errorsafe

[Altharis]

Używam Mozilli Firefox, ale przy włączaniu komputera, a także podczas używania firefoxa wyskakują mi Internet Explorer'owe okna ErrorSafe'u i okienko z pytaniem czy chce sprawdzić swój system (nie jestem pewna jak to brzmiało, ale pewnie spotkaliście się już z ErrorSafem). Na szczęście nigdy nie kliknęłam akceptacji. Bardzo Was proszę o sprawdzenie log'a i jakiekolwiek dobre rady.

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 22:36:18, on 2007-03-17
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Multimedia Keyboard Driver\PS2USBKbdDrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SystemDoctor 2006 Free\USDR6cw.exe
C:\Program Files\SystemDoctor 2006 Free\dcmon.exe
C:\Program Files\SystemDoctor 2006 Free\pasmon.exe
C:\Program Files\SystemDoctor 2006 Free\sd2006.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\Daria\USTAWI~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Multimedia Keyboard Driver\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\System32\rglquney.dll",setvm
O4 - HKLM\..\Run: [SystemDoctor 2006 Free] C:\Program Files\SystemDoctor 2006 Free\sd2006.exe -scan
O4 - HKLM\..\Run: [dc6_check] C:\Program Files\SystemDoctor 2006 Free\dcmon.exe
O4 - HKLM\..\Run: [USDR6cw] C:\Program Files\SystemDoctor 2006 Free\USDR6cw.exe -c
O4 - HKLM\..\Run: [pas_check] C:\Program Files\SystemDoctor 2006 Free\pasmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office XP PRO\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170087005484
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe



[prog]

Wyłącz przywracnie systemu wejdź w tryb awaryjny.

Więc najpierw wejdź w dodaj/usuń programy i zlikwiduj SystemDoctor 2006 Free (o ile to będzie możliwe - jeżeli nie to mów)
Dalej to nie jest dobrze - jest Vundo
Narazie zastosuj proszę: http://www.atribune.org/ccount/click.php?id=4
i skanuj nim dotąd dopóki nic nie wykryje.

Po zabiegach daj logi z:
- comboscan (http://www.techsupportforum.com/sectools/Deckard/comboscan.exe) Czekaj cierpliwie aż logi się wygenerują.
Logi będą w C:\Comboscan\data\ (2 pliczki). Daj nan comboscan.txt.
- silentrunners (przyklejony topic)

[MISTEJK]

http://www.atribune.org/ccount/click.php?id=4

jeden automat nie wystarczy. zawsze zapuszczamy mase automatów bo vundo to cwany robaczek.

[prog]

Niby prawda Cwany, a cwany - dlatego Altharis nie zwlekaj...

Tu masz inne automaty:
http://securityresponse.symantec.com/avcenter/FixVundo.exe
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

[Altharis]

Dzięki za szybką pomoc, już zabieram do roboty. O, właśnie w mozilli mi w nowym panelu jakiś popup wyskoczył...

[prog]

To zrozumiałe, masz Vundo.
Zastosuj się do tego co napisałem (użyj też innych automatów:

Tu masz inne automaty:
http://securityresponse.symantec.com/avcenter/FixVundo.exe
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

).

[Altharis]

Zastosowałam się do wskazówek, użyłam tych trzech programów w kolejności:

VundoFix - Znalazł jakieś pliki i zostały usunięte

FixVundo - nie znalazł vundo

VirtumundoBeGone - coś chyba usunął, uruchomił ponownie komputer

po tym VundoFix nie znalazł już nic.



Log z ComboScan:

Kod: Zaznacz wszystko

ComboScan v20070306.20 run by Daria on 2007-03-18 at 14:06:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-03-18 13:06:19 UTC - RP1 - Punkt kontrolny systemu


Performed disk cleanup.


-- HijackThis (run as Daria.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 14:07:29, on 2007-03-18
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\WINDOWS\RTHDCPL.EXE
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Multimedia Keyboard Driver\PS2USBKbdDrv.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Daria\Pulpit\comboscan.exe
C:\DOCUME~1\Daria\Pulpit\Daria.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3CBC4AE8-4D8B-476D-A68D-534C7085F039} - C:\WINDOWS\System32\owhphhbv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Multimedia Keyboard Driver\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\System32\rglquney.dll",setvm
O4 - HKLM\..\Run: [pas_check] C:\Program Files\SystemDoctor 2006 Free\pasmon.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office XP PRO\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170087005484
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe


-- File Associations -----------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

2R ElbyCDIO (ElbyCDIO Driver) - C:\WINDOWS\system32\drivers\ElbyCDIO.sys
3R ElbyDelay - C:\WINDOWS\system32\drivers\ElbyDelay.sys
3S GVCplDrv - C:\WINDOWS\system32\drivers\GVCplDrv.sys
3R HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - C:\WINDOWS\system32\drivers\Hdaudbus.sys
3R HidUsb (Sterownik Microsoft klasy HID) - C:\WINDOWS\system32\drivers\hidusb.sys
3S HPZid412 (IEEE-1284.4 Driver HPZid412) - C:\WINDOWS\system32\drivers\HPZid412.sys
3S HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - C:\WINDOWS\system32\drivers\HPZipr12.sys
3S HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - C:\WINDOWS\system32\drivers\HPZius12.sys
3R IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - C:\WINDOWS\system32\drivers\RtkHDAud.sys
1S kbdhid (Sterownik klawiatury HID) - C:\WINDOWS\system32\drivers\kbdhid.sys
3R mouhid (Sterownik myszy HID) - C:\WINDOWS\system32\drivers\mouhid.sys
3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys
3S pcouffin (VSO Software pcouffin) - C:\WINDOWS\system32\drivers\pcouffin.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\PxHelp20.sys
3S usbccgp (Rodzajowy sterownik nadrzędny USB Microsoft) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft) - C:\WINDOWS\system32\drivers\usbehci.sys
3S usbprint (Klasa PRINTER USB Microsoft) - C:\WINDOWS\system32\drivers\usbprint.sys
3S usbscan (Sterownik skanera USB) - C:\WINDOWS\system32\drivers\usbscan.sys
3S USBSTOR (Sterownik magazynu masowego USB) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
3R yukonwxp (NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller) - C:\WINDOWS\system32\drivers\yk51x86.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

3S Adobe LM Service - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
2R LightScribeService (LightScribeService Direct Disc Labeling Service) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2R NVSvc (NVIDIA Display Driver Service) - C:\WINDOWS\System32\nvsvc32.exe
2S Pml Driver HPZ12 - C:\WINDOWS\System32\HPZipm12.exe
3S SCardDrv (Pomocnik karty inteligentnej) - C:\WINDOWS\System32\SCardSvr.exe
2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\System32\wdfmgr.exe
2R uploadmgr (Menedżer przekazywania) - C:\WINDOWS\System32\svchost.exe -k netsvcs


-- Scheduled Tasks -------------------------------------------------------------

2007-03-13 13:19:00       284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>


-- Files created between 2007-02-18 and 2007-03-18 -----------------------------

2007-03-18 12:54:05         0 d-------- C:\VundoFix Backups<VUNDOF~1>
2007-03-18 12:46:49         0 d-------- C:\WINDOWS\pss
2007-03-18 12:19:42    132116 --a------ C:\WINDOWS\System32\owhphhbv.dll
2007-03-13 08:16:18    132116 --a------ C:\WINDOWS\System32\lxchjnit.dll
2007-03-13 08:16:15    123412 --a------ C:\WINDOWS\System32\rglquney.dll
2007-03-13 08:16:15         0 d-------- C:\Program Files\VSAdd-in
2007-03-12 13:51:02         0 d-------- C:\Program Files\Multi_Media<MULTI_~1>
2007-03-11 16:34:13         0 d-------- C:\Program Files\Satsuki Decoder Pack<SATSUK~1>
2007-03-11 16:27:46         0 d-------- C:\Program Files\ffdshow
2007-03-11 16:23:05         0 d-------- C:\WINDOWS\System32\quicktime<QUICKT~1>
2007-03-11 16:23:05         0 d-------- C:\Program Files\NimoCodec Pack<NIMOCO~1>
2007-03-11 16:12:44         0 d-------- C:\Program Files\AVIcodec
2007-03-11 15:58:31    108544 -----n--- C:\WINDOWS\System32\pxcpyi64.exe
2007-03-11 15:58:28         0 d-------- C:\Program Files\DivX
2007-03-10 23:27:47         0 d-------- C:\Program Files\Winamp
2007-03-09 21:55:34         0 d-------- C:\Program Files\ACE Mega CoDecS Pack<ACEMEG~1>
2007-03-09 20:57:25         0 d-------- C:\Program Files\Common Files\xing shared<XINGSH~1>
2007-03-09 20:57:18         0 d-------- C:\Program Files\Real
2007-03-09 20:57:18         0 d-------- C:\Program Files\Common Files\Real
2007-03-06 10:56:18         0 d-------- C:\Program Files\ATP
2007-03-03 14:28:28         0 d-------- C:\Program Files\Common Files\Vbox
2007-02-24 17:31:58         0 d-------- C:\Program Files\Google
2007-02-21 21:00:28     10752 --a------ C:\WINDOWS\System32\ff_vfw.dll
2007-02-19 01:49:22     72192 --a------ C:\WINDOWS\unlite3.exe


-- Find3M Report ---------------------------------------------------------------

2007-03-17 22:27:34         0 d-------- C:\Documents and Settings\Daria\Dane aplikacji\SystemDoctor 2006 Free<SYSTEM~1>
2007-03-17 09:02:11         0 d-------- C:\Documents and Settings\Daria\Dane aplikacji\Adobe
2007-03-15 18:05:02         0 d-------- C:\Program Files\Common Files\Adobe
2007-03-15 18:03:12         0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-13 08:16:22         0 d-------- C:\Documents and Settings\Daria\Dane aplikacji\SearchToolbarCorp<SEARCH~1>
2007-03-12 07:26:02         0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-03-11 16:41:49         0 d-------- C:\Documents and Settings\Daria\Dane aplikacji\Media Player Classic<MEDIAP~1>
2007-03-11 16:18:33      3138 --a------ C:\WINDOWS\mozver.dat
2007-03-09 21:12:34         0 d-------- C:\Documents and Settings\Daria\Dane aplikacji\uTorrent
2007-03-09 20:57:36         0 d-------- C:\Documents and Settings\Daria\Dane aplikacji\Real
2007-03-02 19:19:20         0 d-------- C:\Documents and Settings\Daria\Dane aplikacji\Image Zone Express<IMAGEZ~1>
2007-02-25 11:27:30         0 d-------- C:\Documents and Settings\Daria\Dane aplikacji\NeroDCTemplates<NERODC~1>
2007-02-24 17:32:24         0 d-------- C:\Documents and Settings\Daria\Dane aplikacji\Google
2007-02-20 23:36:13         0 d-------- C:\Program Files\Java
2007-02-20 16:19:07         0 d-------- C:\Documents and Settings\Daria\Dane aplikacji\Ahead
2007-02-19 01:35:05         0 d---s---- C:\Documents and Settings\Daria\Dane aplikacji\Microsoft<MICROS~1>
2007-02-16 13:33:40     17544 --a------ C:\Documents and Settings\Daria\Dane aplikacji\GDIPFONTCACHEV1.DAT<GDIPFO~1.DAT>
2007-02-14 02:15:11         0 d-------- C:\Documents and Settings\Daria\Dane aplikacji\Vso
2007-02-14 02:15:11        33 --a------ C:\Documents and Settings\Daria\Dane aplikacji\pcouffin.log
2007-02-14 02:15:10     47360 --a------ C:\Documents and Settings\Daria\Dane aplikacji\pcouffin.sys
2007-02-14 02:15:10      1144 --a------ C:\Documents and Settings\Daria\Dane aplikacji\pcouffin.inf
2007-02-14 02:15:10      7176 --a------ C:\Documents and Settings\Daria\Dane aplikacji\pcouffin.cat
2007-02-14 02:15:10     81920 --a------ C:\Documents and Settings\Daria\Dane aplikacji\ezpinst.exe
2007-02-14 01:51:35        14 --a------ C:\WINDOWS\System32\systeminfo3.dll<SYSTEM~1.DLL>
2007-02-12 23:05:55         0 d-------- C:\Program Files\Microsoft ActiveSync<MICROS~2>
2007-02-11 22:53:07         0 d-------- C:\Documents and Settings\Daria\Dane aplikacji\Apple Computer<APPLEC~1>
2007-02-11 22:52:11         0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-02-11 22:51:50         0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-02-10 00:29:00         0 d-------- C:\Program Files\Common Files\Adobe Systems Shared<ADOBES~1>
2007-02-07 21:01:19         0 d-------- C:\Documents and Settings\Daria\Dane aplikacji\CyberLink<CYBERL~1>
2007-02-07 20:58:42         0 d-------- C:\Program Files\CyberLink<CYBERL~1>
2007-02-07 20:58:05         0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-02-06 12:18:38        56 -r-hs---- C:\WINDOWS\System32\633617232E.sys<633617~1.SYS>
2007-02-06 12:02:51         0 d-------- C:\Program Files\CDex_150
2007-02-05 08:42:14         0 d-------- C:\Documents and Settings\Daria\Dane aplikacji\Sun
2007-02-05 08:37:45         0 d-------- C:\Program Files\Common Files\Java
2007-02-03 20:05:14         0 d-------- C:\Documents and Settings\Daria\Dane aplikacji\HP
2007-02-03 20:01:16         0 d-------- C:\Program Files\Multimedia Keyboard Driver<MULTIM~1>
2007-01-30 08:00:46    110507 --a------ C:\WINDOWS\hpoins08.dat
2007-01-30 00:47:24         0 d-------- C:\Program Files\Common Files\HP
2007-01-30 00:46:25         0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1>
2007-01-30 00:45:50         0 d-------- C:\Program Files\Common Files\Hewlett-Packard<HEWLET~1>
2007-01-30 00:37:31         0 d-------- C:\Program Files\HP
2007-01-29 22:45:22         0 d-------- C:\Program Files\Common Files\LightScribe<LIGHTS~1>
2007-01-29 18:03:42         0 d-------- C:\Program Files\Common Files\Nero
2007-01-29 18:02:23         0 d-------- C:\Program Files\Common Files\Ahead
2007-01-29 17:05:09    355830 --a------ C:\WINDOWS\System32\perfh015.dat
2007-01-29 17:05:09     49712 --a------ C:\WINDOWS\System32\perfc015.dat
2007-01-29 16:07:41         0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~2>
2007-01-28 21:04:03         0 d-------- C:\Documents and Settings\Daria\Dane aplikacji\Macromedia<MACROM~1>
2007-01-28 21:02:32         0 --a------ C:\WINDOWS\nsreg.dat
2007-01-28 21:02:31         0 d-------- C:\Documents and Settings\Daria\Dane aplikacji\Mozilla
2007-01-28 20:55:24         0 d-------- C:\Program Files\Intel
2007-01-28 20:49:18         0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-01-28 20:43:50         0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-01-28 20:24:58         0 d-------- C:\Documents and Settings\Daria\Dane aplikacji\Identities<IDENTI~1>
2007-01-28 20:21:36         0 d-------- C:\Program Files\microsoft frontpage<MICROS~1>
2007-01-28 20:21:19         0 -rahs---- C:\MSDOS.SYS
2007-01-28 20:21:19         0 -rahs---- C:\IO.SYS
2007-01-28 20:21:19         0 --a------ C:\CONFIG.SYS
2007-01-28 20:21:19         0 --a------ C:\AUTOEXEC.BAT
2007-01-28 20:19:31         0 d-------- C:\Program Files\Common Files\MSSoap
2007-01-28 20:19:06     21856 --a------ C:\WINDOWS\System32\emptyregdb.dat<EMPTYR~1.DAT>
2007-01-28 20:18:41         0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-01-28 20:18:41         0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1>
2007-01-28 20:12:48         0 d-------- C:\Program Files\Common Files\ODBC
2007-01-28 20:12:46         0 d-------- C:\Program Files\Common Files\SpeechEngines<SPEECH~1>
2007-01-28 20:12:26        62 --ahs---- C:\Documents and Settings\Daria\Dane aplikacji\desktop.ini


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"RTHDCPL"="RTHDCPL.EXE"
"SkyTel"="SkyTel.EXE"
"Alcmtr"="ALCMTR.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"HP Software Update"="D:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"WireLessKeyboard"="C:\\Program Files\\Multimedia Keyboard Driver\\StartAutorun.exe PS2USBKbdDrv.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"RemoteControl"="\"D:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\"  -osboot"
"2chkdsk"="rundll32.exe \"C:\\WINDOWS\\System32\\rglquney.dll\",setvm"
"cmonitor"=""
"pas_check"="C:\\Program Files\\SystemDoctor 2006 Free\\pasmon.exe"
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
   

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C3178C97-FE42-4A9F-8574-C9BF97524A17}"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService   REG_MULTI_SZ      Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService   REG_MULTI_SZ      DnsCache\0\0
rpcss   REG_MULTI_SZ      RpcSs\0\0
imgsvc   REG_MULTI_SZ      StiSvc\0\0
termsvcs   REG_MULTI_SZ      TermService\0\0



-- End of ComboScan: finished at 2007-03-18 at 14:07:48 ------------------------



Silent Runners:

Kod: Zaznacz wszystko

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]
"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"HP Software Update" = "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Development Company, L.P."]
"WireLessKeyboard" = "C:\Program Files\Multimedia Keyboard Driver\StartAutorun.exe PS2USBKbdDrv.exe" [empty string]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"RemoteControl" = ""D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot" ["RealNetworks, Inc."]
"2chkdsk" = "rundll32.exe "C:\WINDOWS\System32\rglquney.dll",setvm" [MS]
"cmonitor" = "(empty string)" [file not found]
"pas_check" = "C:\Program Files\SystemDoctor 2006 Free\pasmon.exe" [file not found]
"MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]

HKLM\Software\Microsoft\Active Setup\Installed Components\
{306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided)
                                       \StubPath   = ""C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{3CBC4AE8-4D8B-476D-A68D-534C7085F039}\(Default) = (no title provided)
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\owhphhbv.dll" [null data]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "SSVHelper Class"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
                   \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
  -> {HKLM...CLSID} = "DesktopContext Class"
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
  -> {HKLM...CLSID} = "NVIDIA CPL Extension"
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
  -> {HKLM...CLSID} = "Desktop Explorer"
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
  -> {HKLM...CLSID} = "nView Desktop Context Menu"
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
  -> {HKLM...CLSID} = "RealOne Player Context Menu Class"
                   \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
  -> {HKLM...CLSID} = "Outlook File Icon Extension"
                   \InProcServer32\(Default) = "D:\Program Files\Microsoft Office XP PRO\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "D:\Program Files\Microsoft Office XP PRO\Office10\msohev.dll" [MS]
"{E0D79300-84BE-11CE-9641-444553540000}" = "WinZip"
  -> {HKLM...CLSID} = "WinZip"
                   \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]
"{E0D79301-84BE-11CE-9641-444553540000}" = "WinZip"
  -> {HKLM...CLSID} = "WinZip"
                   \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]
"{E0D79302-84BE-11CE-9641-444553540000}" = "WinZip"
  -> {HKLM...CLSID} = "WinZip"
                   \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
  -> {HKLM...CLSID} = "PDF Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79300-84BE-11CE-9641-444553540000}"
  -> {HKLM...CLSID} = "WinZip"
                   \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79300-84BE-11CE-9641-444553540000}"
  -> {HKLM...CLSID} = "WinZip"
                   \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79300-84BE-11CE-9641-444553540000}"
  -> {HKLM...CLSID} = "WinZip"
                   \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Idylla.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Daria\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\scrnsave.scr" [MS]


Startup items in "Daria" & "All Users" startup folders:
-------------------------------------------------------

C:\Documents and Settings\Daria\Menu Start\Programy\Autostart
"Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Adobe Reader Synchronizer" -> shortcut to: "C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe" [null data]
"HP Digital Imaging Monitor" -> shortcut to: "D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Development Company, L.P."]
"Microsoft Office" -> shortcut to: "D:\Program Files\Microsoft Office XP PRO\Office10\OSA.EXE -b -l" [MS]


Enabled Scheduled Tasks:
------------------------

"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Computer, Inc."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}"
  -> {HKCU...CLSID} = "Java Plug-in 1.5.0_11"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."]
  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_11"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll" ["Sun Microsystems, Inc."]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

LightScribeService Direct Disc Labeling Service, LightScribeService, "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" ["Hewlett-Packard Company"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
HP Standard TCP/IP Port\Driver = "HpTcpMon.dll" ["Hewlett Packard"]
LIDIL hpzll43a\Driver = "hpzll43a.dll" ["Hewlett-Packard Company"]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
  took 132 seconds.
---------- (total run time: 1132 seconds)


[wojtas]

Użyj WWDC :
http://www.firewallleaktester.com/wwdc.htm
Zmień opcje z disable na enable. Uruchom ponownie komputer.
Tak powinny wyglądać porty (NetBIOS może być żółty) :
http://www.firewallleaktester.com/images_site/wwdc.jpg


Pobierz i uruchom narzędzie : The Avenger
http://swandog46.geekstogo.com/avenger.zip
Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz:

Files to delete:

C:\WINDOWS\System32\owhphhbv.dll
C:\WINDOWS\System32\lxchjnit.dll
C:\WINDOWS\System32\rglquney.dll

Folders to delete:

C:\Program Files\VSAdd-in

Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK.
Po restarcie w HijackThis usuwasz wpis/y

O2 - BHO: (no name) - {3CBC4AE8-4D8B-476D-A68D-534C7085F039} - C:\WINDOWS\System32\owhphhbv.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\System32\rglquney.dll",setvm
O4 - HKLM\..\Run: [pas_check] C:\Program Files\SystemDoctor 2006 Free\pasmon.exe

skasuj ten wyzej pogrubiony

Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt + log z comboscna + log z Silent Runners.

ten plik

C:\WINDOWS\unlite3.exe

przeskanuj tym:
http://www.virustotal.com/en/indexf.html

[prog]

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Alcmtr.exe jest od Realtek Event Monitor, powrzechnie uważany za szkodliwy - lecz nie tak bardzo by usuwać.

Co najwyżej wyłączyć z autostartu.

[Altharis]

czyli nie kasować ALCMTR.EXE?

[wojtas]

nie kasować ALCMTR.EXE?

moim zdaniem mozesz skasowac

[prog]

Jak ci przymulka komp to usuwaj...Ja to mam i nic złego się nie dzieje.