007 14:58:41
Ok skasowalo mi sie jak narazie wystawiam raport z tego co robilem i jak mozesz to sprawdz czy wszystko dobrze przeszlo SmitFraudFix v2.181 Scan done at 12:38:58,40, 2007-05-13 Run from C:\Documents and Settings\Administrator\Pulpit\SmitfraudFix OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{da3b49f6-8c54-4429-a275-21a86dcca413}"="admissibility" [HKEY_CLASSES_ROOT\CLSID\{da3b49f6-8c54-4429-a275-21a86dcca413}\InProcServer32] @="C:\WINDOWS\system32\xuoce.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{da3b49f6-8c54-4429-a275-21a86dcca413}\InProcServer32] @="C:\WINDOWS\system32\xuoce.dll" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 www.test.com 127.0.0.1 www.ads.x10.com 127.0.0.1 www.600pics.com 127.0.0.1 www.doberman.befree.com 127.0.0.1 www.enews.bfast.com 127.0.0.1 www.etoys.bfast.com 127.0.0.1 www.falcon.bfast.com 127.0.0.1 www.ftp.befree.com 127.0.0.1 www.ftp.bfast.com 127.0.0.1 www.geocities.bfast.com 127.0.0.1 www.goshoppingonline.bfast.com 127.0.0.1 www.great-dane.befree.com 127.0.0.1 www.great-dane.bfast.com 127.0.0.1 www.greyhound.bfast.com 127.0.0.1 www.help.bfast.com 127.0.0.1 www.husky.bfast.com 127.0.0.1 www.images.bfast.com 127.0.0.1 www.imp.bfast.com 127.0.0.1 www.njmgt1.bfast.com 127.0.0.1 www.njmgt2.bfast.com 127.0.0.1 www.njrep0.bfast.com 127.0.0.1 www.njrep1.bfast.com 127.0.0.1 www.njrep2.bfast.com 127.0.0.1 www.njtxn1.bfast.com 127.0.0.1 www.otterhound.bfast.com 127.0.0.1 www.preprod-geocities.bfast.com 127.0.0.1 www.preprod.bfast.com 127.0.0.1 www.qwest.bfast.com 127.0.0.1 www.reporting.net 127.0.0.1 www.ridgeback.befree.com 127.0.0.1 www.ridgeback.bfast.com 127.0.0.1 www.samoyed.bfast.com 127.0.0.1 www.scrappy.befree.com 127.0.0.1 www.service.bfast.com 127.0.0.1 www.travelocity.bfast.com 127.0.0.1 www.travsoft.bfast.com 127.0.0.1 www.verisign.bfast.com 127.0.0.1 www.vulture.bfast.com 127.0.0.1 www.whippet.bfast.com 127.0.0.1 www.wolfhound.bfast.com 127.0.0.1 www.befree.com 127.0.0.1 www.s0.bluestreak.com 127.0.0.1 www.s1.bluestreak.com 127.0.0.1 www.s2.bluestreak.com 127.0.0.1 www.s3.bluestreak.com 127.0.0.1 www.s4.bluestreak.com 127.0.0.1 www.s5.bluestreak.com 127.0.0.1 www.s6.bluestreak.com 127.0.0.1 www.s7.bluestreak.com 127.0.0.1 www.s8.bluestreak.com 127.0.0.1 www.abc.bnex.com 127.0.0.1 www.alpha.bnex.com 127.0.0.1 www.bnex.com 127.0.0.1 www.customer.bnex.com 127.0.0.1 www.db.bnex.com 127.0.0.1 www.dev.bnex.com 127.0.0.1 www.do.you.uh.yahoo.at.bnex.com 127.0.0.1 www.ghost.in.the.shell.at.bnex.com 127.0.0.1 www.granite.bnex.com 127.0.0.1 www.intarsia.bnex.com 127.0.0.1 www.intranet.bnex.com 127.0.0.1 www.jade.bnex.com 127.0.0.1 www.malachite.bnex.com 127.0.0.1 www.marble.bnex.com 127.0.0.1 www.megastore.bnex.com 127.0.0.1 www.mosaic.bnex.com 127.0.0.1 www.ns1.bnex.com 127.0.0.1 www.ns2.bnex.com 127.0.0.1 www.onyx.bnex.com 127.0.0.1 www.orion.bnex.com 127.0.0.1 www.pebble.bnex.com 127.0.0.1 www.preview.bnex.com 127.0.0.1 www.quartz.bnex.com 127.0.0.1 www.terrazzo.bnex.com 127.0.0.1 www.vpos.bnex.com 127.0.0.1 www.www.bnex.com 127.0.0.1 www.ads.bpath.com 127.0.0.1 www.ads01.bpath.com 127.0.0.1 www.ads03.bpath.com 127.0.0.1 www.ads04.bpath.com 127.0.0.1 www.ads05.bpath.com 127.0.0.1 www.ads06.bpath.com 127.0.0.1 www.ads07.bpath.com 127.0.0.1 www.ads08.bpath.com 127.0.0.1 www.ads09.bpath.com 127.0.0.1 www.ads1.bpath.com 127.0.0.1 www.ads10.bpath.com 127.0.0.1 www.ads11.bpath.com 127.0.0.1 www.ads12.bpath.com 127.0.0.1 www.ads13.bpath.com 127.0.0.1 www.ads14.bpath.com 127.0.0.1 www.ads15.bpath.com 127.0.0.1 www.ads16.bpath.com 127.0.0.1 www.ads17.bpath.com 127.0.0.1 www.ads18.bpath.com 127.0.0.1 www.ads19.bpath.com 127.0.0.1 www.ads2.bpath.com 127.0.0.1 www.ads20.bpath.com 127.0.0.1 www.ads21.bpath.com 127.0.0.1 www.ads22.bpath.com 127.0.0.1 www.ads23.bpath.com 127.0.0.1 www.ads24.bpath.com 127.0.0.1 www.ads25.bpath.com 127.0.0.1 www.ads26.bpath.com 127.0.0.1 www.ads27.bpath.com 127.0.0.1 www.ads28.bpath.com 127.0.0.1 www.ads29.bpath.com 127.0.0.1 www.ads3.bpath.com 127.0.0.1 www.ads32.bpath.com 127.0.0.1 www.ads33.bpath.com 127.0.0.1 www.ads34.bpath.com 127.0.0.1 www.ads35.bpath.com 127.0.0.1 www.ads36.bpath.com 127.0.0.1 www.ads37.bpath.com 127.0.0.1 www.ads38.bpath.com 127.0.0.1 www.ads39.bpath.com 127.0.0.1 www.ads40.bpath.com 127.0.0.1 www.ads41.bpath.com 127.0.0.1 www.ads42.bpath.com 127.0.0.1 www.ads43.bpath.com 127.0.0.1 www.ads44.bpath.com 127.0.0.1 www.ads45.bpath.com 127.0.0.1 www.ads46.bpath.com 127.0.0.1 www.ads47.bpath.com 127.0.0.1 www.ads48.bpath.com 127.0.0.1 www.ads49.bpath.com 127.0.0.1 www.ads50.bpath.com 127.0.0.1 www.ads51.bpath.com 127.0.0.1 www.ads52.bpath.com 127.0.0.1 www.bpath.com 127.0.0.1 www.www.bpath.com 127.0.0.1 www.acim.com 127.0.0.1 www.commission-junction.com 127.0.0.1 www.e250a.track4.com 127.0.0.1 www.fingerhut.track4.com 127.0.0.1 www.foxy.acim.com 127.0.0.1 www.foxy.track4.com 127.0.0.1 www.ftp.acim.com 127.0.0.1 www.ftp.track4.com 127.0.0.1 www.gate.acim.com 127.0.0.1 www.gifttree.track4.com 127.0.0.1 www.maximizer.acim.com 127.0.0.1 www.ns1.acim.com 127.0.0.1 www.ns2.acim.com 127.0.0.1 www.plum.acim.com 127.0.0.1 www.sz.track4.com 127.0.0.1 www.toten.acim.com 127.0.0.1 www.towerrecords.track4.com 127.0.0.1 www.track4.com 127.0.0.1 www.translucent.acim.com 127.0.0.1 www.www.acim.com 127.0.0.1 www1.track4.com 127.0.0.1 www2.track4.com 127.0.0.1 www3.track4.com 127.0.0.1 www.3Aad.doubleclick.net 127.0.0.1 www.aa.doubleclick.net 127.0.0.1 www.accord.netgravity.com 127.0.0.1 www.ad.au.doubleclick.net 127.0.0.1 www.ad.br.doubleclick.net 127.0.0.1 www.ad.ca.doubleclick.net 127.0.0.1 www.ad.contentzone.com 127.0.0.1 www.ad.de.doubleclick.net 127.0.0.1 www.ad.doubleclick.com 127.0.0.1 www.ad.es.doubleclick.net 127.0.0.1 www.ad.fi.doubleclick.net 127.0.0.1 www.ad.fr.doubleclick.net 127.0.0.1 www.ad.it.doubleclick.net 127.0.0.1 www.ad.jp.doubleclick.net 127.0.0.1 www.ad.my.doubleclick.net 127.0.0.1 www.ad.nl.doubleclick.net 127.0.0.1 www.ad.no.doubleclick.net 127.0.0.1 www.ad.pt.doubleclick.net 127.0.0.1 www.ad.se.doubleclick.net 127.0.0.1 www.ad.sg.doubleclick.net 127.0.0.1 www.ad.sq.doubleclick.net 127.0.0.1 www.ad.uk.doubleclick.net 127.0.0.1 www.ad.us.doubleclick.net 127.0.0.1 www.ad1.doubleclick.net 127.0.0.1 www.ad2.doubleclick.net 127.0.0.1 www.ad3.doubleclick.net 127.0.0.1 www.adcenter1.netgravity.com 127.0.0.1 www.ADS-SECONDARY.doubleclick.net 127.0.0.1 www.ads.double-click.com 127.0.0.1 www.bay-sw-10.netgravity.com 127.0.0.1 www.bbn-gw.NYC1.doubleclick.net 127.0.0.1 www.caelum.netgravity.com 127.0.0.1 www.de1.doubleclick.net 127.0.0.1 www.demo.netgravity.com 127.0.0.1 www.double-click.com 127.0.0.1 www.doubleclick.com 127.0.0.1 www.doubleclick.net 127.0.0.1 www.draco.netgravity.com 127.0.0.1 www.dyson.netgravity.com 127.0.0.1 www.ecommerce.netgravity.com 127.0.0.1 www.engpptp.netgravity.com 127.0.0.1 www.enterprise.netgravity.com 127.0.0.1 www.exnjadgda1.doubleclick.net 127.0.0.1 www.exnjadgda2.doubleclick.net 127.0.0.1 www.exnjadgds1.doubleclick.net 127.0.0.1 www.exnjmdgda1.doubleclick.net 127.0.0.1 www.exnjmdgds1.doubleclick.net 127.0.0.1 www.exodus-gw.EWR1.doubleclick.net 127.0.0.1 www.fr1.doubleclick.net 127.0.0.1 www.ftp.netgravity.com 127.0.0.1 www.gatekeeper.netgravity.com 127.0.0.1 www.gd20.doubleclick.net 127.0.0.1 www.gd25.doubleclick.net 127.0.0.1 www.gd28.doubleclick.net 127.0.0.1 www.gd4.doubleclick.net 127.0.0.1 www.gravitychannel.netgravity.com 127.0.0.1 www.gravityhome.netgravity.com 127.0.0.1 www.home.netgravity.com 127.0.0.1 www.In.doubleclick.net 127.0.0.1 www.joinchannel.netgravity.com 127.0.0.1 www.jp.doubleclick.net 127.0.0.1 www.listserver.netgravity.com 127.0.0.1 www.ln.doubleclick.net 127.0.0.1 www.lon-router.netgravity.com 127.0.0.1 www.london.netgravity.com 127.0.0.1 www.lucian.netgravity.com 127.0.0.1 www.m.doubleclick.com 127.0.0.1 www.m.doubleclick.net 127.0.0.1 www.m2.doubleclick.net 127.0.0.1 www.MAILEXODUS.doubleclick.net 127.0.0.1 www.mdist.doubleclick.net 127.0.0.1 www.mplex-dfa.doubleclick.net 127.0.0.1 www.myhome.netgravity.com 127.0.0.1 www.nda.netgravity.com 127.0.0.1 www.netgravity.com 127.0.0.1 www.network-199-95-207-10.doubleclick.net 127.0.0.1 www.network-199-95-207-138.doubleclick.net 127.0.0.1 www.network-199-95-207-148.doubleclick.net 127.0.0.1 www.network-199-95-207-2.doubleclick.net 127.0.0.1 www.network-199-95-207-3.doubleclick.net 127.0.0.1 www.network-199-95-207-4.doubleclick.net 127.0.0.1 www.network-199-95-207-5.doubleclick.net 127.0.0.1 www.network-199-95-207-6.doubleclick.net 127.0.0.1 www.network-199-95-207-7.doubleclick.net 127.0.0.1 www.network-199-95-207-8.doubleclick.net 127.0.0.1 www.network-199-95-207-9.doubleclick.net 127.0.0.1 www.network-199-95-208-10.doubleclick.net 127.0.0.1 www.network-199-95-208-2.doubleclick.net 127.0.0.1 www.network-199-95-208-3.doubleclick.net 127.0.0.1 www.network-199-95-208-4.doubleclick.net 127.0.0.1 www.network-199-95-208-5.doubleclick.net 127.0.0.1 www.network-199-95-208-6.doubleclick.net 127.0.0.1 www.network-199-95-208-7.doubleclick.net 127.0.0.1 www.network-199-95-208-8.doubleclick.net 127.0.0.1 www.network-209-67-38-10.doubleclick.net 127.0.0.1 www.network-209-67-38-2.doubleclick.net 127.0.0.1 www.network-209-67-38-3.doubleclick.net 127.0.0.1 www.network-209-67-38-4.doubleclick.net 127.0.0.1 www.network-209-67-38-5.doubleclick.net 127.0.0.1 www.network-209-67-38-6.doubleclick.net 127.0.0.1 www.network-209-67-38-7.doubleclick.net 127.0.0.1 www.network-209-67-38-8.doubleclick.net 127.0.0.1 www.network-209-67-38-9.doubleclick.net 127.0.0.1 www.news.netgravity.com 127.0.0.1 www.ng-webserver.netgravity.com 127.0.0.1 www.nl.doubleclick.net 127.0.0.1 www.no.doubleclick.net 127.0.0.1 www.ns.doubleclick.net 127.0.0.1 www.ns1.doubleclick.net 127.0.0.1 www.ns2.doubleclick.net 127.0.0.1 www.ny-router.netgravity.com 127.0.0.1 www.ny.netgravity.com 127.0.0.1 www.phase2media.doubleclick.net 127.0.0.1 www.pptp-server.netgravity.com 127.0.0.1 www.pptp.netgravity.com 127.0.0.1 www.proxy.netgravity.com 127.0.0.1 www.rdbox.doubleclick.net 127.0.0.1 www.resolver.doubleclick.net 127.0.0.1 www.sanders.netgravity.com 127.0.0.1 www.se.doubleclick.net 127.0.0.1 www.se1.doubleclick.net 127.0.0.1 www.SITEPAGES.doubleclick.net 127.0.0.1 www.smhq-fe1-0.netgravity.com 127.0.0.1 www.sold.netgravity.com 127.0.0.1 www.suitespot.netgravity.com 127.0.0.1 www.support.netgravity.com 127.0.0.1 www.uk.doubleclick.net 127.0.0.1 www.uk1.doubleclick.net 127.0.0.1 www.us.doubleclick.net 127.0.0.1 www.uunet-gw.NYC1.doubleclick.net 127.0.0.1 www.uunyadgda1.doubleclick.net 127.0.0.1 www.uunyadgds1.doubleclick.net 127.0.0.1 www3.netgravity.com 127.0.0.1 www4.netgravity.com 127.0.0.1 www.zac.netgravity.com 127.0.0.1 www.ads1.speedbit.com 127.0.0.1 www.ads2.speedbit.com 127.0.0.1 www.ads3.speedbit.com 127.0.0.1 www3.speedbit.com 127.0.0.1 www.speedbit.com 127.0.0.1 www.54.conducent.com 127.0.0.1 www.addbtest.conducent.com 127.0.0.1 www.addbtest.timesink.com 127.0.0.1 www.addltest.conducent.com 127.0.0.1 www.addltest.timesink.com 127.0.0.1 www.addltestmaster.conducent.com 127.0.0.1 www.adqa.conducent.com 127.0.0.1 www.contentalpha.conducent.com 127.0.0.1 www.contentqa.conducent.com 127.0.0.1 www.contents.conducent.com 127.0.0.1 www.contents1.conducent.com 127.0.0.1 www.contenttest.conducent.com 127.0.0.1 www.digisle.conducent.com 127.0.0.1 www.DNS1.CONDUCENT.COM 127.0.0.1 www.download.timesink.com 127.0.0.1 www.eroom.conducent.com 127.0.0.1 www.firewall.conducent.com 127.0.0.1 www.firewall.timesink.com 127.0.0.1 www.ftp.conducent.com 127.0.0.1 www.hermes.conducent.com 127.0.0.1 www.ip134.conducent.com 127.0.0.1 www.ip134.timesink.com 127.0.0.1 www.Jerry.conducent.com 127.0.0.1 www.mail.conducent.com 127.0.0.1 www.mail.timesink.com 127.0.0.1 www.nandbob.conducent.com 127.0.0.1 www.nid.conducent.com 127.0.0.1 www.nid.timesink.com 127.0.0.1 www.nidinternal.conducent.com 127.0.0.1 www.nidinternal.timesink.com 127.0.0.1 www.nidinternaltest.conducent.com 127.0.0.1 www.nidtest.conducent.com 127.0.0.1 www.nidtest.timesink.com 127.0.0.1 www.nt2.conducent.com 127.0.0.1 www.pop3.conducent.com 127.0.0.1 www.pop3.timesink.com 127.0.0.1 www.proxytest.conducent.com 127.0.0.1 www.pushv5.conducent.com 127.0.0.1 www.redirectqa.conducent.com 127.0.0.1 www.redirects.conducent.com 127.0.0.1 www.redirects.timesink.com 127.0.0.1 www.redirecttest.conducent.com 127.0.0.1 www.smtp.conducent.com 127.0.0.1 www.smtp.timesink.com 127.0.0.1 www.softwares.conducent.com 127.0.0.1 www.softwares.timesink.com 127.0.0.1 www.sterlinga.conducent.com 127.0.0.1 www.sterlingf.conducent.com 127.0.0.1 www.updates2.conducent.com 127.0.0.1 www.updatetest.conducent.com 127.0.0.1 www.warsport.timesink.com 127.0.0.1 www.conducent.com 127.0.0.1 www.test.conducent.com 127.0.0.1 www.test.timesink.com 127.0.0.1 www.zeus.conducent.com 127.0.0.1 www.zeus.timesink.com 127.0.0.1 www.bob.web3000.com 127.0.0.1 www.tasha.web3000.com 127.0.0.1 www1.web3000.com 127.0.0.1 www7.web3000.com 127.0.0.1 www.abbott.radiate.com 127.0.0.1 www.ad2-1.aureate.com 127.0.0.1 www.ad2-2.aureate.com 127.0.0.1 www.ad2-3.aureate.com 127.0.0.1 www.ad2-4.aureate.com 127.0.0.1 www.adam.radiate.com 127.0.0.1 www.adserv2-301-sjc2.radiate.com 127.0.0.1 www.adserv3-408-sjc2.radiate.com 127.0.0.1 www.adsoftware.com 127.0.0.1 www.aim.adsoftware.com 127.0.0.1 www.aim.aureate.com 127.0.0.1 www.aim1.adsoftware.com 127.0.0.1 www.aim1.aureate.com 127.0.0.1 www.aim2.adsoftware.com 127.0.0.1 www.aim2.aureate.com 127.0.0.1 www.aim3.adsoftware.com 127.0.0.1 www.aim3.aureate.com 127.0.0.1 www.aim4.adsoftware.com 127.0.0.1 www.aim4.aureate.com 127.0.0.1 www.aim5.adsoftware.com 127.0.0.1 www.aim5.aureate.com 127.0.0.1 www.aim6.adsoftware.com 127.0.0.1 www.alexander.aureate.com 127.0.0.1 www.ans-test.adsoftware.com 127.0.0.1 www.ans1.adsoftware.com 127.0.0.1 www.ans10.adsoftware.com 127.0.0.1 www.ans2.adsoftware.com 127.0.0.1 www.ans3.adsoftware.com 127.0.0.1 www.apc-pdu-1.aureate.com 127.0.0.1 www.apc-pdu-2.aureate.com 127.0.0.1 www.aristotle.aureate.com 127.0.0.1 www.ask-a-chick.com 127.0.0.1 www.aureate-colo-hp2424m.aureate.com 127.0.0.1 www.aureate-main-2611.aureate.com 127.0.0.1 www.aureate.com 127.0.0.1 www.aureatemedia.com 127.0.0.1 www.bach.aureate.com 127.0.0.1 www.bc-208-184-172-192.radiate.com 127.0.0.1 www.bigmama.radiate.com 127.0.0.1 www.binarybliss.com 127.0.0.1 www.bonnie2.radiate.com 127.0.0.1 www.brinks.radiate.com 127.0.0.1 www.brutus.radiate.com 127.0.0.1 www.caesar.aureate.com 127.0.0.1 www.confucius.aureate.com 127.0.0.1 www.constantine.aureate.com 127.0.0.1 www.cook.aureate.com 127.0.0.1 www.copernicus.aureate.com 127.0.0.1 www.corona.radiate.com 127.0.0.1 www.costello.radiate.com 127.0.0.1 www.curly.aureate.com 127.0.0.1 www.cyrus.aureate.com 127.0.0.1 www.deadmanwalking.radiate.com 127.0.0.1 www.dell.radiate.com 127.0.0.1 www.dillinger.aureate.com 127.0.0.1 www.dolphinsfootball.com 127.0.0.1 www.dosequis.radiate.com 127.0.0.1 www.download.binarybliss.com 127.0.0.1 www.foreigner.radiate.com 127.0.0.1 www.freud.aureate.com 127.0.0.1 www.ftp.gozilla.com 127.0.0.1 www.gameboy.aureate.com 127.0.0.1 www.gd1.radiate.com 127.0.0.1 www.gizmo.net 127.0.0.1 www.godzilla.radiate.com 127.0.0.1 www.gozilla.com 127.0.0.1 www.group-mail.com 127.0.0.1 www.gzs-6509.radiate.com 127.0.0.1 www.gzs-7206.radiate.com 127.0.0.1 www.gzs-ld.radiate.com 127.0.0.1 www.h-208-184-172-10.radiate.com 127.0.0.1 www.h-208-184-172-100.radiate.com 127.0.0.1 www.a-d-w-a-r-e.com 127.0.0.1 ad-w-a-r-e.com 127.0.0.1 ads.x10.com 127.0.0.1 600pics.com 127.0.0.1 doberman.befree.com 127.0.0.1 enews.bfast.com 127.0.0.1 etoys.bfast.com 127.0.0.1 falcon.bfast.com 127.0.0.1 ftp.befree.com 127.0.0.1 ftp.bfast.com 127.0.0.1 geocities.bfast.com 127.0.0.1 goshoppingonline.bfast.com 127.0.0.1 great-dane.befree.com 127.0.0.1 great-dane.bfast.com 127.0.0.1 greyhound.bfast.com 127.0.0.1 help.bfast.com 127.0.0.1 husky.bfast.com 127.0.0.1 images.bfast.com 127.0.0.1 imp.bfast.com 127.0.0.1 njmgt1.bfast.com 127.0.0.1 njmgt2.bfast.com 127.0.0.1 njrep0.bfast.com 127.0.0.1 njrep2.bfast.com 127.0.0.1 njrep1.bfast.com 127.0.0.1 njtxn1.bfast.com 127.0.0.1 otterhound.bfast.com 127.0.0.1 preprod-geocities.bfast.com 127.0.0.1 preprod.bfast.com 127.0.0.1 qwest.bfast.com 127.0.0.1 reporting.net 127.0.0.1 ridgeback.befree.com 127.0.0.1 ridgeback.bfast.com 127.0.0.1 samoyed.bfast.com 127.0.0.1 scrappy.befree.com 127.0.0.1 service.bfast.com 127.0.0.1 travelocity.bfast.com 127.0.0.1 travsoft.bfast.com 127.0.0.1 verisign.bfast.com 127.0.0.1 vulture.bfast.com 127.0.0.1 whippet.bfast.com 127.0.0.1 wolfhound.bfast.com 127.0.0.1 befree.com 127.0.0.1 s0.bluestreak.com 127.0.0.1 s1.bluestreak.com 127.0.0.1 s2.bluestreak.com 127.0.0.1 s3.bluestreak.com 127.0.0.1 s4.bluestreak.com 127.0.0.1 s5.bluestreak.com 127.0.0.1 s6.bluestreak.com 127.0.0.1 s7.bluestreak.com 127.0.0.1 s8.bluestreak.com 127.0.0.1 abc.bnex.com 127.0.0.1 alpha.bnex.com 127.0.0.1 bnex.com 127.0.0.1 customer.bnex.com 127.0.0.1 db.bnex.com 127.0.0.1 dev.bnex.com 127.0.0.1 do.you.uh.yahoo.at.bnex.com 127.0.0.1 ghost.in.the.shell.at.bnex.com 127.0.0.1 granite.bnex.com 127.0.0.1 intarsia.bnex.com 127.0.0.1 intranet.bnex.com 127.0.0.1 jade.bnex.com 127.0.0.1 malachite.bnex.com 127.0.0.1 marble.bnex.com 127.0.0.1 megastore.bnex.com 127.0.0.1 mosaic.bnex.com 127.0.0.1 ns1.bnex.com 127.0.0.1 ns2.bnex.com 127.0.0.1 onyx.bnex.com 127.0.0.1 orion.bnex.com 127.0.0.1 pebble.bnex.com 127.0.0.1 preview.bnex.com 127.0.0.1 quartz.bnex.com 127.0.0.1 terrazzo.bnex.com 127.0.0.1 vpos.bnex.com 127.0.0.1 ads.bpath.com 127.0.0.1 ads01.bpath.com 127.0.0.1 ads03.bpath.com 127.0.0.1 ads04.bpath.com 127.0.0.1 ads05.bpath.com 127.0.0.1 ads06.bpath.com 127.0.0.1 ads07.bpath.com 127.0.0.1 ads08.bpath.com 127.0.0.1 ads09.bpath.com 127.0.0.1 ads1.bpath.com 127.0.0.1 ads10.bpath.com 127.0.0.1 ads11.bpath.com 127.0.0.1 ads12.bpath.com 127.0.0.1 ads13.bpath.com 127.0.0.1 ads14.bpath.com 127.0.0.1 ads15.bpath.com 127.0.0.1 ads16.bpath.com 127.0.0.1 ads17.bpath.com 127.0.0.1 ads18.bpath.com 127.0.0.1 ads19.bpath.com 127.0.0.1 ads2.bpath.com 127.0.0.1 ads20.bpath.com 127.0.0.1 ads21.bpath.com 127.0.0.1 ads22.bpath.com 127.0.0.1 ads23.bpath.com 127.0.0.1 ads24.bpath.com 127.0.0.1 ads25.bpath.com 127.0.0.1 ads26.bpath.com 127.0.0.1 ads27.bpath.com 127.0.0.1 ads28.bpath.com 127.0.0.1 ads29.bpath.com 127.0.0.1 ads3.bpath.com 127.0.0.1 ads32.bpath.com 127.0.0.1 ads33.bpath.com 127.0.0.1 ads34.bpath.com 127.0.0.1 ads35.bpath.com 127.0.0.1 ads36.bpath.com 127.0.0.1 ads37.bpath.com 127.0.0.1 ads38.bpath.com 127.0.0.1 ads39.bpath.com 127.0.0.1 ads40.bpath.com 127.0.0.1 ads41.bpath.com 127.0.0.1 ads42.bpath.com 127.0.0.1 ads43.bpath.com 127.0.0.1 ads44.bpath.com 127.0.0.1 ads45.bpath.com 127.0.0.1 ads46.bpath.com 127.0.0.1 ads47.bpath.com 127.0.0.1 ads48.bpath.com 127.0.0.1 ads49.bpath.com 127.0.0.1 ads50.bpath.com 127.0.0.1 ads51.bpath.com 127.0.0.1 ads52.bpath.com 127.0.0.1 bpath.com 127.0.0.1 acim.com 127.0.0.1 commission-junction.com 127.0.0.1 e250a.track4.com 127.0.0.1 fingerhut.track4.com 127.0.0.1 foxy.acim.com 127.0.0.1 foxy.track4.com 127.0.0.1 ftp.acim.com 127.0.0.1 ftp.track4.com 127.0.0.1 gate.acim.com 127.0.0.1 gifttree.track4.com 127.0.0.1 maximizer.acim.com 127.0.0.1 ns1.acim.com 127.0.0.1 ns2.acim.com 127.0.0.1 plum.acim.com 127.0.0.1 sz.track4.com 127.0.0.1 toten.acim.com 127.0.0.1 towerrecords.track4.com 127.0.0.1 track4.com 127.0.0.1 translucent.acim.com 127.0.0.1 1.track4.com 127.0.0.1 2.track4.com 127.0.0.1 3.track4.com 127.0.0.1 3Aad.doubleclick.net 127.0.0.1 aa.doubleclick.net 127.0.0.1 accord.netgravity.com 127.0.0.1 ad.au.doubleclick.net 127.0.0.1 ad.br.doubleclick.net 127.0.0.1 ad.ca.doubleclick.net 127.0.0.1 ad.contentzone.com 127.0.0.1 ad.de.doubleclick.net 127.0.0.1 ad.doubleclick.com 127.0.0.1 ad.es.doubleclick.net 127.0.0.1 ad.fi.doubleclick.net 127.0.0.1 ad.fr.doubleclick.net 127.0.0.1 ad.it.doubleclick.net 127.0.0.1 ad.jp.doubleclick.net 127.0.0.1 ad.my.doubleclick.net 127.0.0.1 ad.nl.doubleclick.net 127.0.0.1 ad.no.doubleclick.net 127.0.0.1 ad.pt.doubleclick.net 127.0.0.1 ad.se.doubleclick.net 127.0.0.1 ad.sg.doubleclick.net 127.0.0.1 ad.sq.doubleclick.net 127.0.0.1 ad.uk.doubleclick.net 127.0.0.1 ad.us.doubleclick.net 127.0.0.1 ad1.doubleclick.net 127.0.0.1 ad2.doubleclick.net 127.0.0.1 ad3.doubleclick.net 127.0.0.1 adcenter1.netgravity.com 127.0.0.1 ADS-SECONDARY.doubleclick.net 127.0.0.1 ads.double-click.com 127.0.0.1 bay-sw-10.netgravity.com 127.0.0.1 bbn-gw.NYC1.doubleclick.net 127.0.0.1 caelum.netgravity.com 127.0.0.1 de1.doubleclick.net 127.0.0.1 demo.netgravity.com 127.0.0.1 double-click.com 127.0.0.1 doubleclick.com 127.0.0.1 doubleclick.net 127.0.0.1 draco.netgravity.com 127.0.0.1 dyson.netgravity.com 127.0.0.1 ecommerce.netgravity.com 127.0.0.1 engpptp.netgravity.com 127.0.0.1 enterprise.netgravity.com 127.0.0.1 exnjadgda1.doubleclick.net 127.0.0.1 exnjadgda2.doubleclick.net 127.0.0.1 exnjadgds1.doubleclick.net 127.0.0.1 exnjmdgda1.doubleclick.net 127.0.0.1 exnjmdgds1.doubleclick.net 127.0.0.1 exodus-gw.EWR1.doubleclick.net 127.0.0.1 fr1.doubleclick.net 127.0.0.1 ftp.netgravity.com 127.0.0.1 gatekeeper.netgravity.com 127.0.0.1 gd20.doubleclick.net 127.0.0.1 gd25.doubleclick.net 127.0.0.1 gd28.doubleclick.net 127.0.0.1 gd4.doubleclick.net 127.0.0.1 gravitychannel.netgravity.com 127.0.0.1 gravityhome.netgravity.com 127.0.0.1 home.netgravity.com 127.0.0.1 In.doubleclick.net 127.0.0.1 joinchannel.netgravity.com 127.0.0.1 jp.doubleclick.net 127.0.0.1 listserver.netgravity.com 127.0.0.1 ln.doubleclick.net 127.0.0.1 lon-router.netgravity.com 127.0.0.1 london.netgravity.com 127.0.0.1 lucian.netgravity.com 127.0.0.1 m.doubleclick.com 127.0.0.1 m.doubleclick.net 127.0.0.1 m2.doubleclick.net 127.0.0.1 MAILEXODUS.doubleclick.net 127.0.0.1 mdist.doubleclick.net 127.0.0.1 mplex-dfa.doubleclick.net 127.0.0.1 myhome.netgravity.com 127.0.0.1 nda.netgravity.com 127.0.0.1 netgravity.com 127.0.0.1 network-199-95-207-10.doubleclick.net 127.0.0.1 network-199-95-207-138.doubleclick.net 127.0.0.1 network-199-95-207-148.doubleclick.net 127.0.0.1 network-199-95-207-2.doubleclick.net 127.0.0.1 network-199-95-207-3.doubleclick.net 127.0.0.1 network-199-95-207-4.doubleclick.net 127.0.0.1 network-199-95-207-5.doubleclick.net 127.0.0.1 network-199-95-207-6.doubleclick.net 127.0.0.1 network-199-95-207-7.doubleclick.net 127.0.0.1 network-199-95-207-8.doubleclick.net 127.0.0.1 network-199-95-207-9.doubleclick.net 127.0.0.1 network-199-95-208-10.doubleclick.net 127.0.0.1 network-199-95-208-2.doubleclick.net 127.0.0.1 network-199-95-208-3.doubleclick.net 127.0.0.1 network-199-95-208-4.doubleclick.net 127.0.0.1 network-199-95-208-5.doubleclick.net 127.0.0.1 network-199-95-208-6.doubleclick.net 127.0.0.1 network-199-95-208-7.doubleclick.net 127.0.0.1 network-199-95-208-8.doubleclick.net 127.0.0.1 network-209-67-38-10.doubleclick.net 127.0.0.1 network-209-67-38-2.doubleclick.net 127.0.0.1 network-209-67-38-3.doubleclick.net 127.0.0.1 network-209-67-38-4.doubleclick.net 127.0.0.1 network-209-67-38-5.doubleclick.net 127.0.0.1 network-209-67-38-6.doubleclick.net 127.0.0.1 network-209-67-38-7.doubleclick.net 127.0.0.1 network-209-67-38-8.doubleclick.net 127.0.0.1 network-209-67-38-9.doubleclick.net 127.0.0.1 news.netgravity.com 127.0.0.1 ng-webserver.netgravity.com 127.0.0.1 nl.doubleclick.net 127.0.0.1 no.doubleclick.net 127.0.0.1 ns.doubleclick.net 127.0.0.1 ns1.doubleclick.net 127.0.0.1 ns2.doubleclick.net 127.0.0.1 ny-router.netgravity.com 127.0.0.1 ny.netgravity.com 127.0.0.1 phase2media.doubleclick.net 127.0.0.1 pptp-server.netgravity.com 127.0.0.1 pptp.netgravity.com 127.0.0.1 proxy.netgravity.com 127.0.0.1 rdbox.doubleclick.net 127.0.0.1 resolver.doubleclick.net 127.0.0.1 sanders.netgravity.com 127.0.0.1 se.doubleclick.net 127.0.0.1 se1.doubleclick.net 127.0.0.1 SITEPAGES.doubleclick.net 127.0.0.1 smhq-fe1-0.netgravity.com 127.0.0.1 sold.netgravity.com 127.0.0.1 suitespot.netgravity.com 127.0.0.1 support.netgravity.com 127.0.0.1 uk.doubleclick.net 127.0.0.1 uk1.doubleclick.net 127.0.0.1 us.doubleclick.net 127.0.0.1 uunet-gw.NYC1.doubleclick.net 127.0.0.1 uunyadgda1.doubleclick.net 127.0.0.1 uunyadgds1.doubleclick.net 127.0.0.1 3.netgravity.com 127.0.0.1 4.netgravity.com 127.0.0.1 zac.netgravity.com 127.0.0.1 ads1.speedbit.com 127.0.0.1 ads2.speedbit.com 127.0.0.1 ads3.speedbit.com 127.0.0.1 speedbit.com 127.0.0.1 54.conducent.com 127.0.0.1 addbtest.conducent.com 127.0.0.1 addbtest.timesink.com 127.0.0.1 addltest.conducent.com 127.0.0.1 addltest.timesink.com 127.0.0.1 adqa.conducent.com 127.0.0.1 contentalpha.conducent.com 127.0.0.1 contentqa.conducent.com 127.0.0.1 contents.conducent.com 127.0.0.1 contents1.conducent.com 127.0.0.1 contenttest.conducent.com 127.0.0.1 digisle.conducent.com 127.0.0.1 DNS1.CONDUCENT.COM 127.0.0.1 download.timesink.com 127.0.0.1 eroom.conducent.com 127.0.0.1 firewall.conducent.com 127.0.0.1 firewall.timesink.com 127.0.0.1 ftp.conducent.com 127.0.0.1 hermes.conducent.com 127.0.0.1 ip134.conducent.com 127.0.0.1 ip134.timesink.com 127.0.0.1 Jerry.conducent.com 127.0.0.1 mail.conducent.com 127.0.0.1 mail.timesink.com 127.0.0.1 nandbob.conducent.com 127.0.0.1 nid.conducent.com 127.0.0.1 nid.timesink.com 127.0.0.1 nidinternal.conducent.com 127.0.0.1 nidinternal.timesink.com 127.0.0.1 nidinternaltest.conducent.com 127.0.0.1 nidtest.conducent.com 127.0.0.1 nidtest.timesink.com 127.0.0.1 nt2.conducent.com 127.0.0.1 pop3.conducent.com 127.0.0.1 pop3.timesink.com 127.0.0.1 proxytest.conducent.com 127.0.0.1 pushv5.conducent.com 127.0.0.1 redirectqa.conducent.com 127.0.0.1 redirects.conducent.com 127.0.0.1 redirects.timesink.com 127.0.0.1 redirecttest.conducent.com 127.0.0.1 smtp.conducent.com 127.0.0.1 smtp.timesink.com 127.0.0.1 softwares.conducent.com 127.0.0.1 softwares.timesink.com 127.0.0.1 sterlinga.conducent.com 127.0.0.1 sterlingf.conducent.com 127.0.0.1 updates2.conducent.com 127.0.0.1 updatetest.conducent.com 127.0.0.1 warsport.timesink.com 127.0.0.1 conducent.com 127.0.0.1 test.conducent.com 127.0.0.1 test.timesink.com 127.0.0.1 zeus.conducent.com 127.0.0.1 zeus.timesink.com 127.0.0.1 bob.web3000.com 127.0.0.1 tasha.web3000.com 127.0.0.1 web3000.com 127.0.0.1 7.web3000.com 127.0.0.1 abbott.radiate.com 127.0.0.1 ad2-1.aureate.com 127.0.0.1 ad2-2.aureate.com 127.0.0.1 ad2-3.aureate.com 127.0.0.1 ad2-4.aureate.com 127.0.0.1 adam.radiate.com 127.0.0.1 adserv2-301-sjc2.radiate.com 127.0.0.1 adserv3-408-sjc2.radiate.com 127.0.0.1 adsoftware.com 127.0.0.1 aim.adsoftware.com 127.0.0.1 aim.aureate.com 127.0.0.1 aim1.adsoftware.com 127.0.0.1 aim1.aureate.com 127.0.0.1 aim2.adsoftware.com 127.0.0.1 aim2.aureate.com 127.0.0.1 aim3.adsoftware.com 127.0.0.1 aim3.aureate.com 127.0.0.1 aim4.adsoftware.com 127.0.0.1 aim4.aureate.com 127.0.0.1 aim5.adsoftware.com 127.0.0.1 aim5.aureate.com 127.0.0.1 aim6.adsoftware.com 127.0.0.1 alexander.aureate.com 127.0.0.1 ans-test.adsoftware.com 127.0.0.1 ans1.adsoftware.com 127.0.0.1 ans10.adsoftware.com 127.0.0.1 ans2.adsoftware.com 127.0.0.1 ans3.adsoftware.com 127.0.0.1 apc-pdu-1.aureate.com 127.0.0.1 apc-pdu-2.aureate.com 127.0.0.1 aristotle.aureate.com 127.0.0.1 ask-a-chick.com 127.0.0.1 aureate-colo-hp2424m.aureate.com 127.0.0.1 aureate-main-2611.aureate.com 127.0.0.1 aureate.com 127.0.0.1 aureatemedia.com 127.0.0.1 bach.aureate.com 127.0.0.1 bc-208-184-172-192.radiate.com 127.0.0.1 bigmama.radiate.com 127.0.0.1 binarybliss.com 127.0.0.1 bonnie2.radiate.com 127.0.0.1 brinks.radiate.com 127.0.0.1 brutus.radiate.com 127.0.0.1 caesar.aureate.com 127.0.0.1 confucius.aureate.com 127.0.0.1 constantine.aureate.com 127.0.0.1 cook.aureate.com 127.0.0.1 copernicus.aureate.com 127.0.0.1 corona.radiate.com 127.0.0.1 costello.radiate.com 127.0.0.1 curly.aureate.com 127.0.0.1 cyrus.aureate.com 127.0.0.1 deadmanwalking.radiate.com 127.0.0.1 dell.radiate.com 127.0.0.1 dillinger.aureate.com 127.0.0.1 dolphinsfootball.com 127.0.0.1 dosequis.radiate.com 127.0.0.1 download.binarybliss.com 127.0.0.1 foreigner.radiate.com 127.0.0.1 freud.aureate.com 127.0.0.1 ftp.gozilla.com 127.0.0.1 gameboy.aureate.com 127.0.0.1 gd1.radiate.com 127.0.0.1 gizmo.net 127.0.0.1 godzilla.radiate.com 127.0.0.1 gozilla.com 127.0.0.1 group-mail.com 127.0.0.1 gzs-6509.radiate.com 127.0.0.1 gzs-7206.radiate.com 127.0.0.1 gzs-ld.radiate.com 127.0.0.1 h-208-184-172-10.radiate.com 127.0.0.1 h-208-184-172-100.radiate.com 127.0.0.1 mm.delfinproject.com 127.0.0.1 www.mm.delfinproject.com 127.0.0.1 http://www.perfectedsecurity.com/ 127.0.0.1 www.ad.yieldmanager.com 127.0.0.1 www.ads.vitalix.net 127.0.0.1 www.zedo.net »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri C:\WINDOWS\system32\xuoce.dll -> Hoax.Win32.Renos.gen.l C:\WINDOWS\system32\xuoce.dll -> Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\DOCUME~1\ALLUSE~1\MENUST~1\Online Security Guide.url Deleted C:\DOCUME~1\ALLUSE~1\MENUST~1\Security Troubleshooting.url Deleted C:\Program Files\Video AX Object\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{EF12BB5C-56F0-4941-BBAC-F78862219FFB}: DhcpNameServer=83.142.12.3 195.82.184.6 HKLM\SYSTEM\CS1\Services\Tcpip\..\{EF12BB5C-56F0-4941-BBAC-F78862219FFB}: DhcpNameServer=83.142.12.3 195.82.184.6 HKLM\SYSTEM\CS2\Services\Tcpip\..\{EF12BB5C-56F0-4941-BBAC-F78862219FFB}: DhcpNameServer=83.142.12.3 195.82.184.6 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=83.142.12.3 195.82.184.6 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=83.142.12.3 195.82.184.6 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=83.142.12.3 195.82.184.6 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End
djahmen
Dodano
13.05.2007 14:48:24
Jest. [quote]C:\WINDOWS\system32\xuoce.dll[/quote] Ściagnij smitfraudfix, rozpakuj, wystartuj system w trybie awaryjnym, uruchom smitfraudfix.cmd i skorzystaj z opcji 2 - Clean Dodatkowo otwórz harmonogram zadań i skasuj zadanie. Upewnij sie, że pliku wyboldowanego rzeczywiście nie ma - jak jest - skasuj [quote] "A655048F9196BF7F" -> launches: "c:\docume~1\rysiek\daneap~1\cakeco~1\[b]Mp3 Does Bleh.exe[/b]" [file not found] [/quote] To CLKERN.DLL znasz ?? Sam zainstalowałes z czymś ?? Po robocie logi SilentRunners i HijackThis pokaz.
Żółty
Dodano
13.05.2007 14:02:09
juz wiem czemu nie umialem otworzyc tego bo uzywam mozilli a na tym mi nie szlo.. ok daje tu loga "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "RocketDock" = ""C:\Program Files\RocketDock\RocketDock.exe"" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "WINDVDPatch" = "CTHELPER.EXE" ["Creative Technology Ltd"] "UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."] "Jet Detection" = ""C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"" [empty string] "CTStartup" = "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run" ["Creative Technology Ltd."] "RemoteControl" = ""D:\POWER DVD \PDVDServ.exe"" ["Cyberlink Corp."] "HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."] "AVG7_CC" = "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"" ["Sun Microsystems, Inc."] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "DAEMON Tools-1033" = ""C:\Program Files\D-Tools\daemon.exe" -lang 1033" ["DAEMON'S HOME"] "(Default)" = "(empty string)" [file not found] "Sony Ericsson PC Suite" = ""C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions" ["Sony Ericsson Mobile Communications AB"] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "GrooveMonitor" = ""C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"" [MS] "WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture" -> {HKLM...CLSID} = "BitComet Helper" \InProcServer32\(Default) = "C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll" ["BitComet"] {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided) -> {HKLM...CLSID} = "Groove GFS Browser Helper" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [MS] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete" -> {HKLM...CLSID} = "IE Microsoft AutoComplete" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" -> {HKLM...CLSID} = "History Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{E0F7D46B-01EC-4C2F-93F9-6E8C96C7266E}" = "ComproDTVMenu" -> {HKLM...CLSID} = "ComproDTVMenu" \InProcServer32\(Default) = "C:\WINDOWS\system32\CpDTVMen.dll" ["Compro Tech."] "{8BE13461-936F-11D1-A87D-444553540000}" = "Eraser Shell Extension" -> {HKLM...CLSID} = "Eraser Shell Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\erasext.dll" ["-"] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {HKLM...CLSID} = "AlcoholShellEx" \InProcServer32\(Default) = "C:\PROGRA~1\Alcohol\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"] "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."] "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension" -> {HKLM...CLSID} = "AVG7 Find Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."] "{A5110426-177D-4e08-AB3F-785F10B4439C}" = "Sony Ericsson File Manager" -> {HKLM...CLSID} = "Sony Ericsson File Manager" \InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll" ["Sony Ericsson Mobile Communications AB"] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "D:\K-Lite Codec Pack\Real\rpshell.dll" ["RealNetworks, Inc."] "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper" -> {HKLM...CLSID} = "Groove GFS Browser Helper" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [MS] "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar" -> {HKLM...CLSID} = "Groove Folder Synchronization" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [MS] "{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler" -> {HKLM...CLSID} = "Groove GFS Stub Icon Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [MS] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook" -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [MS] "{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [MS] "{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler" -> {HKLM...CLSID} = "Groove XML Icon Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [MS] "{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [MS] "{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [MS] "{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [MS] "{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [MS] "{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\OLKFSTUB.DLL" [MS] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\MLSHEXT.DLL" [MS] "{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" -> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\ONFILTER.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler<> "{da3b49f6-8c54-4429-a275-21a86dcca413}" = "admissibility" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\xuoce.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks<> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook" -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows<> "AppInit_DLLs" = "CLKERN.DLL" ["William Blum"] HKLM\Software\Classes\PROTOCOLS\Filter<> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "D:\Program PDF\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlersAVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."] Erasext\(Default) = "{8BE13461-936F-11D1-A87D-444553540000}" -> {HKLM...CLSID} = "Eraser Shell Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\erasext.dll" ["-"] PowerArchiver\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}" -> {HKLM...CLSID} = "PowerArchiver Shell Extensions" \InProcServer32\(Default) = "C:\Program Files\PowerArchiver\PASHLEXT.DLL" ["ConeXware, Inc."] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [MS] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlersXXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlersAVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."] Erasext\(Default) = "{8BE13461-936F-11D1-A87D-444553540000}" -> {HKLM...CLSID} = "Eraser Shell Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\erasext.dll" ["-"] PowerArchiver\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}" -> {HKLM...CLSID} = "PowerArchiver Shell Extensions" \InProcServer32\(Default) = "C:\Program Files\PowerArchiver\PASHLEXT.DLL" ["ConeXware, Inc."] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [MS] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlersXXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [MS] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop"Wallpaper" = "C:\Documents and Settings\RYSIEK\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS] Startup items in "RYSIEK" & "All Users" startup folders: -------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart "Adobe Reader Speed Launch" -> shortcut to: "D:\Program PDF\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "ComproRemote" -> shortcut to: "C:\Program Files\Common Files\VideoMate\ComproRemote.exe" ["Compro Technology, Inc."] "ComproScheduler" -> shortcut to: "C:\Program Files\Common Files\VideoMate\ComproScheduler.exe" ["Compro Technology, Inc."] "HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."] "Ulead Photo Express Calendar Checker For My Custom Edition" -> shortcut to: "D:\Skaner\CalCheck.exe" ["Ulead Systems, Inc."] Enabled Scheduled Tasks: ------------------------ "A655048F9196BF7F" -> launches: "c:\docume~1\rysiek\daneap~1\cakeco~1\Mp3 Does Bleh.exe" [file not found] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars HKLM\Software\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [MS] HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_01" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_01" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll" ["Sun Microsystems, Inc."] {2670000A-7350-4F3C-8081-5663EE0C6C49}"ButtonText" = "Wyślij do programu OneNote" "MenuText" = "Wyślij &do programu OneNote" "CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}" -> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll" [MS] {92780B25-18CC-41C8-B9BE-3C9C571A8263}"ButtonText" = "Research" {FB5F1910-F110-11D2-BB9E-00C04F795683}"ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): : ˙ţ[ V e r s i o n ] : S i g n a t u r e = " $ C H I C A G O $ " : A d v a n c e d I N F = 2 . 5 , " Y o u n e e d a n e w v e r s i o n o f a d v p a c k . d l l " : : [ R e s t o r e H o m e P a g e ] : A d d R e g = R e s t o r e H o m e P a g e . r e g : : [ R e s t o r e B r o w s e r S e t t i n g s ] : A d d R e g = R e s t o r e B r o w s e r S e t t i n g s . r e g : D e l R e g = D e l e t e T e m p l a t e s . r e g , D e l e t e A u t o s e a r c h . r e g : : [ R e s t o r e H o m e P a g e . r e g ] : H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " S t a r t P a g e " , 0 , % S T A R T _ P A G E _ U R L % : : [ R e s t o r e B r o w s e r S e t t i n g s . r e g ] : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " D e f a u l t _ P a g e _ U R L " , 0 , % S T A R T _ P A G E _ U R L % : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " D e f a u l t _ S e a r c h _ U R L " , 0 , % S E A R C H _ P A G E _ U R L % : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " S e a r c h P a g e " , 0 , % S E A R C H _ P A G E _ U R L % : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 1 " , 0 , " w w w . % s . c o m " : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 2 " , 0 , " w w w . % s . o r g " : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 3 " , 0 , " w w w . % s . n e t " : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 4 " , 0 , " w w w . % s . e d u " : H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " S e a r c h P a g e " , 0 , % S E A R C H _ P A G E _ U R L % : : ; N O T E ( a n d r e w g u ) i e 5 . 5 b # 1 0 8 2 5 9 - a u t o s e a r c h s e t t i n g s a r e n o t p r o p e r l y r e s e t : H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ S e a r c h U r l " , " P r o v i d e r " , 0 , " " : : t m " : t m " : H K L M , " S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ I n t e r n e t S e t t i n g s \ S a f e S i t e s " , % S A F E S I T E _ V A L U E % , 0 , " h t t p : / / i e . s e a r c h . m s n . c o m / * " : : [ D e l e t e T e m p l a t e s . r e g ] : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 5 " : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 6 " : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 7 " : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 8 " : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 9 " : : [ D e l e t e A u t o s e a r c h . r e g ] : ; N O T E ( a n d r e w g u ) i e 5 . 5 b # 1 0 8 2 5 9 - a u t o s e a r c h s e t t i n g s a r e n o t p r o p e r l y r e s e t : H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " A u t o S e a r c h " : : [ S t r i n g s ] : S T A R T _ P A G E _ U R L = " h t t p : / / w w w . m i c r o s o f t . c o m / i s a p i / r e d i r . d l l ? p r d = i e & p v e r = 6 & a r = m s n h o m e " : S E A R C H _ P A G E _ U R L = " h t t p : / / w w w . m i c r o s o f t . c o m / i s a p i / r e d i r . d l l ? p r d = i e & a r = i e s e a r c h " : S A F E S I T E _ V A L U E = " i e . s e a r c h . m s n . c o m " : : ; I M P O R T A N T N O T E : : ; I E b r a n d i n g d l l ( i e d k c s 3 2 . d l l ) u s e s t h e f o l l o w i n g e n t r i e s t o r e s t o r e t h e d e f a u l t M S v a l u e s . : ; I n t h e v a n i l l a v e r s i o n o f I E , t h e v a l u e s m u s t b e t h e s a m e a s t h e i r c o r r e s p o n d i n g n o n M S _ * v a l u e s . : ; F o r e x a m p l e , S T A R T _ P A G E _ U R L a n d M S _ S T A R T _ P A G E _ U R L m u s t h a v e t h e s a m e U R L i n t h e I E v e r s i o n r e l e a s e d b y M S . : M S _ S T A R T _ P A G E _ U R L = " h t t p : / / w w w . m i c r o s o f t . c o m / i s a p i / r e d i r . d l l ? p r d = i e & p v e r = 6 & a r = m s n h o m e " : Missing lines (compared with English-language version): [Version]: 2 lines [RestoreHomePage]: 1 line [RestoreHomePage.reg]: 1 line [RestoreBrowserSettings.reg]: 12 lines [DeleteTemplates.reg]: 5 lines [DeleteAutosearch.reg]: 1 line [Strings]: 1 line [RestoreBrowserSettings]: 2 lines [Strings]: 3 lines Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe" ["GRISOFT, s.r.o."] AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe" ["GRISOFT, s.r.o."] Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.exe" ["Creative Technology Ltd"] LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"] Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] StarWind iSCSI Service, StarWindService, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"] WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\system32\MsPMSPSv.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\MonitorsPCL Language Monitor\Driver = "hpz3l3xu.dll" ["Hewlett-Packard Company"] Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 183 seconds, including 6 seconds for message boxes)
djahmen
Dodano
13.05.2007 13:47:40
Zafixuj wpis [quote] O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"[/quote] WhenUSave odinstaluj z Dodaj/Usuń programy a po deinstalacji skasuj ewentualne resztki - czyli katalog C:\Program Files\Save Jak dalej będzie problem to loga SilentRunners pokaż (w tym dziale w przyklejonych tematach znajdziesz informacje na jego temat).
Żółty
Dodano
13.05.2007 12:40:23
  • djahmen 13.05.2007 13:29:12

    wszystko zrobilem to co mi napisales ale dalej mi to przeszkadza... =/ [b]Jak dalej będzie problem to loga SilentRunners pokaż (w tym dziale w przyklejonych tematach znajdziesz informacje na jego temat).[/b] a to nie dziala... jest blad strony ;/

  • Żółty 13.05.2007 13:40:52

    [quote=djahmen] a to nie dziala... jest blad strony ;/[/quote] [url]http://www.silentrunners.org/Silent%20Runners.vbs[/url] - ściągnij, uruchom, poczekaj na komunikat końcowy i log.

Jak korzystając w prywanych wiadomości (PM) dostane ja lub inny moderator informacje o tym gdzie (w jakim dziale) temat powinien się znaleźć oraz propozycje sensownej nazwy tematu to zostanie on przeniesiony i odblokowany.
Żółty
Dodano
12.05.2007 15:06:35
djahmen
Dodano:
12.05.2007 15:03:17
Komentarzy:
9
Strona 1 / 1