- Kod: Zaznacz wszystko
GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-08-22 10:50:51
Windows 5.1.2600 Dodatek Service Pack 2
---- Services - GMER 1.0.13 ----
Service [DISABLED] Abiosdsk
Service [DISABLED] abp480n5
Service C:\WINDOWS\system32\DRIVERS\ACPI.sys [BOOT] ACPI
Service [DISABLED] ACPIEC
Service [DISABLED] adpu160m
Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec
Service C:\WINDOWS\System32\drivers\afd.sys [SYSTEM] AFD
Service [DISABLED] Aha154x
Service [DISABLED] aic78u2
Service [DISABLED] aic78xx
Service C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [MANUAL] alcan5wn
Service C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [MANUAL] alcaudsl
Service C:\WINDOWS\system32\drivers\ALCXWDM.SYS [MANUAL] ALCXWDM
Service C:\WINDOWS\system32\svchost.exe [DISABLED] Alerter
Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG
Service [DISABLED] AliIde
Service C:\WINDOWS\system32\DRIVERS\amdk7.sys [SYSTEM] AmdK7
Service C:\WINDOWS\System32\DRIVERS\Amps2prt.sys [MANUAL] Amps2prt
Service [DISABLED] amsint
Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt
Service C:\Program Files\Ares\chatServer.exe [MANUAL] AresChatServer
Service [DISABLED] asc
Service [DISABLED] asc3350p
Service [DISABLED] asc3550
Service C:\WINDOWS\System32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac
Service C:\WINDOWS\system32\DRIVERS\atapi.sys [BOOT] atapi
Service [DISABLED] Atdisk
Service C:\WINDOWS\System32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc
Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv
Service C:\WINDOWS\System32\DRIVERS\audstub.sys [MANUAL] audstub
Service C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe [AUTO] Avg7Alrt
Service C:\WINDOWS\System32\Drivers\avg7core.sys [SYSTEM] Avg7Core
Service C:\WINDOWS\System32\Drivers\avg7rsw.sys [SYSTEM] Avg7RsW
Service C:\WINDOWS\System32\Drivers\avg7rsxp.sys [SYSTEM] Avg7RsXP
Service C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe [AUTO] Avg7UpdSvc
Service C:\WINDOWS\System32\Drivers\avgclean.sys [SYSTEM] AvgClean
Service C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe [AUTO] AVGEMS
Service C:\WINDOWS\System32\Drivers\avgtdi.sys [AUTO] AvgTdi
Service BattC
Service [SYSTEM] Beep
Service C:\WINDOWS\system32\svchost.exe [MANUAL] BITS
Service C:\WINDOWS\system32\svchost.exe [AUTO] Browser
Service [DISABLED] cbidf2k
Service [DISABLED] cd20xrnt
Service [SYSTEM] Cdaudio
Service [DISABLED] Cdfs
Service C:\WINDOWS\System32\DRIVERS\cdrom.sys [SYSTEM] Cdrom
Service [SYSTEM] Changer
Service C:\WINDOWS\system32\cisvc.exe [MANUAL] cisvc
Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv
Service [DISABLED] CmdIde
Service C:\WINDOWS\system32\dllhost.exe [MANUAL] COMSysApp
Service ContentFilter
Service ContentIndex
Service [DISABLED] Cpqarray
Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc
Service [DISABLED] dac2w2k
Service [DISABLED] dac960nt
Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch
Service C:\WINDOWS\system32\svchost.exe [AUTO] Dhcp
Service C:\WINDOWS\System32\DRIVERS\disk.sys [BOOT] Disk
Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin
Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot
Service C:\WINDOWS\system32\DRIVERS\dmio.sys [BOOT] dmio
Service [BOOT] dmload
Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver
Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic
Service C:\WINDOWS\system32\svchost.exe [AUTO] Dnscache
Service [DISABLED] dpti2o
Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud
Service C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [MANUAL] ElbyCDFL
Service C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [AUTO] ElbyCDIO
Service C:\WINDOWS\System32\DRIVERS\ElbyVCD.sys [BOOT] ElbyVCD
Service C:\WINDOWS\System32\svchost.exe [DISABLED] ERSvc
Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog
Service C:\WINDOWS\system32\svchost.exe [MANUAL] EventSystem
Service [DISABLED] Fastfat
Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility
Service C:\WINDOWS\System32\DRIVERS\fdc.sys [MANUAL] Fdc
Service [SYSTEM] Fips
Service C:\WINDOWS\System32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk
Service C:\WINDOWS\system32\DRIVERS\fltMgr.sys [BOOT] FltMgr
Service [SYSTEM] Fs_Rec
Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys [BOOT] Ftdisk
Service fwdrv
Service C:\WINDOWS\System32\DRIVERS\gameenum.sys [MANUAL] gameenum
Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer
Service C:\WINDOWS\System32\DRIVERS\msgpc.sys [MANUAL] Gpc
Service C:\WINDOWS\System32\DRIVERS\hamachi.sys [MANUAL] hamachi
Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc
Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ
Service [DISABLED] hpn
Service [DISABLED] hpt3xx
Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP
Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter
Service [SYSTEM] i2omgmt
Service [DISABLED] i2omp
Service C:\WINDOWS\System32\DRIVERS\i8042prt.sys [SYSTEM] i8042prt
Service C:\WINDOWS\system32\drivers\ikfileflt.sys [MANUAL] IKFileFlt
Service C:\WINDOWS\system32\drivers\ikfilesec.sys [MANUAL] IKFileSec
Service C:\WINDOWS\system32\drivers\iksysflt.sys [MANUAL] IkSysFlt
Service C:\WINDOWS\system32\drivers\iksyssec.sys [MANUAL] IKSysSec
Service C:\WINDOWS\System32\DRIVERS\imapi.sys [SYSTEM] Imapi
Service C:\WINDOWS\system32\imapi.exe [MANUAL] ImapiService
Service inetaccs
Service [DISABLED] ini910u
Service Inport
Service [DISABLED] IntelIde
Service C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys [MANUAL] Ip6Fw
Service C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver
Service C:\WINDOWS\System32\DRIVERS\ipinip.sys [MANUAL] IpInIp
Service C:\WINDOWS\system32\DRIVERS\ipnat.sys [MANUAL] IpNat
Service C:\WINDOWS\System32\DRIVERS\ipsec.sys [SYSTEM] IPSec
Service C:\WINDOWS\System32\DRIVERS\irenum.sys [MANUAL] IRENUM
Service ISAPISearch
Service C:\WINDOWS\system32\DRIVERS\isapnp.sys [BOOT] isapnp
Service C:\WINDOWS\System32\DRIVERS\kbdclass.sys [SYSTEM] Kbdclass
Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer
Service [BOOT] KSecDD
Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanserver
Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanworkstation
Service [SYSTEM] lbrtfdc
Service ldap
Service LicenseService
Service C:\WINDOWS\system32\svchost.exe [AUTO] LmHosts
Service C:\WINDOWS\system32\svchost.exe [DISABLED] Messenger
Service [SYSTEM] mnmdd
Service C:\WINDOWS\System32\mnmsrvc.exe [MANUAL] mnmsrvc
Service [MANUAL] Modem
Service C:\WINDOWS\System32\DRIVERS\mouclass.sys [SYSTEM] Mouclass
Service [BOOT] MountMgr
Service C:\WINDOWS\System32\mousehs.exe [AUTO] mousehs
Service [DISABLED] mraid35x
Service C:\WINDOWS\System32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV
Service C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [SYSTEM] MRxSmb
Service C:\Documents and Settings\Marcykiewicz\msdirectxnx.sys [MANUAL] msdirectxnew
Service C:\WINDOWS\System32\msdtc.exe [MANUAL] MSDTC
Service [SYSTEM] Msfs
Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer
Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV
Service C:\WINDOWS\MsLS32.exe [AUTO] MsLS32
Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK
Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM
Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys [MANUAL] mssmbios
Service [BOOT] Mup
Service [BOOT] NDIS
Service C:\WINDOWS\System32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi
Service C:\WINDOWS\System32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio
Service C:\WINDOWS\System32\DRIVERS\ndiswan.sys [MANUAL] NdisWan
Service [MANUAL] NDProxy
Service C:\WINDOWS\System32\DRIVERS\netbios.sys [SYSTEM] NetBIOS
Service C:\WINDOWS\System32\DRIVERS\netbt.sys [SYSTEM] NetBT
Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE
Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm
Service C:\WINDOWS\system32\lsass.exe [MANUAL] Netlogon
Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman
Service C:\WINDOWS\system32\svchost.exe [MANUAL] Nla
Service [SYSTEM] Npfs
Service [DISABLED] Ntfs
Service C:\WINDOWS\system32\lsass.exe [MANUAL] NtLmSsp
Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc
Service [SYSTEM] Null
Service C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt
Service C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd
Service C:\WINDOWS\System32\DRIVERS\parport.sys [MANUAL] Parport
Service [BOOT] PartMgr
Service [AUTO] ParVdm
Service C:\WINDOWS\System32\DRIVERS\pavdrv51.sys [AUTO] pavdrv
Service PAVSRV
Service C:\WINDOWS\system32\DRIVERS\pci.sys [BOOT] PCI
Service [SYSTEM] PCIDump
Service [DISABLED] PCIIde
Service [DISABLED] Pcmcia
Service [MANUAL] PDCOMP
Service [MANUAL] PDFRAME
Service [MANUAL] PDRELI
Service [MANUAL] PDRFRAME
Service [DISABLED] perc2
Service [DISABLED] perc2hib
Service PerfDisk
Service PerfNet
Service PerfOS
Service PerfProc
Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay
Service C:\WINDOWS\system32\lsass.exe [AUTO] PolicyAgent
Service C:\WINDOWS\System32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport
Service C:\WINDOWS\System32\DRIVERS\processr.sys [SYSTEM] Processor
Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage
Service C:\WINDOWS\System32\DRIVERS\psched.sys [MANUAL] PSched
Service C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe [AUTO] PSIMSVC
Service C:\WINDOWS\System32\DRIVERS\ptilink.sys [MANUAL] Ptilink
Service C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [BOOT] PxHelp20
Service [DISABLED] ql1080
Service [DISABLED] Ql10wnt
Service [DISABLED] ql12160
Service [DISABLED] ql1240
Service [DISABLED] ql1280
Service C:\WINDOWS\System32\DRIVERS\rasacd.sys [SYSTEM] RasAcd
Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasAuto
Service C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp
Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasMan
Service C:\WINDOWS\System32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe
Service C:\WINDOWS\System32\DRIVERS\raspti.sys [MANUAL] Raspti
Service C:\WINDOWS\System32\DRIVERS\rdbss.sys [SYSTEM] Rdbss
Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [SYSTEM] RDPCDD
Service RDPDD
Service C:\WINDOWS\System32\DRIVERS\rdpdr.sys [MANUAL] rdpdr
Service RDPNP
Service [MANUAL] RDPWD
Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr
Service C:\WINDOWS\System32\DRIVERS\redbook.sys [SYSTEM] redbook
Service C:\WINDOWS\system32\svchost.exe [DISABLED] RemoteAccess
Service C:\WINDOWS\system32\svchost.exe [AUTO] RemoteRegistry
Service C:\WINDOWS\system32\locator.exe [MANUAL] RpcLocator
Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs
Service C:\WINDOWS\System32\rsvp.exe [MANUAL] RSVP
Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs
Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardDrv
Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr
Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule
Service ScsiPort
Service C:\Program Files\Spyware Doctor\svcntaux.exe [MANUAL] sdAuxService
Service C:\Program Files\Spyware Doctor\swdsvc.exe [MANUAL] sdCoreService
Service C:\WINDOWS\System32\DRIVERS\secdrv.sys [AUTO] Secdrv
Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon
Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS
Service C:\WINDOWS\System32\DRIVERS\serenum.sys [MANUAL] serenum
Service C:\WINDOWS\System32\DRIVERS\serial.sys [SYSTEM] Serial
Service [SYSTEM] Sfloppy
Service C:\WINDOWS\system32\svchost.exe [AUTO] SharedAccess
Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection
Service [DISABLED] Simbad
Service [DISABLED] Sparrow
Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter
Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler
Service C:\WINDOWS\System32\DRIVERS\sr.sys [BOOT] sr
Service C:\WINDOWS\System32\ZoneLabs\srescan.sys [BOOT] srescan
Service C:\WINDOWS\System32\svchost.exe [AUTO] srservice
Service C:\WINDOWS\System32\DRIVERS\srv.sys [MANUAL] Srv
Service C:\WINDOWS\system32\svchost.exe [MANUAL] SSDPSRV
Service C:\WINDOWS\System32\svchost.exe [MANUAL] stisvc
Service C:\WINDOWS\System32\DRIVERS\swenum.sys [MANUAL] swenum
Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi
Service C:\WINDOWS\system32\dllhost.exe [MANUAL] SwPrv
Service swwd
Service [DISABLED] symc810
Service [DISABLED] symc8xx
Service C:\Program Files\Symantec\SYMEVENT.SYS [MANUAL] SymEvent
Service [DISABLED] sym_hi
Service [DISABLED] sym_u3
Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio
Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog
Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv
Service C:\WINDOWS\System32\DRIVERS\tcpip.sys [SYSTEM] Tcpip
Service [MANUAL] TDPIPE
Service [MANUAL] TDTCP
Service C:\WINDOWS\System32\DRIVERS\termdd.sys [SYSTEM] TermDD
Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService
Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes
Service C:\WINDOWS\System32\tlntsvr.exe [DISABLED] TlntSvr
Service [DISABLED] TosIde
Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks
Service TSDDD
Service [DISABLED] Udfs
Service [DISABLED] ultra
Service C:\WINDOWS\System32\DRIVERS\update.sys [MANUAL] Update
Service C:\WINDOWS\system32\svchost.exe [MANUAL] upnphost
Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS
Service C:\WINDOWS\system32\DRIVERS\usbehci.sys [MANUAL] usbehci
Service C:\WINDOWS\system32\DRIVERS\usbhub.sys [MANUAL] usbhub
Service C:\WINDOWS\System32\DRIVERS\usbprint.sys [MANUAL] usbprint
Service C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR
Service C:\WINDOWS\system32\DRIVERS\usbuhci.sys [MANUAL] usbuhci
Service C:\WINDOWS\System32\drivers\vga.sys [SYSTEM] VgaSave
Service System32\DRIVERS\viaagp1.sys [BOOT] viaagp1
Service C:\WINDOWS\System32\DRIVERS\viaidexp.sys [BOOT] ViaIde
Service [BOOT] VolSnap
Service C:\WINDOWS\System32\vsdatant.sys [SYSTEM] vsdatant
Service C:\WINDOWS\system32\ZONELABS\vsmon.exe [AUTO] vsmon
Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS
Service VXD
Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time
Service W3SVC
Service C:\WINDOWS\System32\DRIVERS\wanarp.sys [MANUAL] Wanarp
Service [MANUAL] WDICA
Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud
Service C:\WINDOWS\System32\svchost.exe [AUTO] WebClient
Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt
Service [MANUAL] Winsock
Service WinSock2
Service WinTrust
Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN
Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi
Service WmiApRpl
Service C:\WINDOWS\system32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv
Service C:\WINDOWS\System32\drivers\ws2ifsl.sys [SYSTEM] WS2IFSL
Service C:\WINDOWS\System32\svchost.exe [AUTO] wscsvc
Service wuauserv
Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC
Service C:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov
Service {698E475F-C22D-4DA3-BC17-6DFA4782F74B}
---- EOF - GMER 1.0.13 ----
Komp sam wyskakuje do niebieskeigo ekraniku
reinstalacja sterowników=dnoZero efektów
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:44:53, on 2007-08-22
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Winuser\A4Tech\Mouse\Amoumain.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Marcykiewicz\Pulpit\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [WheelMouse] C:\Winuser\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Avg7_cc] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ComStart] C:\WIRUS\setup.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\RunServices: [Microsoft Directxspnew] directxnew.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [Microsoft Directxspnew] directxnew.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [Microsoft Directxspnew] directxnew.exe (User 'Default user')
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{64B571AA-540B-4BB9-B573-2B909FA145B2}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\dmcdll.dll (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Mouse Hardware Sync (mousehs) - Unknown owner - C:\WINDOWS\System32\mousehs.exe (file missing)
O23 - Service: MsLS32 - Unknown owner - C:\WINDOWS\MsLS32.exe (file missing)
O23 - Service: Panda IManager Service (PSIMSVC) - Unknown owner - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe (file missing)
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
--
End of file - 5328 bytes
- Kod: Zaznacz wszystko
"Silent Runners.vbs", revision R51, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"WheelMouse" = "C:\Winuser\A4Tech\Mouse\Amoumain.exe" ["A4Tech Co.,Ltd."]
"Avg7_cc" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"Zone Labs Client" = ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"]
"WooCnxMon" = "C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [empty string]
"SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"ComStart" = "C:\WIRUS\setup.exe" [file not found]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{0E6C58A9-F592-4862-B35F-CA45E24003B3}" = "CloneCD"
-> {HKLM...CLSID} = "CloneCD Shell Extension"
\InProcServer32\(Default) = "C:\Winuser\CloneCD\ElbyVCDShell.dll" ["Elaborate Bytes"]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{A7521AD6-E8CC-4599-8129-C824C0400CF4}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\dmcdll.dll" [file not found]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> WindowsUpdate\DLLName = "C:\WINDOWS\system32\dmcdll.dll" [file not found]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Marcykiewicz\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\ssstars.scr" [MS]
Enabled Scheduled Tasks:
------------------------
"FRU Task #Hewlett-Packard#Deskjet#3420" -> launches: "C:\Program Files\Hewlett-Packard\upapp\hpqfruv.exe -I "#Hewlett-Packard#Deskjet#3420"" [file not found]
"Harmonogram PCHealth dla biblioteki przekazywania" -> launches: "C:\WINDOWS\PCHealth\UploadLB\Binaries\UploadM.exe -WakeUp" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 14 - 15
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" [file not found]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" [file not found]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\(Default) = "Volet Wanadoo"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]
HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\(Default) = "ToolBand Class"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]
HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\(Default) = "Volet Wanadoo"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]
Miscellaneous IE Hijack Points
------------------------------
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)
-> {HKLM...CLSID} = "Search Class"
\InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AVG E-mail Scanner, AVGEMS, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZONELABS\vsmon.exe -service" ["Zone Labs, LLC"]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt05\Driver = "hpzsnt05.dll" ["HP"]
OLFax Ports\Driver = "OLFMNT40.DLL" [MS]
---------- (launch time: 2007-08-22 19:38:45)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 56 seconds, including 10 seconds for message boxes)
