tala utworzono 11 lipca 2008 utworzono 11 lipca 2008 Logi do tego tematu: http://www.forumpc.pl/index.php?showtopic=56059 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:52:12, on 2008-07-11Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exeC:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXEC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.EXEC:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exeC:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exec:\program files\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXEC:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\system32\RunDll32.exeC:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXED:\Program Files\USB Disk Win98 Driver\Res.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Gadu-Gadu\gg.exeC:\Program Files\Skype\Phone\Skype.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\VIA\RAID\raid_tool.exec:\program files\panda software\panda antivirus + firewall 2007\WebProxy.exeC:\Program Files\Mozilla Firefox\firefox.exeD:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.plR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dllO3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dllO4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [skrót do strony właściwości High Definition Audio] HDAudPropShortcut.exeO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE" /sO4 - HKLM\..\Run: [uSB Storage Toolbox] d:\Program Files\USB Disk Win98 Driver\Res.EXEO4 - HKLM\..\Run: [Onet.pl AutoUpdate] "C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe" /updateexetsrO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automountO4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exeO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205159607953O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.EXEO23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exeO23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exeO23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exeO23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXEO23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeO23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe--End of file - 6868 bytes "Silent Runners.vbs", revision 58, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020" [file not found]"AlcoholAutomount" = ""C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount" ["Alcohol Soft Development Team"]"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]"Odkurzacz-MCD" = "C:\Program Files\Odkurzacz\odk_mcd.exe" ["Franmo Software"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"NVRTCLK" = "C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe" [empty string]"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]"Skrót do strony właściwości High Definition Audio" = "HDAudPropShortcut.exe" ["Windows ? Server 2003 DDK provider"]"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]"NWEReboot" = "(empty string)" [file not found]"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]"NBKeyScan" = ""C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"" [file not found]"APVXDWIN" = ""C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE" /s" ["Panda Software International"]"USB Storage Toolbox" = "d:\Program Files\USB Disk Win98 Driver\Res.EXE" ["ali"]"Onet.pl AutoUpdate" = ""C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe" /updateexetsr" [file not found]"DesktopMaestro" = "(empty string)" [file not found]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]{ecdee021-0d17-467f-a1ff-c7a115230949}\(Default) = (no title provided) -> {HKLM...CLSID} = "free-downloads.net Toolbar" \InProcServer32\(Default) = "C:\Program Files\free-downloads.net\tbfree.dll" ["Conduit Ltd."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {HKLM...CLSID} = "AlcoholShellEx" \InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AxShlex.dll" ["Alcohol Soft Development Team"]"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]"{65756541-C65C-11CD-0000-4B656E696100}" = "Panda Antivirus" -> {HKLM...CLSID} = "Panda Antivirus" \InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\ShellTit.DLL" ["Panda Software International"]"{46E22146-59C0-4136-9233-52E412E2B428}" = "EzCddax extension" -> {HKLM...CLSID} = "EzCddax Class" \InProcServer32\(Default) = "C:\Program Files\Easy CD-DA Extractor 9\ezcddax9.dll" [null data]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\<<!>> avldr\DLLName = "avldr.dll" ["Panda Software International"]HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\EzCddax\(Default) = "{46E22146-59C0-4136-9233-52E412E2B428}" -> {HKLM...CLSID} = "EzCddax Class" \InProcServer32\(Default) = "C:\Program Files\Easy CD-DA Extractor 9\ezcddax9.dll" [null data]Panda Antivirus\(Default) = "{65756541-C65C-11CD-0000-4B656E696100}" -> {HKLM...CLSID} = "Panda Antivirus" \InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\ShellTit.DLL" ["Panda Software International"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Panda Antivirus\(Default) = "{65756541-C65C-11CD-0000-4B656E696100}" -> {HKLM...CLSID} = "Panda Antivirus" \InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\ShellTit.DLL" ["Panda Software International"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]Group Policies {policy setting}:--------------------------------Note: detected settings may not have any effect.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001{Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) dword:0x00000001{Devices: Allow undock without having to log on}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCU\Software\Microsoft\Internet Explorer\Desktop\General\"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"Enabled Screen Saver:---------------------HKCU\Control Panel\Desktop\"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]Windows Portable Device AutoPlay Handlers-----------------------------------------HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\AlcoholAutoPlayV2.BurnDisc\"Provider" = "Alcohol 120%""InvokeProgID" = "AlcoholAutoPlayV2""InvokeVerb" = "BurnDisc"HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\BurnDisc\command\(Default) = ""C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe" %1" ["Alcohol Soft Development Team"]AlcoholAutoPlayV2.ReadDisc\"Provider" = "Alcohol 120%""InvokeProgID" = "AlcoholAutoPlayV2""InvokeVerb" = "ReadDisc"HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\ReadDisc\command\(Default) = ""C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe" %1" ["Alcohol Soft Development Team"]EZCDDAXAutoPlayAudioCD\"Provider" = "Easy CD-DA Extractor 9""InvokeProgID" = "ezcddax.AutoPlay""InvokeVerb" = "AudioCD"HKLM\SOFTWARE\Classes\ezcddax.AutoPlay\shell\AudioCD\command\(Default) = ""C:\Program Files\Easy CD-DA Extractor 9\ezcddax.exe" -nn" ["Jukka Poikolainen"]EZCDDAXAutoPlayBlankCD\"Provider" = "Easy CD-DA Extractor 9""InvokeProgID" = "ezcddax.AutoPlay""InvokeVerb" = "EmptyCD"HKLM\SOFTWARE\Classes\ezcddax.AutoPlay\shell\EmptyCD\command\(Default) = ""C:\Program Files\Easy CD-DA Extractor 9\ezcddax.exe" -nn" ["Jukka Poikolainen"]MPCPlayCDAudioOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayCDAudio"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" ["Gabest"]MPCPlayDVDMovieOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayDVDMovie"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" ["Gabest"]MPCPlayMusicFilesOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayMusicFiles"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]MPCPlayVideoFilesOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayVideoFiles"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]MSWPDShellNamespaceHandler\"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501""CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}""InitCmdLine" = " " -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]Startup items in "Pati" & "All Users" startup folders:------------------------------------------------------C:\Documents and Settings\All Users\Menu Start\Programy\Autostart"VIA RAID TOOL" -> shortcut to: "C:\Program Files\VIA\RAID\raid_tool.exe" ["VIA Technologies"]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:c:\program files\panda software\panda antivirus + firewall 2007\pavlsp.dll ["Panda Software International"], 01 - 03, 18%SystemRoot%\system32\mswsock.dll [MS], 04 - 07, 10 - 17%SystemRoot%\system32\rsvpsp.dll [MS], 08 - 09Toolbars, Explorer Bars, Extensions:------------------------------------ToolbarsHKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\"{ECDEE021-0D17-467F-A1FF-C7A115230949}" = "free-downloads.net Toolbar" -> {HKLM...CLSID} = "free-downloads.net Toolbar" \InProcServer32\(Default) = "C:\Program Files\free-downloads.net\tbfree.dll" ["Conduit Ltd."]Explorer BarsHKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]Extensions (Tools menu items, main toolbar menu buttons)HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\"ButtonText" = "Badanie"{FB5F1910-F110-11D2-BB9E-00C04F795683}\"ButtonText" = "Messenger""MenuText" = "Windows Messenger""Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]Panda anti-virus service, PAVSRV, ""C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe"" ["Panda Software International"]Panda Function Service, PAVFNSVR, ""C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe"" ["Panda Software International"]Panda Host Service, PSHost, ""c:\program files\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE"" ["Panda Software International"]Panda IManager Service, PSIMSVC, ""C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe"" ["Panda Software International"]Panda Process Protection Service, PavPrSrv, ""C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe"" ["Panda Software International"]Panda Software Controller, Panda Software Controller, ""C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.EXE"" ["Panda Software International"]Panda TPSrv, TPSrv, ""C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe"" ["Panda Software International"]StarWind AE Service, StarWindServiceAE, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe" ["Rocket Division Software"]Print Monitors:---------------HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\730 Series Port\Driver = "lxcflmpm.DLL" [empty string]---------- (launch time: 2008-07-11 15:55:47)<<!>>: Suspicious data at a malware launch point.+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter.+ The search for DESKTOP.INI DLL launch points on all local fixed drives took 75 seconds.---------- (total run time: 174 seconds)
Mateusz J. komentarz 11 lipca 2008 komentarz 11 lipca 2008 O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dllO3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll Fix w HiajckThis. Z Panelu Sterowania => Dodad/Usuń Programy odinstaluj free-downloads.net.
tala komentarz 13 lipca 2008 Autor komentarz 13 lipca 2008 odinstalowałam ,ale problem nie zniknął nadal się restertuje sam nawet w trybie awaryjnym ;/
snip91 komentarz 14 lipca 2008 komentarz 14 lipca 2008 Do notatnika wklej: Windows Registry Editor Version 5.00[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}][-HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ECDEE021-0D17-467F-A1FF-C7A115230949}] W notatniku zakładka Plik -> Zapisz jako --> Zmień rozszerzenie na "Wszystkie pliki" -> Zapisz pod nazwą FIX.REG Uruchom utworzony plik FIX.REG i potwierdź dodanie do Rejestru i zrestartuj komputer. Jak wykonasz, pokaż nowe logi.
tala komentarz 15 lipca 2008 Autor komentarz 15 lipca 2008 Do notatnika wklej:Windows Registry Editor Version 5.00 [-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}] [-HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ECDEE021-0D17-467F-A1FF-C7A115230949}] W notatniku zakładka Plik -> Zapisz jako --> Zmień rozszerzenie na "Wszystkie pliki" -> Zapisz pod nazwą FIX.REG Uruchom utworzony plik FIX.REG i potwierdź dodanie do Rejestru i zrestartuj komputer. Jak wykonasz, pokaż nowe logi. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:11:55, on 2008-07-15Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exeC:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXEC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.EXEC:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exeC:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exec:\program files\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXEC:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\RunDll32.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Gadu-Gadu\gg.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\VIA\RAID\raid_tool.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.plR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [skrót do strony właściwości High Definition Audio] HDAudPropShortcut.exeO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE" /sO4 - HKLM\..\Run: [Onet.pl AutoUpdate] "C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe" /updateexetsrO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automountO4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exeO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205159607953O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.EXEO23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exeO23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exeO23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exeO23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXEO23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeO23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe--End of file - 6383 bytes "Silent Runners.vbs", revision 58, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020" [file not found]"AlcoholAutomount" = ""C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount" ["Alcohol Soft Development Team"]"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]"Odkurzacz-MCD" = "C:\Program Files\Odkurzacz\odk_mcd.exe" ["Franmo Software"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"NVRTCLK" = "C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe" [empty string]"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]"Skrót do strony właściwości High Definition Audio" = "HDAudPropShortcut.exe" ["Windows ® Server 2003 DDK provider"]"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]"NWEReboot" = "(empty string)" [file not found]"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]"NBKeyScan" = ""C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"" [file not found]"APVXDWIN" = ""C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE" /s" ["Panda Software International"]"Onet.pl AutoUpdate" = ""C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe" /updateexetsr" [file not found]"DesktopMaestro" = "(empty string)" [file not found]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {HKLM...CLSID} = "AlcoholShellEx" \InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AxShlex.dll" ["Alcohol Soft Development Team"]"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]"{65756541-C65C-11CD-0000-4B656E696100}" = "Panda Antivirus" -> {HKLM...CLSID} = "Panda Antivirus" \InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\ShellTit.DLL" ["Panda Software International"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\<<!>> avldr\DLLName = "avldr.dll" ["Panda Software International"]HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Panda Antivirus\(Default) = "{65756541-C65C-11CD-0000-4B656E696100}" -> {HKLM...CLSID} = "Panda Antivirus" \InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\ShellTit.DLL" ["Panda Software International"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Panda Antivirus\(Default) = "{65756541-C65C-11CD-0000-4B656E696100}" -> {HKLM...CLSID} = "Panda Antivirus" \InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\ShellTit.DLL" ["Panda Software International"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]Group Policies {policy setting}:--------------------------------Note: detected settings may not have any effect.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001{Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) dword:0x00000001{Devices: Allow undock without having to log on}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCU\Software\Microsoft\Internet Explorer\Desktop\General\"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"Enabled Screen Saver:---------------------HKCU\Control Panel\Desktop\"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]Windows Portable Device AutoPlay Handlers-----------------------------------------HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\AlcoholAutoPlayV2.BurnDisc\"Provider" = "Alcohol 120%""InvokeProgID" = "AlcoholAutoPlayV2""InvokeVerb" = "BurnDisc"HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\BurnDisc\command\(Default) = ""C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe" %1" ["Alcohol Soft Development Team"]AlcoholAutoPlayV2.ReadDisc\"Provider" = "Alcohol 120%""InvokeProgID" = "AlcoholAutoPlayV2""InvokeVerb" = "ReadDisc"HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\ReadDisc\command\(Default) = ""C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe" %1" ["Alcohol Soft Development Team"]EZCDDAXAutoPlayAudioCD\"Provider" = "Easy CD-DA Extractor 9""InvokeProgID" = "ezcddax.AutoPlay""InvokeVerb" = "AudioCD"HKLM\SOFTWARE\Classes\ezcddax.AutoPlay\shell\AudioCD\command\(Default) = ""C:\Program Files\Easy CD-DA Extractor 9\ezcddax.exe" -nn" ["Jukka Poikolainen"]EZCDDAXAutoPlayBlankCD\"Provider" = "Easy CD-DA Extractor 9""InvokeProgID" = "ezcddax.AutoPlay""InvokeVerb" = "EmptyCD"HKLM\SOFTWARE\Classes\ezcddax.AutoPlay\shell\EmptyCD\command\(Default) = ""C:\Program Files\Easy CD-DA Extractor 9\ezcddax.exe" -nn" ["Jukka Poikolainen"]MPCPlayCDAudioOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayCDAudio"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" ["Gabest"]MPCPlayDVDMovieOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayDVDMovie"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" ["Gabest"]MPCPlayMusicFilesOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayMusicFiles"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]MPCPlayVideoFilesOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayVideoFiles"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]MSWPDShellNamespaceHandler\"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501""CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}""InitCmdLine" = " " -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]Startup items in "Pati" & "All Users" startup folders:------------------------------------------------------C:\Documents and Settings\All Users\Menu Start\Programy\Autostart"VIA RAID TOOL" -> shortcut to: "C:\Program Files\VIA\RAID\raid_tool.exe" ["VIA Technologies"]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:c:\program files\panda software\panda antivirus + firewall 2007\pavlsp.dll ["Panda Software International"], 01 - 03, 18%SystemRoot%\system32\mswsock.dll [MS], 04 - 07, 10 - 17%SystemRoot%\system32\rsvpsp.dll [MS], 08 - 09Toolbars, Explorer Bars, Extensions:------------------------------------Explorer BarsHKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]Extensions (Tools menu items, main toolbar menu buttons)HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\"ButtonText" = "Badanie"{FB5F1910-F110-11D2-BB9E-00C04F795683}\"ButtonText" = "Messenger""MenuText" = "Windows Messenger""Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]Panda anti-virus service, PAVSRV, ""C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe"" ["Panda Software International"]Panda Function Service, PAVFNSVR, ""C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe"" ["Panda Software International"]Panda Host Service, PSHost, ""c:\program files\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE"" ["Panda Software International"]Panda IManager Service, PSIMSVC, ""C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe"" ["Panda Software International"]Panda Process Protection Service, PavPrSrv, ""C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe"" ["Panda Software International"]Panda Software Controller, Panda Software Controller, ""C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.EXE"" ["Panda Software International"]Panda TPSrv, TPSrv, ""C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe"" ["Panda Software International"]StarWind AE Service, StarWindServiceAE, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe" ["Rocket Division Software"]Print Monitors:---------------HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\730 Series Port\Driver = "lxcflmpm.DLL" [empty string]---------- (launch time: 2008-07-15 13:17:00)<<!>>: Suspicious data at a malware launch point.+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter.+ The search for DESKTOP.INI DLL launch points on all local fixed drives took 22 seconds.---------- (total run time: 86 seconds)
snip91 komentarz 15 lipca 2008 komentarz 15 lipca 2008 Log wygląda już na czysty. Problem dalej występuje? Jeśli tak, to możesz dodać log z ComboFix.
tala komentarz 15 lipca 2008 Autor komentarz 15 lipca 2008 Log wygląda już na czysty.Problem dalej występuje? Jeśli tak, to możesz dodać log z ComboFix. nadal kiedy włączę jakąś gre mozna pograc ok 20 min i nagle jest pii i zawiesza sie nie moza nic zrobic pozostaje tylko restart ;/ co powinno byc w folderze Temp na dysku C? u mnie jest tam jeszcze jeden folder ktory ma w naziwe cyferki i literki a w tym folderze nie ma nic jest pusty a wydaje mi sie ze kiedys tam cos bylo ;/ oto log z ComboFix ComboFix 08-07-14.2 - Pati 2008-07-15 15:17:01.1 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.186 [GMT 2:00]Running from: C:\Documents and Settings\Pati\Pulpit\ComboFix.exe * Created a new restore point[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).D:\Autorun.inf.((((((((((((((((((((((((( Files Created from 2008-06-15 to 2008-07-15 ))))))))))))))))))))))))))))))).2008-07-15 13:11 . 2008-07-15 13:11 <DIR> d-------- C:\Program Files\Trend Micro2008-07-14 12:37 . 2008-07-14 12:37 <DIR> d-------- C:\Program Files\BitTorrent2008-07-12 20:53 . 2008-07-12 20:53 53 --a------ C:\WINDOWS\DelToolbox.bat2008-07-04 16:49 . 2008-07-04 16:49 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles2008-07-01 23:14 . 2008-07-01 23:14 4,448,238 --a------ C:\cace2423dfb97c58fe7dd9f120557063KRN_DATA2008-06-29 13:31 . 2008-06-29 15:51 <DIR> d-------- C:\Program Files\Odkurzacz2008-06-29 13:13 . 2008-06-29 13:13 <DIR> d-------- C:\Program Files\Desktop Maestro2008-06-29 13:13 . 2008-07-12 20:44 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP2008-06-28 17:12 . 2008-06-28 17:12 <DIR> d-------- C:\Program Files\[u]0[/u]6.LAN2008-06-24 22:21 . 2008-06-24 22:28 <DIR> d-------- C:\Program Files\Screamer Radio2008-06-24 12:07 . 2008-06-24 12:07 <DIR> d-------- C:\Documents and Settings\Pati\Dane aplikacji\Shareaza2008-06-22 16:44 . 2008-06-25 23:26 488 --a------ C:\WINDOWS\MicrophoneL.bin2008-06-22 16:38 . 2008-07-12 20:35 <DIR> d-------- C:\Documents and Settings\Pati\Dane aplikacji\skypePM2008-06-22 16:38 . 2008-06-22 16:38 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat2008-06-22 16:36 . 2008-07-14 11:33 <DIR> d-------- C:\Documents and Settings\Pati\Dane aplikacji\Skype2008-06-22 16:34 . 2008-06-22 16:35 <DIR> d-------- C:\Program Files\Skype2008-06-22 16:34 . 2008-06-22 16:34 <DIR> d-------- C:\Program Files\Common Files\Skype2008-06-22 16:33 . 2008-06-22 16:34 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype2008-06-21 16:00 . 2008-06-26 22:29 <DIR> d-------- C:\Program Files\Gadu-Gadu2008-06-20 02:56 . 2008-06-20 02:56 177 --a------ C:\ioSpecial.ini2008-06-20 02:47 . 2008-06-20 02:47 <DIR> d-------- C:\Documents and Settings\Pati\Dane aplikacji\Kamerzysta2008-06-20 02:47 . 2008-06-20 02:47 <DIR> d-------- C:\Documents and Settings\Pati\Dane aplikacji\AutoUpdate2008-06-20 02:46 . 2008-06-20 02:46 <DIR> d-------- C:\Program Files\Onet2008-06-20 02:46 . 2008-06-20 02:47 <DIR> d-------- C:\Program Files\Common Files\Onet.pl2008-06-15 14:49 . 2008-06-15 14:49 <DIR> d-------- C:\Program Files\Defraggler.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-07-15 13:09 1,204 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck2008-07-15 13:09 1,204 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG2008-07-15 12:59 224,412 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck2008-07-15 12:59 224,412 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT2008-07-14 20:57 --------- d-----w C:\Documents and Settings\Pati\Dane aplikacji\BitTorrent2008-07-13 15:43 --------- d-----w C:\Program Files\Easy CD-DA Extractor 92008-07-12 18:53 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-07-12 18:35 --------- d-----w C:\Program Files\Windows Media Connect 22008-07-12 18:35 --------- d-----w C:\Documents and Settings\Tala\Dane aplikacji\uTorrent2008-07-12 18:35 --------- d-----w C:\Documents and Settings\Tala\Dane aplikacji\DNA2008-07-12 18:35 --------- d-----w C:\Documents and Settings\Tala\Dane aplikacji\BitTorrent2008-07-12 18:35 --------- d-----w C:\Documents and Settings\Tala\Dane aplikacji\Azureus2008-07-12 18:35 --------- d-----w C:\Documents and Settings\Pati\Dane aplikacji\Azureus2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys2008-06-17 19:36 --------- d-----w C:\Program Files\uTorrent2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys2008-06-07 11:34 --------- d-----w C:\Program Files\Alcohol Soft2008-06-07 11:02 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll2008-05-05 16:33 63,024 ----a-w C:\WINDOWS\system32\pavipc.dll2008-05-05 16:33 292,400 ----a-w C:\WINDOWS\system32\PavSHook.dll2008-05-05 16:33 161,328 ----a-w C:\WINDOWS\system32\TpUtil.dll2008-04-21 07:03 662,016 ----a-w C:\WINDOWS\system32\wininet.dll.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 12:27 219520]"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-06-03 15:08 21718312]"Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2008-01-04 12:02 265216][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NVRTCLK"="C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe" [2003-12-30 11:44 24576]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-08-25 11:14 4554752]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-08-25 11:14 86016]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]"APVXDWIN"="C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE" [2007-09-21 11:33 329264]"nwiz"="nwiz.exe" [2004-08-25 11:14 921600 C:\WINDOWS\system32\nwiz.exe]"Skrót do strony właściwości High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 16:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]2007-09-21 11:33 50736 C:\WINDOWS\system32\avldr.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.YV12"= yv12vfw.dll[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe"="D:\\Documents and Settings\\Tala\\CreativesFiles\\Shareaza.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\DNA\\btdna.exe"="C:\\WINDOWS\\system32\\lxcfcoms.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\BitTorrent\\BitTorrent.exe"=R0 viaraid;viaraid;C:\WINDOWS\system32\DRIVERS\viaraid.sys [2003-10-31 05:20]R1 APPFLT;App Filter Plugin;C:\WINDOWS\system32\Drivers\APPFLT.SYS [2007-09-21 11:33]R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\system32\Drivers\DSAFLT.SYS [2007-09-21 11:33]R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\system32\Drivers\fnetmon.SYS [2007-09-21 11:33]R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\system32\Drivers\IDSFLT.SYS [2007-09-21 11:33]R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\system32\Drivers\NETFLTDI.SYS [2007-09-21 11:33]R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2008-05-05 18:33]R1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\system32\Drivers\SMSFLT.SYS [2007-09-21 11:33]R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\Drivers\WNMFLT.SYS [2007-09-21 11:33]R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys [2007-09-21 11:33]R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2008-05-05 18:33]R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []R3 cmudax;C-Media Azalia Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2004-05-14 11:01]R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\netimflt.sys [2008-05-05 18:33]R3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 22:22]S3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys []S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19f8b4e9-ec6c-11dc-8583-806d6172696f}]\Shell\AutoRun\command - F:\Run.exe*Newly Created Service* - CATCHME.- - - - ORPHANS REMOVED - - - -HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exeHKLM-Run-NBKeyScan - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exeHKLM-Run-Onet.pl AutoUpdate - C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exeHKLM-Run-Cmaudio - cmicnfg.cplHKLM-Run-NWEReboot - (no file)HKLM-Run-DesktopMaestro - (no file)**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-07-15 15:20:39Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2008-07-15 15:23:14ComboFix-quarantined-files.txt 2008-07-15 13:22:41Pre-Run: 12,684,480,512 bajtów wolnychPost-Run: 15,122,616,320 bajtów wolnych151 --- E O F --- 2008-07-09 11:04:31 //logi wstawiamy w tagi CODE! ile można o tym pisać?! //tym razem +10% //sniper45
snip91 komentarz 15 lipca 2008 komentarz 15 lipca 2008 Do notatnika wklej: File::C:\cace2423dfb97c58fe7dd9f120557063KRN_DATA W notatniku zakładka Plik --> Zapisz jako --> zapisz pod nazwą CFScript.txt i zapisz go w tym samym katalogu, w którym jest ComboFix. Wystartuj tryb awaryjny (F8 podczas ładowania systemu). Na ikonę ComboFix przeciągasz zrobiony plik CFScript.txt tak, jak na obrazku: Rozpocznie się usuwanie i powstanie log, który pokazujesz na forum. Po restarcie usuń ręcznie folder C:\Qoobox.
tala komentarz 21 lipca 2008 Autor komentarz 21 lipca 2008 "Silent Runners.vbs", revision 58, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020" [file not found]"AlcoholAutomount" = ""C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount" ["Alcohol Soft Development Team"]"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]"Odkurzacz-MCD" = "C:\Program Files\Odkurzacz\odk_mcd.exe" ["Franmo Software"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"NVRTCLK" = "C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe" [empty string]"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]"Skrót do strony właściwości High Definition Audio" = "HDAudPropShortcut.exe" ["Windows ® Server 2003 DDK provider"]"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]"NWEReboot" = "(empty string)" [file not found]"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]"NBKeyScan" = ""C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"" [file not found]"APVXDWIN" = ""C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE" /s" ["Panda Software International"]"Onet.pl AutoUpdate" = ""C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe" /updateexetsr" [file not found]"DesktopMaestro" = "(empty string)" [file not found]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {HKLM...CLSID} = "AlcoholShellEx" \InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AxShlex.dll" ["Alcohol Soft Development Team"]"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]"{65756541-C65C-11CD-0000-4B656E696100}" = "Panda Antivirus" -> {HKLM...CLSID} = "Panda Antivirus" \InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\ShellTit.DLL" ["Panda Software International"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\<<!>> avldr\DLLName = "avldr.dll" ["Panda Software International"]HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Panda Antivirus\(Default) = "{65756541-C65C-11CD-0000-4B656E696100}" -> {HKLM...CLSID} = "Panda Antivirus" \InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\ShellTit.DLL" ["Panda Software International"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Panda Antivirus\(Default) = "{65756541-C65C-11CD-0000-4B656E696100}" -> {HKLM...CLSID} = "Panda Antivirus" \InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\ShellTit.DLL" ["Panda Software International"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]Group Policies {policy setting}:--------------------------------Note: detected settings may not have any effect.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001{Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) dword:0x00000001{Devices: Allow undock without having to log on}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCU\Software\Microsoft\Internet Explorer\Desktop\General\"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"Enabled Screen Saver:---------------------HKCU\Control Panel\Desktop\"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]Windows Portable Device AutoPlay Handlers-----------------------------------------HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\AlcoholAutoPlayV2.BurnDisc\"Provider" = "Alcohol 120%""InvokeProgID" = "AlcoholAutoPlayV2""InvokeVerb" = "BurnDisc"HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\BurnDisc\command\(Default) = ""C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe" %1" ["Alcohol Soft Development Team"]AlcoholAutoPlayV2.ReadDisc\"Provider" = "Alcohol 120%""InvokeProgID" = "AlcoholAutoPlayV2""InvokeVerb" = "ReadDisc"HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\ReadDisc\command\(Default) = ""C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe" %1" ["Alcohol Soft Development Team"]EZCDDAXAutoPlayAudioCD\"Provider" = "Easy CD-DA Extractor 9""InvokeProgID" = "ezcddax.AutoPlay""InvokeVerb" = "AudioCD"HKLM\SOFTWARE\Classes\ezcddax.AutoPlay\shell\AudioCD\command\(Default) = ""C:\Program Files\Easy CD-DA Extractor 9\ezcddax.exe" -nn" ["Jukka Poikolainen"]EZCDDAXAutoPlayBlankCD\"Provider" = "Easy CD-DA Extractor 9""InvokeProgID" = "ezcddax.AutoPlay""InvokeVerb" = "EmptyCD"HKLM\SOFTWARE\Classes\ezcddax.AutoPlay\shell\EmptyCD\command\(Default) = ""C:\Program Files\Easy CD-DA Extractor 9\ezcddax.exe" -nn" ["Jukka Poikolainen"]MPCPlayCDAudioOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayCDAudio"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" ["Gabest"]MPCPlayDVDMovieOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayDVDMovie"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" ["Gabest"]MPCPlayMusicFilesOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayMusicFiles"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]MPCPlayVideoFilesOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayVideoFiles"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]MSWPDShellNamespaceHandler\"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501""CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}""InitCmdLine" = " " -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]Startup items in "Pati" & "All Users" startup folders:------------------------------------------------------C:\Documents and Settings\All Users\Menu Start\Programy\Autostart"VIA RAID TOOL" -> shortcut to: "C:\Program Files\VIA\RAID\raid_tool.exe" ["VIA Technologies"]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:c:\program files\panda software\panda antivirus + firewall 2007\pavlsp.dll ["Panda Software International"], 01 - 03, 18%SystemRoot%\system32\mswsock.dll [MS], 04 - 07, 10 - 17%SystemRoot%\system32\rsvpsp.dll [MS], 08 - 09Toolbars, Explorer Bars, Extensions:------------------------------------Explorer BarsHKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]Extensions (Tools menu items, main toolbar menu buttons)HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\"ButtonText" = "Badanie"{FB5F1910-F110-11D2-BB9E-00C04F795683}\"ButtonText" = "Messenger""MenuText" = "Windows Messenger""Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]Panda anti-virus service, PAVSRV, ""C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe"" ["Panda Software International"]Panda Function Service, PAVFNSVR, ""C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe"" ["Panda Software International"]Panda Host Service, PSHost, ""c:\program files\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE"" ["Panda Software International"]Panda IManager Service, PSIMSVC, ""C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe"" ["Panda Software International"]Panda Process Protection Service, PavPrSrv, ""C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe"" ["Panda Software International"]Panda Software Controller, Panda Software Controller, ""C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.EXE"" ["Panda Software International"]Panda TPSrv, TPSrv, ""C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe"" ["Panda Software International"]StarWind AE Service, StarWindServiceAE, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe" ["Rocket Division Software"]Print Monitors:---------------HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\730 Series Port\Driver = "lxcflmpm.DLL" [empty string]---------- (launch time: 2008-07-15 13:17:00)<<!>>: Suspicious data at a malware launch point.+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter.+ The search for DESKTOP.INI DLL launch points on all local fixed drives took 22 seconds.---------- (total run time: 86 seconds)
Mateusz J. komentarz 21 lipca 2008 komentarz 21 lipca 2008 Silent Runners czysty. Rozpocznie się usuwanie i powstanie log, który pokazujesz na forum. Proszę pokazać ten log
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.