przez KAaDEeL 05 Kwi 2007, 19:14
przez Okocza 05 Kwi 2007, 19:19
przez KAaDEeL 05 Kwi 2007, 19:21
okocza napisał(a):podaj logi z Hijack'a i sillent runners
przez Okocza 05 Kwi 2007, 19:23
przez wojtas 05 Kwi 2007, 19:23
KAaDEeL napisał(a):a tak dokładnie?
przez MUTOPOMPKA 05 Kwi 2007, 19:24
przez kahoona 05 Kwi 2007, 19:33
przez KAaDEeL 05 Kwi 2007, 19:33
Logfile of HijackThis v1.99.1
Scan saved at 19:20:22, on 2007-04-05
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\cFosSpeed\spd.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Wapster\AQQ\AQQ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\eMule\emule.exe
C:\Downloads\hijackthis_199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O1 - Hosts: 195.122.131.3 dl1l32.rapidshare.com
O1 - Hosts: 195.122.131.3 dl1cg.rapidshare.com
O1 - Hosts: 195.122.131.3 dl1cg2.rapidshare.com
O1 - Hosts: 195.122.131.3 dl1tl.rapidshare.com
O1 - Hosts: 195.122.131.3 dl1tl2.rapidshare.com
O1 - Hosts: 195.122.131.5 dl2l32.rapidshare.com
O1 - Hosts: 195.122.131.5 dl2cg.rapidshare.com
O1 - Hosts: 195.122.131.5 dl2cg2.rapidshare.com
O1 - Hosts: 195.122.131.5 dl2tl.rapidshare.com
O1 - Hosts: 195.122.131.5 dl2tl2.rapidshare.com
O1 - Hosts: 195.122.131.7 dl3l32.rapidshare.com
O1 - Hosts: 195.122.131.7 dl3cg.rapidshare.com
O1 - Hosts: 195.122.131.7 dl3cg2.rapidshare.com
O1 - Hosts: 195.122.131.7 dl3tl.rapidshare.com
O1 - Hosts: 195.122.131.7 dl3tl2.rapidshare.com
O1 - Hosts: 195.122.131.9 dl4l32.rapidshare.com
O1 - Hosts: 195.122.131.9 dl4cg.rapidshare.com
O1 - Hosts: 195.122.131.9 dl4cg2.rapidshare.com
O1 - Hosts: 195.122.131.9 dl4tl.rapidshare.com
O1 - Hosts: 195.122.131.9 dl4tl2.rapidshare.com
O1 - Hosts: 195.122.131.11 dl5l32.rapidshare.com
O1 - Hosts: 195.122.131.11 dl5cg.rapidshare.com
O1 - Hosts: 195.122.131.11 dl5cg2.rapidshare.com
O1 - Hosts: 195.122.131.11 dl5tl.rapidshare.com
O1 - Hosts: 195.122.131.11 dl5tl2.rapidshare.com
O1 - Hosts: 195.122.131.13 dl6l32.rapidshare.com
O1 - Hosts: 195.122.131.13 dl6cg.rapidshare.com
O1 - Hosts: 195.122.131.13 dl6cg2.rapidshare.com
O1 - Hosts: 195.122.131.13 dl6tl.rapidshare.com
O1 - Hosts: 195.122.131.13 dl6tl2.rapidshare.com
O1 - Hosts: 195.122.131.15 dl7l32.rapidshare.com
O1 - Hosts: 195.122.131.15 dl7cg.rapidshare.com
O1 - Hosts: 195.122.131.15 dl7cg2.rapidshare.com
O1 - Hosts: 195.122.131.15 dl7tl.rapidshare.com
O1 - Hosts: 195.122.131.15 dl7tl2.rapidshare.com
O1 - Hosts: 195.122.131.17 dl8l32.rapidshare.com
O1 - Hosts: 195.122.131.17 dl8cg.rapidshare.com
O1 - Hosts: 195.122.131.17 dl8cg2.rapidshare.com
O1 - Hosts: 195.122.131.17 dl8tl.rapidshare.com
O1 - Hosts: 195.122.131.17 dl8tl2.rapidshare.com
O1 - Hosts: 195.122.131.19 dl9l32.rapidshare.com
O1 - Hosts: 195.122.131.19 dl9cg.rapidshare.com
O1 - Hosts: 195.122.131.19 dl9cg2.rapidshare.com
O1 - Hosts: 195.122.131.19 dl9tl.rapidshare.com
O1 - Hosts: 195.122.131.19 dl9tl2.rapidshare.com
O1 - Hosts: 195.122.131.21 dl10l32.rapidshare.com
O1 - Hosts: 195.122.131.21 dl10cg.rapidshare.com
O1 - Hosts: 195.122.131.21 dl10cg2.rapidshare.com
O1 - Hosts: 195.122.131.21 dl10tl.rapidshare.com
O1 - Hosts: 195.122.131.21 dl10tl2.rapidshare.com
O1 - Hosts: 195.122.131.23 dl11l32.rapidshare.com
O1 - Hosts: 195.122.131.23 dl11cg.rapidshare.com
O1 - Hosts: 195.122.131.23 dl11cg2.rapidshare.com
O1 - Hosts: 195.122.131.23 dl11tl.rapidshare.com
O1 - Hosts: 195.122.131.23 dl11tl2.rapidshare.com
O1 - Hosts: 195.122.131.25 dl12l32.rapidshare.com
O1 - Hosts: 195.122.131.25 dl12cg.rapidshare.com
O1 - Hosts: 195.122.131.25 dl12cg2.rapidshare.com
O1 - Hosts: 195.122.131.25 dl12tl.rapidshare.com
O1 - Hosts: 195.122.131.25 dl12tl2.rapidshare.com
O1 - Hosts: 195.122.131.27 dl13l32.rapidshare.com
O1 - Hosts: 195.122.131.27 dl13cg.rapidshare.com
O1 - Hosts: 195.122.131.27 dl13cg2.rapidshare.com
O1 - Hosts: 195.122.131.27 dl13tl.rapidshare.com
O1 - Hosts: 195.122.131.27 dl13tl2.rapidshare.com
O1 - Hosts: 195.122.131.29 dl14l32.rapidshare.com
O1 - Hosts: 195.122.131.29 dl14cg.rapidshare.com
O1 - Hosts: 195.122.131.29 dl14cg2.rapidshare.com
O1 - Hosts: 195.122.131.29 dl14tl.rapidshare.com
O1 - Hosts: 195.122.131.29 dl14tl2.rapidshare.com
O1 - Hosts: 195.122.131.31 dl15l32.rapidshare.com
O1 - Hosts: 195.122.131.31 dl15cg.rapidshare.com
O1 - Hosts: 195.122.131.31 dl15cg2.rapidshare.com
O1 - Hosts: 195.122.131.31 dl15tl.rapidshare.com
O1 - Hosts: 195.122.131.31 dl15tl2.rapidshare.com
O1 - Hosts: 195.122.131.33 dl16l32.rapidshare.com
O1 - Hosts: 195.122.131.33 dl16cg.rapidshare.com
O1 - Hosts: 195.122.131.33 dl16cg2.rapidshare.com
O1 - Hosts: 195.122.131.33 dl16tl.rapidshare.com
O1 - Hosts: 195.122.131.33 dl16tl2.rapidshare.com
O1 - Hosts: 195.122.131.35 dl17l32.rapidshare.com
O1 - Hosts: 195.122.131.35 dl17cg.rapidshare.com
O1 - Hosts: 195.122.131.35 dl17cg2.rapidshare.com
O1 - Hosts: 195.122.131.35 dl17tl.rapidshare.com
O1 - Hosts: 195.122.131.35 dl17tl2.rapidshare.com
O1 - Hosts: 195.122.131.37 dl18l32.rapidshare.com
O1 - Hosts: 195.122.131.37 dl18cg.rapidshare.com
O1 - Hosts: 195.122.131.37 dl18cg2.rapidshare.com
O1 - Hosts: 195.122.131.37 dl18tl.rapidshare.com
O1 - Hosts: 195.122.131.37 dl18tl2.rapidshare.com
O1 - Hosts: 195.122.131.39 dl19l32.rapidshare.com
O1 - Hosts: 195.122.131.39 dl19cg.rapidshare.com
O1 - Hosts: 195.122.131.39 dl19cg2.rapidshare.com
O1 - Hosts: 195.122.131.39 dl19tl.rapidshare.com
O1 - Hosts: 195.122.131.39 dl19tl2.rapidshare.com
O1 - Hosts: 195.122.131.41 dl20l32.rapidshare.com
O1 - Hosts: 195.122.131.41 dl20cg.rapidshare.com
O1 - Hosts: 195.122.131.41 dl20cg2.rapidshare.com
O1 - Hosts: 195.122.131.41 dl20tl.rapidshare.com
O1 - Hosts: 195.122.131.41 dl20tl2.rapidshare.com
O1 - Hosts: 195.122.131.43 dl21l32.rapidshare.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {E41787A6-F741-4E8D-BA3E-8346047AD023} - C:\WINDOWS\system32\cryptexu.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [Office SturtUp] C:\WINDOWS\osa9.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpeedX] C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Internet ADSL.lnk = ?
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D85B6C37-247F-41EF-817A-D6FE11B0E2F5}: NameServer = 194.204.152.34 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
MUTOPOMPKA napisał(a):REGSRV32 -u C:\windows\system32\hhctrl.ocx
restartnij kompa i popatrz, co się będzie działo.
Jeśli odpali się cacy wpisz w uruchom:
regsrv c:\windows\system32\hhctrl.ocx
przez Okocza 05 Kwi 2007, 19:37
przez KAaDEeL 05 Kwi 2007, 19:40
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"SpeedX" = "C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe" ["MyPortal.pl"]
"PowerBar" = "(empty string)" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]
"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS]
"itype" = ""c:\Program Files\Microsoft IntelliType Pro\itype.exe"" [MS]
"WheelMouse" = "C:\Program Files\A4Tech\Mouse\Amoumain.exe" ["A4Tech Co., Ltd."]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"cFosSpeed" = "C:\Program Files\cFosSpeed\cFosSpeed.exe" ["cFos Software GmbH"]
"Office SturtUp" = "C:\WINDOWS\osa9.exe" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Flashget Catch Url Class"
\InProcServer32\(Default) = "C:\Program Files\FlashGet\jccatch.dll" ["www.flashget.com"]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"
-> {HKLM...CLSID} = "BitComet Helper"
\InProcServer32\(Default) = "C:\Program Files\BitComet\tools\BitCometBHO.dll" ["BitComet"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]
{E41787A6-F741-4E8D-BA3E-8346047AD023}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\cryptexu.dll" [null data]
{F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided)
-> {HKLM...CLSID} = "gFlash Class"
\InProcServer32\(Default) = "C:\Program Files\FlashGet\getflash.dll" [empty string]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1825D0FA-5B0C-4e20-A929-3EFD15B6DF71}" = "IntelliType Pro Touchpad Control Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Touchpad Control Property Page"
\InProcServer32\(Default) = ""c:\Program Files\Microsoft IntelliType Pro\itcpltp.dll"" [MS]
przez Okocza 05 Kwi 2007, 19:41
bedziesz miał komunikat
przez KAaDEeL 05 Kwi 2007, 19:41
kahoona napisał(a):http://forum.programosy.pl/rthdcplexe-nieprawidowa-relokacja-biblioteki-dll-systemu-vt71613.html
poczekaj niech się wygeneruje do końca Rolling Eyes bedziesz miał komunikat
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"SpeedX" = "C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe" ["MyPortal.pl"]
"PowerBar" = "(empty string)" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]
"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS]
"itype" = ""c:\Program Files\Microsoft IntelliType Pro\itype.exe"" [MS]
"WheelMouse" = "C:\Program Files\A4Tech\Mouse\Amoumain.exe" ["A4Tech Co., Ltd."]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"cFosSpeed" = "C:\Program Files\cFosSpeed\cFosSpeed.exe" ["cFos Software GmbH"]
"Office SturtUp" = "C:\WINDOWS\osa9.exe" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Flashget Catch Url Class"
\InProcServer32\(Default) = "C:\Program Files\FlashGet\jccatch.dll" ["www.flashget.com"]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"
-> {HKLM...CLSID} = "BitComet Helper"
\InProcServer32\(Default) = "C:\Program Files\BitComet\tools\BitCometBHO.dll" ["BitComet"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]
{E41787A6-F741-4E8D-BA3E-8346047AD023}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\cryptexu.dll" [null data]
{F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided)
-> {HKLM...CLSID} = "gFlash Class"
\InProcServer32\(Default) = "C:\Program Files\FlashGet\getflash.dll" [empty string]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1825D0FA-5B0C-4e20-A929-3EFD15B6DF71}" = "IntelliType Pro Touchpad Control Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Touchpad Control Property Page"
\InProcServer32\(Default) = ""c:\Program Files\Microsoft IntelliType Pro\itcpltp.dll"" [MS]
"{A2569D1F-4E06-43EC-9825-0088B471BE47}" = "IntelliType Pro Wireless Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Wireless Control Panel Property Page"
\InProcServer32\(Default) = ""c:\Program Files\Microsoft IntelliType Pro\itcplwir.dll"" [MS]
"{97FA8AA2-EE77-4FF2-9449-424D8924EF21}" = "IntelliType Pro Zooming Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Zooming Property Page"
\InProcServer32\(Default) = ""c:\Program Files\Microsoft IntelliType Pro\itcplzm.dll"" [MS]
"{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB}" = "IntelliType Pro Scrolling Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Scrolling Property Page"
\InProcServer32\(Default) = ""c:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll"" [MS]
"{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2}" = "IntelliType Pro Key Settings Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Key Settings Property Page"
\InProcServer32\(Default) = ""c:\Program Files\Microsoft IntelliType Pro\itcplkey.dll"" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\rpshell.dll" ["RealNetworks, Inc."]
"{70B28949-EC23-4D00-A411-AD8A1B3A8A5A}" = "awxDTools - ContextMenu ShellExtension"
-> {HKLM...CLSID} = "awxDTShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\DAEMON Tools\awxDTools.dll" ["arniWORX"]
"{7A5117B0-B594-4DA8-829D-D15BF11996F2}" = "awxDTools - ColumnHandler ShellExtension"
-> {HKLM...CLSID} = "awxDTColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\DAEMON Tools\awxDTools.dll" ["arniWORX"]
"{D7C3180D-83AA-464B-9154-6BD0B4E34FBD}" = "awxDTools - PropertySheetHandler ShellExtension"
-> {HKLM...CLSID} = "awxDToolsPropSheet Class"
\InProcServer32\(Default) = "C:\Program Files\DAEMON Tools\awxDTools.dll" ["arniWORX"]
"{A5110426-177D-4e08-AB3F-785F10B4439C}" = "Sony Ericsson File Manager"
-> {HKLM...CLSID} = "Sony Ericsson File Manager"
\InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll" ["Sony Ericsson Mobile Communications AB"]
"{acb4a560-3606-11d3-aef4-00104bd0f92d}" = "KodakShellExtension"
-> {HKLM...CLSID} = "KodakShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\KODAK\IFSCore\kodakshx.dll" ["Eastman Kodak Company"]
"{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
"{453D1B6D-BD6A-4FA1-B876-9E4DD848D434}" = "AQQ File Transfer Shell Extension"
-> {HKLM...CLSID} = "AQQ File Transfer Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\Wapster\AQQ\System\AQQSHE~1.DLL" [null data]
HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7A5117B0-B594-4DA8-829D-D15BF11996F2}\(Default) = "awxDTools - ColumnHandler"
-> {HKLM...CLSID} = "awxDTColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\DAEMON Tools\awxDTools.dll" ["arniWORX"]
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AQQFileTransfer\(Default) = "{453D1B6D-BD6A-4FA1-B876-9E4DD848D434}"
-> {HKLM...CLSID} = "AQQ File Transfer Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\Wapster\AQQ\System\AQQSHE~1.DLL" [null data]
PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
FineReader8\(Default) = "{F7091C74-EBB1-49D7-94C7-FE4886CCC18D}"
-> {HKLM...CLSID} = "FineReader8ExplorerContextMenuHandler"
\InProcServer32\(Default) = "C:\Program Files\ABBYY FineReader 8.0 Professional Edition\FECMenu.dll" ["ABBYY Software"]
PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\KAaDEeL®\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Startup items in "KAaDEeL®" & "All Users" startup folders:
----------------------------------------------------------
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe" [empty string]
"Internet ADSL" -> shortcut to: "" [file not found]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 18
%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet"
-> {HKLM...CLSID} = "FlashGet"
\InProcServer32\(Default) = "C:\Program Files\FlashGet\fgiebar.dll" ["Amaze Soft"]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{175556B1-4D91-4E9A-9C4B-D6888D5DEE6C}\(Default) = "&Ramka Tłumaczenia"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll" ["Techland"]
HKLM\Software\Classes\CLSID\{D553F157-2AB0-4B46-98D2-7BA7CA418491}\(Default) = "&Słownik Podręczny"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll" ["Techland"]
HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.5.0_10"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_10"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll" ["Sun Microsystems, Inc."]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Badanie"
{B46B0919-62BA-4D99-A5C4-916B57A6805C}\
"MenuText" = "@C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103"
"CLSIDExtension" = "{B46B0919-62BA-4D99-A5C4-916B57A6805C}"
-> {HKLM...CLSID} = "InternetTranslatorProperties Class"
\InProcServer32\(Default) = "C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll" ["Techland"]
{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "FlashGet"
"Exec" = "C:\PROGRA~1\FlashGet\flashget.exe" ["FlashGet.com"]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
HOSTS file
----------
C:\WINDOWS\System32\drivers\etc\HOSTS
maps: 2385 domain names to IP addresses,
595 of the IP addresses are *not* localhost!
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
cFosSpeed System Service, cFosSpeedS, ""C:\Program Files\cFosSpeed\spd.exe" -service" ["cFos Software GmbH"]
Cyberlink RichVideo Service(CRVS), RichVideo, ""C:\Program Files\CyberLink\Shared Files\RichVideo.exe"" [empty string]
Kodak Camera Connection Software, KodakCCS, "C:\WINDOWS\system32\drivers\KodakCCS.exe" ["Eastman Kodak Company"]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
kahoona napisał(a):http://forum.programosy.pl/rthdcplexe-nieprawidowa-relokacja-biblioteki-dll-systemu-vt71613.html
przez wojtas 05 Kwi 2007, 20:15
O1 - Hosts: 195.122.131.3 dl1l32.rapidshare.com
O1 - Hosts: 195.122.131.3 dl1cg.rapidshare.com
O1 - Hosts: 195.122.131.3 dl1cg2.rapidshare.com
O1 - Hosts: 195.122.131.3 dl1tl.rapidshare.com
O1 - Hosts: 195.122.131.3 dl1tl2.rapidshare.com
O1 - Hosts: 195.122.131.5 dl2l32.rapidshare.com
O1 - Hosts: 195.122.131.5 dl2cg.rapidshare.com
O1 - Hosts: 195.122.131.5 dl2cg2.rapidshare.com
O1 - Hosts: 195.122.131.5 dl2tl.rapidshare.com
O1 - Hosts: 195.122.131.5 dl2tl2.rapidshare.com
O1 - Hosts: 195.122.131.7 dl3l32.rapidshare.com
O1 - Hosts: 195.122.131.7 dl3cg.rapidshare.com
O1 - Hosts: 195.122.131.7 dl3cg2.rapidshare.com
O1 - Hosts: 195.122.131.7 dl3tl.rapidshare.com
O1 - Hosts: 195.122.131.7 dl3tl2.rapidshare.com
O1 - Hosts: 195.122.131.9 dl4l32.rapidshare.com
O1 - Hosts: 195.122.131.9 dl4cg.rapidshare.com
O1 - Hosts: 195.122.131.9 dl4cg2.rapidshare.com
O1 - Hosts: 195.122.131.9 dl4tl.rapidshare.com
O1 - Hosts: 195.122.131.9 dl4tl2.rapidshare.com
O1 - Hosts: 195.122.131.11 dl5l32.rapidshare.com
O1 - Hosts: 195.122.131.11 dl5cg.rapidshare.com
O1 - Hosts: 195.122.131.11 dl5cg2.rapidshare.com
O1 - Hosts: 195.122.131.11 dl5tl.rapidshare.com
O1 - Hosts: 195.122.131.11 dl5tl2.rapidshare.com
O1 - Hosts: 195.122.131.13 dl6l32.rapidshare.com
O1 - Hosts: 195.122.131.13 dl6cg.rapidshare.com
O1 - Hosts: 195.122.131.13 dl6cg2.rapidshare.com
O1 - Hosts: 195.122.131.13 dl6tl.rapidshare.com
O1 - Hosts: 195.122.131.13 dl6tl2.rapidshare.com
O1 - Hosts: 195.122.131.15 dl7l32.rapidshare.com
O1 - Hosts: 195.122.131.15 dl7cg.rapidshare.com
O1 - Hosts: 195.122.131.15 dl7cg2.rapidshare.com
O1 - Hosts: 195.122.131.15 dl7tl.rapidshare.com
O1 - Hosts: 195.122.131.15 dl7tl2.rapidshare.com
O1 - Hosts: 195.122.131.17 dl8l32.rapidshare.com
O1 - Hosts: 195.122.131.17 dl8cg.rapidshare.com
O1 - Hosts: 195.122.131.17 dl8cg2.rapidshare.com
O1 - Hosts: 195.122.131.17 dl8tl.rapidshare.com
O1 - Hosts: 195.122.131.17 dl8tl2.rapidshare.com
O1 - Hosts: 195.122.131.19 dl9l32.rapidshare.com
O1 - Hosts: 195.122.131.19 dl9cg.rapidshare.com
O1 - Hosts: 195.122.131.19 dl9cg2.rapidshare.com
O1 - Hosts: 195.122.131.19 dl9tl.rapidshare.com
O1 - Hosts: 195.122.131.19 dl9tl2.rapidshare.com
O1 - Hosts: 195.122.131.21 dl10l32.rapidshare.com
O1 - Hosts: 195.122.131.21 dl10cg.rapidshare.com
O1 - Hosts: 195.122.131.21 dl10cg2.rapidshare.com
O1 - Hosts: 195.122.131.21 dl10tl.rapidshare.com
O1 - Hosts: 195.122.131.21 dl10tl2.rapidshare.com
O1 - Hosts: 195.122.131.23 dl11l32.rapidshare.com
O1 - Hosts: 195.122.131.23 dl11cg.rapidshare.com
O1 - Hosts: 195.122.131.23 dl11cg2.rapidshare.com
O1 - Hosts: 195.122.131.23 dl11tl.rapidshare.com
O1 - Hosts: 195.122.131.23 dl11tl2.rapidshare.com
O1 - Hosts: 195.122.131.25 dl12l32.rapidshare.com
O1 - Hosts: 195.122.131.25 dl12cg.rapidshare.com
O1 - Hosts: 195.122.131.25 dl12cg2.rapidshare.com
O1 - Hosts: 195.122.131.25 dl12tl.rapidshare.com
O1 - Hosts: 195.122.131.25 dl12tl2.rapidshare.com
O1 - Hosts: 195.122.131.27 dl13l32.rapidshare.com
O1 - Hosts: 195.122.131.27 dl13cg.rapidshare.com
O1 - Hosts: 195.122.131.27 dl13cg2.rapidshare.com
O1 - Hosts: 195.122.131.27 dl13tl.rapidshare.com
O1 - Hosts: 195.122.131.27 dl13tl2.rapidshare.com
O1 - Hosts: 195.122.131.29 dl14l32.rapidshare.com
O1 - Hosts: 195.122.131.29 dl14cg.rapidshare.com
O1 - Hosts: 195.122.131.29 dl14cg2.rapidshare.com
O1 - Hosts: 195.122.131.29 dl14tl.rapidshare.com
O1 - Hosts: 195.122.131.29 dl14tl2.rapidshare.com
O1 - Hosts: 195.122.131.31 dl15l32.rapidshare.com
O1 - Hosts: 195.122.131.31 dl15cg.rapidshare.com
O1 - Hosts: 195.122.131.31 dl15cg2.rapidshare.com
O1 - Hosts: 195.122.131.31 dl15tl.rapidshare.com
O1 - Hosts: 195.122.131.31 dl15tl2.rapidshare.com
O1 - Hosts: 195.122.131.33 dl16l32.rapidshare.com
O1 - Hosts: 195.122.131.33 dl16cg.rapidshare.com
O1 - Hosts: 195.122.131.33 dl16cg2.rapidshare.com
O1 - Hosts: 195.122.131.33 dl16tl.rapidshare.com
O1 - Hosts: 195.122.131.33 dl16tl2.rapidshare.com
O1 - Hosts: 195.122.131.35 dl17l32.rapidshare.com
O1 - Hosts: 195.122.131.35 dl17cg.rapidshare.com
O1 - Hosts: 195.122.131.35 dl17cg2.rapidshare.com
O1 - Hosts: 195.122.131.35 dl17tl.rapidshare.com
O1 - Hosts: 195.122.131.35 dl17tl2.rapidshare.com
O1 - Hosts: 195.122.131.37 dl18l32.rapidshare.com
O1 - Hosts: 195.122.131.37 dl18cg.rapidshare.com
O1 - Hosts: 195.122.131.37 dl18cg2.rapidshare.com
O1 - Hosts: 195.122.131.37 dl18tl.rapidshare.com
O1 - Hosts: 195.122.131.37 dl18tl2.rapidshare.com
O1 - Hosts: 195.122.131.39 dl19l32.rapidshare.com
O1 - Hosts: 195.122.131.39 dl19cg.rapidshare.com
O1 - Hosts: 195.122.131.39 dl19cg2.rapidshare.com
O1 - Hosts: 195.122.131.39 dl19tl.rapidshare.com
O1 - Hosts: 195.122.131.39 dl19tl2.rapidshare.com
O1 - Hosts: 195.122.131.41 dl20l32.rapidshare.com
O1 - Hosts: 195.122.131.41 dl20cg.rapidshare.com
O1 - Hosts: 195.122.131.41 dl20cg2.rapidshare.com
O1 - Hosts: 195.122.131.41 dl20tl.rapidshare.com
O1 - Hosts: 195.122.131.41 dl20tl2.rapidshare.com
O1 - Hosts: 195.122.131.43 dl21l32.rapidshare.com
przez Okocza 05 Kwi 2007, 20:21
przez KAaDEeL 06 Kwi 2007, 10:03
Logfile of HijackThis v1.99.1
Scan saved at 09:52:30, on 2007-04-06
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\cFosSpeed\spd.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Wapster\AQQ\AQQ.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\mmc.exe
C:\Downloads\hijackthis_199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O1 - Hosts: 195.122.131.3 dl1l32.rapidshare.com
O1 - Hosts: 195.122.131.3 dl1cg.rapidshare.com
O1 - Hosts: 195.122.131.3 dl1cg2.rapidshare.com
O1 - Hosts: 195.122.131.3 dl1tl.rapidshare.com
O1 - Hosts: 195.122.131.3 dl1tl2.rapidshare.com
O1 - Hosts: 195.122.131.5 dl2l32.rapidshare.com
O1 - Hosts: 195.122.131.5 dl2cg.rapidshare.com
O1 - Hosts: 195.122.131.5 dl2cg2.rapidshare.com
O1 - Hosts: 195.122.131.5 dl2tl.rapidshare.com
O1 - Hosts: 195.122.131.5 dl2tl2.rapidshare.com
O1 - Hosts: 195.122.131.7 dl3l32.rapidshare.com
O1 - Hosts: 195.122.131.7 dl3cg.rapidshare.com
O1 - Hosts: 195.122.131.7 dl3cg2.rapidshare.com
O1 - Hosts: 195.122.131.7 dl3tl.rapidshare.com
O1 - Hosts: 195.122.131.7 dl3tl2.rapidshare.com
O1 - Hosts: 195.122.131.9 dl4l32.rapidshare.com
O1 - Hosts: 195.122.131.9 dl4cg.rapidshare.com
O1 - Hosts: 195.122.131.9 dl4cg2.rapidshare.com
O1 - Hosts: 195.122.131.9 dl4tl.rapidshare.com
O1 - Hosts: 195.122.131.9 dl4tl2.rapidshare.com
O1 - Hosts: 195.122.131.11 dl5l32.rapidshare.com
O1 - Hosts: 195.122.131.11 dl5cg.rapidshare.com
O1 - Hosts: 195.122.131.11 dl5cg2.rapidshare.com
O1 - Hosts: 195.122.131.11 dl5tl.rapidshare.com
O1 - Hosts: 195.122.131.11 dl5tl2.rapidshare.com
O1 - Hosts: 195.122.131.13 dl6l32.rapidshare.com
O1 - Hosts: 195.122.131.13 dl6cg.rapidshare.com
O1 - Hosts: 195.122.131.13 dl6cg2.rapidshare.com
O1 - Hosts: 195.122.131.13 dl6tl.rapidshare.com
O1 - Hosts: 195.122.131.13 dl6tl2.rapidshare.com
O1 - Hosts: 195.122.131.15 dl7l32.rapidshare.com
O1 - Hosts: 195.122.131.15 dl7cg.rapidshare.com
O1 - Hosts: 195.122.131.15 dl7cg2.rapidshare.com
O1 - Hosts: 195.122.131.15 dl7tl.rapidshare.com
O1 - Hosts: 195.122.131.15 dl7tl2.rapidshare.com
O1 - Hosts: 195.122.131.17 dl8l32.rapidshare.com
O1 - Hosts: 195.122.131.17 dl8cg.rapidshare.com
O1 - Hosts: 195.122.131.17 dl8cg2.rapidshare.com
O1 - Hosts: 195.122.131.17 dl8tl.rapidshare.com
O1 - Hosts: 195.122.131.17 dl8tl2.rapidshare.com
O1 - Hosts: 195.122.131.19 dl9l32.rapidshare.com
O1 - Hosts: 195.122.131.19 dl9cg.rapidshare.com
O1 - Hosts: 195.122.131.19 dl9cg2.rapidshare.com
O1 - Hosts: 195.122.131.19 dl9tl.rapidshare.com
O1 - Hosts: 195.122.131.19 dl9tl2.rapidshare.com
O1 - Hosts: 195.122.131.21 dl10l32.rapidshare.com
O1 - Hosts: 195.122.131.21 dl10cg.rapidshare.com
O1 - Hosts: 195.122.131.21 dl10cg2.rapidshare.com
O1 - Hosts: 195.122.131.21 dl10tl.rapidshare.com
O1 - Hosts: 195.122.131.21 dl10tl2.rapidshare.com
O1 - Hosts: 195.122.131.23 dl11l32.rapidshare.com
O1 - Hosts: 195.122.131.23 dl11cg.rapidshare.com
O1 - Hosts: 195.122.131.23 dl11cg2.rapidshare.com
O1 - Hosts: 195.122.131.23 dl11tl.rapidshare.com
O1 - Hosts: 195.122.131.23 dl11tl2.rapidshare.com
O1 - Hosts: 195.122.131.25 dl12l32.rapidshare.com
O1 - Hosts: 195.122.131.25 dl12cg.rapidshare.com
O1 - Hosts: 195.122.131.25 dl12cg2.rapidshare.com
O1 - Hosts: 195.122.131.25 dl12tl.rapidshare.com
O1 - Hosts: 195.122.131.25 dl12tl2.rapidshare.com
O1 - Hosts: 195.122.131.27 dl13l32.rapidshare.com
O1 - Hosts: 195.122.131.27 dl13cg.rapidshare.com
O1 - Hosts: 195.122.131.27 dl13cg2.rapidshare.com
O1 - Hosts: 195.122.131.27 dl13tl.rapidshare.com
O1 - Hosts: 195.122.131.27 dl13tl2.rapidshare.com
O1 - Hosts: 195.122.131.29 dl14l32.rapidshare.com
O1 - Hosts: 195.122.131.29 dl14cg.rapidshare.com
O1 - Hosts: 195.122.131.29 dl14cg2.rapidshare.com
O1 - Hosts: 195.122.131.29 dl14tl.rapidshare.com
O1 - Hosts: 195.122.131.29 dl14tl2.rapidshare.com
O1 - Hosts: 195.122.131.31 dl15l32.rapidshare.com
O1 - Hosts: 195.122.131.31 dl15cg.rapidshare.com
O1 - Hosts: 195.122.131.31 dl15cg2.rapidshare.com
O1 - Hosts: 195.122.131.31 dl15tl.rapidshare.com
O1 - Hosts: 195.122.131.31 dl15tl2.rapidshare.com
O1 - Hosts: 195.122.131.33 dl16l32.rapidshare.com
O1 - Hosts: 195.122.131.33 dl16cg.rapidshare.com
O1 - Hosts: 195.122.131.33 dl16cg2.rapidshare.com
O1 - Hosts: 195.122.131.33 dl16tl.rapidshare.com
O1 - Hosts: 195.122.131.33 dl16tl2.rapidshare.com
O1 - Hosts: 195.122.131.35 dl17l32.rapidshare.com
O1 - Hosts: 195.122.131.35 dl17cg.rapidshare.com
O1 - Hosts: 195.122.131.35 dl17cg2.rapidshare.com
O1 - Hosts: 195.122.131.35 dl17tl.rapidshare.com
O1 - Hosts: 195.122.131.35 dl17tl2.rapidshare.com
O1 - Hosts: 195.122.131.37 dl18l32.rapidshare.com
O1 - Hosts: 195.122.131.37 dl18cg.rapidshare.com
O1 - Hosts: 195.122.131.37 dl18cg2.rapidshare.com
O1 - Hosts: 195.122.131.37 dl18tl.rapidshare.com
O1 - Hosts: 195.122.131.37 dl18tl2.rapidshare.com
O1 - Hosts: 195.122.131.39 dl19l32.rapidshare.com
O1 - Hosts: 195.122.131.39 dl19cg.rapidshare.com
O1 - Hosts: 195.122.131.39 dl19cg2.rapidshare.com
O1 - Hosts: 195.122.131.39 dl19tl.rapidshare.com
O1 - Hosts: 195.122.131.39 dl19tl2.rapidshare.com
O1 - Hosts: 195.122.131.41 dl20l32.rapidshare.com
O1 - Hosts: 195.122.131.41 dl20cg.rapidshare.com
O1 - Hosts: 195.122.131.41 dl20cg2.rapidshare.com
O1 - Hosts: 195.122.131.41 dl20tl.rapidshare.com
O1 - Hosts: 195.122.131.41 dl20tl2.rapidshare.com
O1 - Hosts: 195.122.131.43 dl21l32.rapidshare.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {E41787A6-F741-4E8D-BA3E-8346047AD023} - C:\WINDOWS\system32\cryptexu.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [Office SturtUp] C:\WINDOWS\osa9.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpeedX] C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe
O4 - Startup: Internet ADSL.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Internet ADSL.lnk = ?
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D85B6C37-247F-41EF-817A-D6FE11B0E2F5}: NameServer = 194.204.152.34 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"SpeedX" = "C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe" ["MyPortal.pl"]
"PowerBar" = "(empty string)" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]
"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS]
"itype" = ""c:\Program Files\Microsoft IntelliType Pro\itype.exe"" [MS]
"WheelMouse" = "C:\Program Files\A4Tech\Mouse\Amoumain.exe" ["A4Tech Co., Ltd."]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"cFosSpeed" = "C:\Program Files\cFosSpeed\cFosSpeed.exe" ["cFos Software GmbH"]
"Office SturtUp" = "C:\WINDOWS\osa9.exe" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Flashget Catch Url Class"
\InProcServer32\(Default) = "C:\Program Files\FlashGet\jccatch.dll" ["www.flashget.com"]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"
-> {HKLM...CLSID} = "BitComet Helper"
\InProcServer32\(Default) = "C:\Program Files\BitComet\tools\BitCometBHO.dll" ["BitComet"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]
{E41787A6-F741-4E8D-BA3E-8346047AD023}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\cryptexu.dll" [null data]
{F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided)
-> {HKLM...CLSID} = "gFlash Class"
\InProcServer32\(Default) = "C:\Program Files\FlashGet\getflash.dll" [empty string]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1825D0FA-5B0C-4e20-A929-3EFD15B6DF71}" = "IntelliType Pro Touchpad Control Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Touchpad Control Property Page"
\InProcServer32\(Default) = ""c:\Program Files\Microsoft IntelliType Pro\itcpltp.dll"" [MS]
"{A2569D1F-4E06-43EC-9825-0088B471BE47}" = "IntelliType Pro Wireless Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Wireless Control Panel Property Page"
\InProcServer32\(Default) = ""c:\Program Files\Microsoft IntelliType Pro\itcplwir.dll"" [MS]
"{97FA8AA2-EE77-4FF2-9449-424D8924EF21}" = "IntelliType Pro Zooming Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Zooming Property Page"
\InProcServer32\(Default) = ""c:\Program Files\Microsoft IntelliType Pro\itcplzm.dll"" [MS]
"{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB}" = "IntelliType Pro Scrolling Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Scrolling Property Page"
\InProcServer32\(Default) = ""c:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll"" [MS]
"{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2}" = "IntelliType Pro Key Settings Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Key Settings Property Page"
\InProcServer32\(Default) = ""c:\Program Files\Microsoft IntelliType Pro\itcplkey.dll"" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\rpshell.dll" ["RealNetworks, Inc."]
"{70B28949-EC23-4D00-A411-AD8A1B3A8A5A}" = "awxDTools - ContextMenu ShellExtension"
-> {HKLM...CLSID} = "awxDTShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\DAEMON Tools\awxDTools.dll" ["arniWORX"]
"{7A5117B0-B594-4DA8-829D-D15BF11996F2}" = "awxDTools - ColumnHandler ShellExtension"
-> {HKLM...CLSID} = "awxDTColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\DAEMON Tools\awxDTools.dll" ["arniWORX"]
"{D7C3180D-83AA-464B-9154-6BD0B4E34FBD}" = "awxDTools - PropertySheetHandler ShellExtension"
-> {HKLM...CLSID} = "awxDToolsPropSheet Class"
\InProcServer32\(Default) = "C:\Program Files\DAEMON Tools\awxDTools.dll" ["arniWORX"]
"{A5110426-177D-4e08-AB3F-785F10B4439C}" = "Sony Ericsson File Manager"
-> {HKLM...CLSID} = "Sony Ericsson File Manager"
\InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll" ["Sony Ericsson Mobile Communications AB"]
"{acb4a560-3606-11d3-aef4-00104bd0f92d}" = "KodakShellExtension"
-> {HKLM...CLSID} = "KodakShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\KODAK\IFSCore\kodakshx.dll" ["Eastman Kodak Company"]
"{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
"{453D1B6D-BD6A-4FA1-B876-9E4DD848D434}" = "AQQ File Transfer Shell Extension"
-> {HKLM...CLSID} = "AQQ File Transfer Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\Wapster\AQQ\System\AQQSHE~1.DLL" [null data]
HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7A5117B0-B594-4DA8-829D-D15BF11996F2}\(Default) = "awxDTools - ColumnHandler"
-> {HKLM...CLSID} = "awxDTColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\DAEMON Tools\awxDTools.dll" ["arniWORX"]
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AQQFileTransfer\(Default) = "{453D1B6D-BD6A-4FA1-B876-9E4DD848D434}"
-> {HKLM...CLSID} = "AQQ File Transfer Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\Wapster\AQQ\System\AQQSHE~1.DLL" [null data]
PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
FineReader8\(Default) = "{F7091C74-EBB1-49D7-94C7-FE4886CCC18D}"
-> {HKLM...CLSID} = "FineReader8ExplorerContextMenuHandler"
\InProcServer32\(Default) = "C:\Program Files\ABBYY FineReader 8.0 Professional Edition\FECMenu.dll" ["ABBYY Software"]
PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\KAaDEeL®\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Startup items in "KAaDEeL®" & "All Users" startup folders:
----------------------------------------------------------
C:\Documents and Settings\KAaDEeL®\Menu Start\Programy\Autostart
"Internet ADSL" -> shortcut to: "" [file not found]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe" [empty string]
"Internet ADSL" -> shortcut to: "" [file not found]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 18
%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet"
-> {HKLM...CLSID} = "FlashGet"
\InProcServer32\(Default) = "C:\Program Files\FlashGet\fgiebar.dll" ["Amaze Soft"]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{175556B1-4D91-4E9A-9C4B-D6888D5DEE6C}\(Default) = "&Ramka Tłumaczenia"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll" ["Techland"]
HKLM\Software\Classes\CLSID\{D553F157-2AB0-4B46-98D2-7BA7CA418491}\(Default) = "&Słownik Podręczny"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll" ["Techland"]
HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.5.0_10"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_10"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll" ["Sun Microsystems, Inc."]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Badanie"
{B46B0919-62BA-4D99-A5C4-916B57A6805C}\
"MenuText" = "@C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103"
"CLSIDExtension" = "{B46B0919-62BA-4D99-A5C4-916B57A6805C}"
-> {HKLM...CLSID} = "InternetTranslatorProperties Class"
\InProcServer32\(Default) = "C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll" ["Techland"]
{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "FlashGet"
"Exec" = "C:\PROGRA~1\FlashGet\flashget.exe" ["FlashGet.com"]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
HOSTS file
----------
C:\WINDOWS\System32\drivers\etc\HOSTS
maps: 2385 domain names to IP addresses,
595 of the IP addresses are *not* localhost!
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
cFosSpeed System Service, cFosSpeedS, ""C:\Program Files\cFosSpeed\spd.exe" -service" ["cFos Software GmbH"]
Cyberlink RichVideo Service(CRVS), RichVideo, ""C:\Program Files\CyberLink\Shared Files\RichVideo.exe"" [empty string]
Kodak Camera Connection Software, KodakCCS, "C:\WINDOWS\system32\drivers\KodakCCS.exe" ["Eastman Kodak Company"]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
----------
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 101 seconds.
---------- (total run time: 165 seconds)
przez wojtas 06 Kwi 2007, 10:25
Files to delete:
C:\WINDOWS\system32\cryptexu.dll
C:\WINDOWS\ALCMTR.EXE
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O1 - Hosts: 195.122.131.3 dl1l32.rapidshare.com
O1 - Hosts: 195.122.131.3 dl1cg.rapidshare.com
O1 - Hosts: 195.122.131.3 dl1cg2.rapidshare.com
O1 - Hosts: 195.122.131.3 dl1tl.rapidshare.com
O1 - Hosts: 195.122.131.3 dl1tl2.rapidshare.com
O1 - Hosts: 195.122.131.5 dl2l32.rapidshare.com
O1 - Hosts: 195.122.131.5 dl2cg.rapidshare.com
O1 - Hosts: 195.122.131.5 dl2cg2.rapidshare.com
O1 - Hosts: 195.122.131.5 dl2tl.rapidshare.com
O1 - Hosts: 195.122.131.5 dl2tl2.rapidshare.com
O1 - Hosts: 195.122.131.7 dl3l32.rapidshare.com
O1 - Hosts: 195.122.131.7 dl3cg.rapidshare.com
O1 - Hosts: 195.122.131.7 dl3cg2.rapidshare.com
O1 - Hosts: 195.122.131.7 dl3tl.rapidshare.com
O1 - Hosts: 195.122.131.7 dl3tl2.rapidshare.com
O1 - Hosts: 195.122.131.9 dl4l32.rapidshare.com
O1 - Hosts: 195.122.131.9 dl4cg.rapidshare.com
O1 - Hosts: 195.122.131.9 dl4cg2.rapidshare.com
O1 - Hosts: 195.122.131.9 dl4tl.rapidshare.com
O1 - Hosts: 195.122.131.9 dl4tl2.rapidshare.com
O1 - Hosts: 195.122.131.11 dl5l32.rapidshare.com
O1 - Hosts: 195.122.131.11 dl5cg.rapidshare.com
O1 - Hosts: 195.122.131.11 dl5cg2.rapidshare.com
O1 - Hosts: 195.122.131.11 dl5tl.rapidshare.com
O1 - Hosts: 195.122.131.11 dl5tl2.rapidshare.com
O1 - Hosts: 195.122.131.13 dl6l32.rapidshare.com
O1 - Hosts: 195.122.131.13 dl6cg.rapidshare.com
O1 - Hosts: 195.122.131.13 dl6cg2.rapidshare.com
O1 - Hosts: 195.122.131.13 dl6tl.rapidshare.com
O1 - Hosts: 195.122.131.13 dl6tl2.rapidshare.com
O1 - Hosts: 195.122.131.15 dl7l32.rapidshare.com
O1 - Hosts: 195.122.131.15 dl7cg.rapidshare.com
O1 - Hosts: 195.122.131.15 dl7cg2.rapidshare.com
O1 - Hosts: 195.122.131.15 dl7tl.rapidshare.com
O1 - Hosts: 195.122.131.15 dl7tl2.rapidshare.com
O1 - Hosts: 195.122.131.17 dl8l32.rapidshare.com
O1 - Hosts: 195.122.131.17 dl8cg.rapidshare.com
O1 - Hosts: 195.122.131.17 dl8cg2.rapidshare.com
O1 - Hosts: 195.122.131.17 dl8tl.rapidshare.com
O1 - Hosts: 195.122.131.17 dl8tl2.rapidshare.com
O1 - Hosts: 195.122.131.19 dl9l32.rapidshare.com
O1 - Hosts: 195.122.131.19 dl9cg.rapidshare.com
O1 - Hosts: 195.122.131.19 dl9cg2.rapidshare.com
O1 - Hosts: 195.122.131.19 dl9tl.rapidshare.com
O1 - Hosts: 195.122.131.19 dl9tl2.rapidshare.com
O1 - Hosts: 195.122.131.21 dl10l32.rapidshare.com
O1 - Hosts: 195.122.131.21 dl10cg.rapidshare.com
O1 - Hosts: 195.122.131.21 dl10cg2.rapidshare.com
O1 - Hosts: 195.122.131.21 dl10tl.rapidshare.com
O1 - Hosts: 195.122.131.21 dl10tl2.rapidshare.com
O1 - Hosts: 195.122.131.23 dl11l32.rapidshare.com
O1 - Hosts: 195.122.131.23 dl11cg.rapidshare.com
O1 - Hosts: 195.122.131.23 dl11cg2.rapidshare.com
O1 - Hosts: 195.122.131.23 dl11tl.rapidshare.com
O1 - Hosts: 195.122.131.23 dl11tl2.rapidshare.com
O1 - Hosts: 195.122.131.25 dl12l32.rapidshare.com
O1 - Hosts: 195.122.131.25 dl12cg.rapidshare.com
O1 - Hosts: 195.122.131.25 dl12cg2.rapidshare.com
O1 - Hosts: 195.122.131.25 dl12tl.rapidshare.com
O1 - Hosts: 195.122.131.25 dl12tl2.rapidshare.com
O1 - Hosts: 195.122.131.27 dl13l32.rapidshare.com
O1 - Hosts: 195.122.131.27 dl13cg.rapidshare.com
O1 - Hosts: 195.122.131.27 dl13cg2.rapidshare.com
O1 - Hosts: 195.122.131.27 dl13tl.rapidshare.com
O1 - Hosts: 195.122.131.27 dl13tl2.rapidshare.com
O1 - Hosts: 195.122.131.29 dl14l32.rapidshare.com
O1 - Hosts: 195.122.131.29 dl14cg.rapidshare.com
O1 - Hosts: 195.122.131.29 dl14cg2.rapidshare.com
O1 - Hosts: 195.122.131.29 dl14tl.rapidshare.com
O1 - Hosts: 195.122.131.29 dl14tl2.rapidshare.com
O1 - Hosts: 195.122.131.31 dl15l32.rapidshare.com
O1 - Hosts: 195.122.131.31 dl15cg.rapidshare.com
O1 - Hosts: 195.122.131.31 dl15cg2.rapidshare.com
O1 - Hosts: 195.122.131.31 dl15tl.rapidshare.com
O1 - Hosts: 195.122.131.31 dl15tl2.rapidshare.com
O1 - Hosts: 195.122.131.33 dl16l32.rapidshare.com
O1 - Hosts: 195.122.131.33 dl16cg.rapidshare.com
O1 - Hosts: 195.122.131.33 dl16cg2.rapidshare.com
O1 - Hosts: 195.122.131.33 dl16tl.rapidshare.com
O1 - Hosts: 195.122.131.33 dl16tl2.rapidshare.com
O1 - Hosts: 195.122.131.35 dl17l32.rapidshare.com
O1 - Hosts: 195.122.131.35 dl17cg.rapidshare.com
O1 - Hosts: 195.122.131.35 dl17cg2.rapidshare.com
O1 - Hosts: 195.122.131.35 dl17tl.rapidshare.com
O1 - Hosts: 195.122.131.35 dl17tl2.rapidshare.com
O1 - Hosts: 195.122.131.37 dl18l32.rapidshare.com
O1 - Hosts: 195.122.131.37 dl18cg.rapidshare.com
O1 - Hosts: 195.122.131.37 dl18cg2.rapidshare.com
O1 - Hosts: 195.122.131.37 dl18tl.rapidshare.com
O1 - Hosts: 195.122.131.37 dl18tl2.rapidshare.com
O1 - Hosts: 195.122.131.39 dl19l32.rapidshare.com
O1 - Hosts: 195.122.131.39 dl19cg.rapidshare.com
O1 - Hosts: 195.122.131.39 dl19cg2.rapidshare.com
O1 - Hosts: 195.122.131.39 dl19tl.rapidshare.com
O1 - Hosts: 195.122.131.39 dl19tl2.rapidshare.com
O1 - Hosts: 195.122.131.41 dl20l32.rapidshare.com
O1 - Hosts: 195.122.131.41 dl20cg.rapidshare.com
O1 - Hosts: 195.122.131.41 dl20cg2.rapidshare.com
O1 - Hosts: 195.122.131.41 dl20tl.rapidshare.com
O1 - Hosts: 195.122.131.41 dl20tl2.rapidshare.com
O1 - Hosts: 195.122.131.43 dl21l32.rapidshare.com
O2 - BHO: (no name) - {E41787A6-F741-4E8D-BA3E-8346047AD023} - C:\WINDOWS\system32\cryptexu.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
C:\WINDOWS\osa9.exe
# 102.54.94.97 rhino.acme.com # serwer źródłowy
# 38.25.63.10 x.acme.com # komputer kliencki x
127.0.0.1 localhost
przez KAaDEeL 06 Kwi 2007, 10:35
przez wojtas 06 Kwi 2007, 10:37
przez KAaDEeL 06 Kwi 2007, 11:11
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ygyaodpm
*******************
Script file located at: \??\C:\Program Files\lefmflqo.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\system32\cryptexu.dll deleted successfully.
File C:\WINDOWS\ALCMTR.EXE deleted successfully.
Completed script processing.
*******************
Finished! Terminate
przez wojtas 06 Kwi 2007, 14:22
KAaDEeL napisał(a):przeskanowałem plik osa.exe i sa jakieś tam przeróżności... trojany i itp...
KAaDEeL napisał(a):co dalej...?
wojtas19162 napisał(a):Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum log z comboscana + log z Silent Runners.
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 23 gości