Menadżer zadań
8 posty(ów)
• Strona 1 z 1
Menadżer zadań
przez mateusz x man » 27 Gru 2007, 23:13
UA:
Jak chcę uruchomić Menadżer zadań za pomocą Alt+Ctrl+Delete pojawia mi się takie coś. Co zrobić?
- mateusz x man
- Aktywny w piśmie
- Posty: 750
- Dołączenie: 09 Cze 2007, 13:15
- Miejscowość: Kielce
- Pochwały: 2
przez acoanic_radka » 27 Gru 2007, 23:47
UA:
A jesteś na profilu ADMINA? Jeśli nie to musisz sie zalogowac jako admin i zmienić w opcjach ustawienia.
Start- ustawienia- panel kontroli-konta uzytkownikow czy jakos tak.
Start- ustawienia- panel kontroli-konta uzytkownikow czy jakos tak.
Tak mnie wychowali: Ojczyzne kochać trzeba i szanować , nie deptać flagi i nie pluć na godło.
-
acoanic_radka - Postujący
- Posty: 394
- Dołączenie: 23 Lip 2005, 18:24
- Pochwały: 1
przez mateusz x man » 28 Gru 2007, 00:20
UA:
Ja jestem ADMINEM.Jest większy problem. Proszę o szybką pomoc. Najprawdopodobniej atakuje mnie jakiś haker. Cały czas mi wywala jakieś okienka. Będę się starał robić screeny i wrzucać na forum.
Dołączam logi
ComboFix 07-12-21.4 - Mateusz P 2007-12-27 23:08:02.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.572 [GMT 1:00]
Running from: D:\Programy\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Mateusz P\Ulubione\Error Cleaner.url
C:\Documents and Settings\Mateusz P\Ulubione\Privacy Protector.url
C:\Documents and Settings\Mateusz P\Ulubione\Spyware&Malware Protection.url
C:\WINDOWS\dat.txt
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\svch0st.exe
.
((((((((((((((((((((((((( Files Created from 2007-11-27 to 2007-12-27 )))))))))))))))))))))))))))))))
.
2007-12-27 22:55 . 2007-12-27 22:55 <DIR> d-------- C:\Program Files\Ashampoo
2007-12-27 22:46 . 2007-12-27 22:46 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Grisoft
2007-12-27 22:44 . 2007-12-27 22:45 <DIR> d-------- C:\Program Files\XP Antivirus
2007-12-27 18:58 . 2007-12-27 18:58 <DIR> d-------- C:\Documents and Settings\Mateusz P\Dane aplikacji\AdobeUM
2007-12-27 18:02 . 2007-12-27 11:17 278,528 --a------ C:\WINDOWS\domnftwvmd.dll
2007-12-27 18:02 . 2007-12-27 11:16 270,336 --a------ C:\WINDOWS\alxvdvm.dll
2007-12-27 18:02 . 2007-12-27 11:16 208,896 --a------ C:\WINDOWS\bvtqfvx.dll
2007-12-27 18:02 . 2007-12-27 11:17 200,704 --a------ C:\WINDOWS\emlkdvo.dll
2007-12-27 18:02 . 2007-12-27 11:17 90,112 --a------ C:\WINDOWS\fvkwdrt.exe
2007-12-27 18:01 . 2007-12-27 18:02 <DIR> d-------- C:\Program Files\MediaSupplyCodec
2007-12-27 17:52 . 2007-12-27 17:52 <DIR> d-------- C:\Program Files\Real Alternative
2007-12-27 13:31 . 2006-11-30 15:14 90,800 -ra------ C:\WINDOWS\system32\drivers\se45unic.sys
2007-12-27 13:31 . 2006-11-30 15:14 18,704 -ra------ C:\WINDOWS\system32\drivers\se45nd5.sys
2007-12-27 13:31 . 2006-11-30 15:14 4,128 -ra------ C:\WINDOWS\system32\drivers\se45cr.sys
2007-12-27 13:29 . 2006-11-30 15:14 88,624 -ra------ C:\WINDOWS\system32\drivers\se45mgmt.sys
2007-12-27 13:28 . 2006-11-30 15:14 97,088 -ra------ C:\WINDOWS\system32\drivers\se45mdm.sys
2007-12-27 13:28 . 2006-11-30 15:14 86,432 -ra------ C:\WINDOWS\system32\drivers\se45obex.sys
2007-12-27 13:28 . 2006-11-30 15:13 61,536 -ra------ C:\WINDOWS\system32\drivers\se45bus.sys
2007-12-27 13:28 . 2006-11-30 15:14 9,360 -ra------ C:\WINDOWS\system32\drivers\se45mdfl.sys
2007-12-27 13:28 . 2006-11-30 15:13 6,240 -ra------ C:\WINDOWS\system32\drivers\se45cmnt.sys
2007-12-27 13:28 . 2006-11-30 15:13 6,240 -ra------ C:\WINDOWS\system32\drivers\se45cm.sys
2007-12-27 13:28 . 2006-11-30 15:14 5,872 -ra------ C:\WINDOWS\system32\drivers\se45whnt.sys
2007-12-27 13:28 . 2006-11-30 15:14 5,872 -ra------ C:\WINDOWS\system32\drivers\se45wh.sys
2007-12-27 13:25 . 2007-12-27 13:25 <DIR> d-------- C:\Program Files\Sony Ericsson
2007-12-27 13:25 . 2007-12-27 13:25 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2007-12-27 13:25 . 2007-12-27 13:25 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2007-12-27 13:25 . 2007-12-27 13:25 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Teleca
2007-12-27 13:25 . 2007-12-27 13:25 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2007-12-26 21:43 . 2007-12-27 17:27 <DIR> d-------- C:\Program Files\ImTOO
2007-12-26 20:04 . 2007-12-26 20:04 <DIR> d-------- C:\Program Files\Ares
2007-12-26 18:24 . 2007-12-26 18:24 32 --a------ C:\WINDOWS\go
2007-12-26 11:05 . 2007-12-26 11:05 <DIR> d-------- C:\Program Files\MoorHunt
2007-12-26 11:04 . 2007-12-26 11:04 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-12-26 11:04 . 2007-12-26 11:04 <DIR> d-------- C:\Program Files\MSBuild
2007-12-26 11:03 . 2007-12-26 11:03 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-12-26 11:03 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-12-26 11:01 . 2007-12-26 11:01 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-12-26 10:41 . 2007-12-26 10:41 <DIR> d-------- C:\Documents and Settings\Mateusz P\Dane aplikacji\Canon
2007-12-25 18:22 . 2007-12-25 18:22 <DIR> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2007-12-25 18:22 . 2007-12-25 18:22 <DIR> d--h----- C:\Documents and Settings\All Users\Dane aplikacji\CanonBJ
2007-12-25 18:22 . 2007-03-23 08:30 1,400,832 --a------ C:\WINDOWS\system32\CNC210C.DLL
2007-12-25 18:22 . 2007-03-19 02:16 200,704 --a------ C:\WINDOWS\system32\CNC210L.DLL
2007-12-25 18:22 . 2007-03-15 06:12 188,416 --a------ C:\WINDOWS\system32\CNC210O.DLL
2007-12-25 18:22 . 2007-03-23 08:29 98,304 --a------ C:\WINDOWS\system32\CNC210I.DLL
2007-12-25 18:22 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-12-25 18:21 . 2007-12-25 18:21 <DIR> d--h----- C:\Program Files\CanonBJ
2007-12-25 16:05 . 2007-12-25 16:05 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-12-25 16:05 . 2007-12-25 16:05 <DIR> d-------- C:\Program Files\QuickTime Alternative
2007-12-25 16:05 . 2004-09-23 18:57 747,008 --a------ C:\WINDOWS\system32\Indeo4.qtx
2007-12-25 16:05 . 2004-09-23 18:57 323,072 --a------ C:\WINDOWS\system32\QuickTime.cpl
2007-12-25 16:05 . 2002-11-08 20:04 225,280 --a------ C:\WINDOWS\system32\qtmlClient.dll
2007-12-25 16:05 . 2004-09-23 18:57 70,144 --a------ C:\WINDOWS\system32\QuickTimeCheck.ocx
2007-12-25 11:15 . 2007-12-25 11:15 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-12-25 10:50 . 2007-12-25 10:50 <DIR> d-------- C:\Program Files\Techland
2007-12-24 23:05 . 2007-12-24 23:05 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-12-24 23:05 . 2007-12-24 23:05 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-12-24 23:05 . 2007-12-24 23:05 <DIR> d-------- C:\Program Files\Microsoft Works
2007-12-24 22:57 . 2007-12-24 22:57 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-12-24 22:49 . 2007-12-24 22:49 <DIR> d-------- C:\Program Files\Lavalys
2007-12-24 22:41 . 2007-12-24 22:41 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-12-24 22:41 . 2004-04-30 09:37 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2007-12-24 22:41 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2007-12-24 20:20 . 2006-05-04 19:02 380,928 --a------ C:\WINDOWS\system32\drivers\rt61.sys
2007-12-24 20:20 . 2005-12-15 10:38 315,392 --a------ C:\WINDOWS\system32\AegisI5.exe
2007-12-24 20:20 . 2006-05-15 16:25 295,028 --a------ C:\WINDOWS\system32\Install6x.dll
2007-12-24 20:20 . 2006-04-06 13:15 8,192 --a------ C:\WINDOWS\system32\drivers\RT2661.bin
2007-12-24 20:20 . 2006-04-06 13:15 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561s.bin
2007-12-24 20:20 . 2006-04-06 13:15 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561.bin
2007-12-24 20:20 . 2006-03-10 15:33 78 --a------ C:\WINDOWS\filespec6x
2007-12-23 22:24 . 2007-12-23 22:24 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-12-23 20:29 . 2007-12-23 20:29 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-23 20:29 . 2007-12-23 20:29 <DIR> d-------- C:\Documents and Settings\Mateusz P\Dane aplikacji\Lavasoft
2007-12-23 16:28 . 2007-12-23 16:28 44,644 --ah----- C:\WINDOWS\system32\mlfcache.dat
2007-12-22 21:53 . 2007-12-22 21:53 <DIR> d-------- C:\Program Files\Google
2007-12-22 00:41 . 2007-12-22 00:41 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-22 00:41 . 2007-12-22 00:41 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple
2007-12-21 21:06 . 2007-12-21 21:16 <DIR> d-------- C:\Program Files\RegCleaner
2007-12-21 20:46 . 2007-12-21 20:46 <DIR> d-------- C:\Program Files\MarBit
2007-12-21 20:30 . 2007-12-21 20:30 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Yahoo! Companion
2007-12-21 20:22 . 2007-12-23 20:39 <DIR> d-a------ C:\Program Files\BearShare Applications
2007-12-21 20:22 . 2007-12-22 22:01 <DIR> d-------- C:\Documents and Settings\Mateusz P\Dane aplikacji\BearShare
2007-12-21 20:22 . 2006-11-12 11:39 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2007-12-21 18:54 . 2007-12-27 22:51 <DIR> d-------- C:\Documents and Settings\Mateusz P\Dane aplikacji\AVG7
2007-12-21 18:54 . 2007-12-21 18:54 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\AVG7
2007-12-21 18:54 . 2007-12-27 22:45 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\avg7
2007-12-20 23:47 . 2007-12-20 23:47 <DIR> d-------- C:\Program Files\Yahoo!
2007-12-20 23:47 . 2007-12-20 23:47 <DIR> d-------- C:\Program Files\CCleaner
2007-12-20 21:47 . 2007-12-20 21:47 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\G DATA
2007-12-20 21:47 . 2007-12-20 21:47 45,768 --a------ C:\WINDOWS\system32\drivers\MiniIcpt.sys
2007-12-20 21:47 . 2007-12-20 21:47 41,928 --a------ C:\WINDOWS\system32\drivers\GDTdiIcpt.sys
2007-12-20 21:47 . 2007-12-20 21:47 32,072 --a------ C:\WINDOWS\system32\drivers\HookCentre.sys
2007-12-20 21:45 . 2007-12-20 21:45 <DIR> d-------- C:\Documents and Settings\Mateusz P\Dane aplikacji\InstallShield
2007-12-20 17:22 . 2007-12-20 17:22 21,275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-12-18 22:09 . 2007-12-18 22:09 <DIR> d-------- C:\Documents and Settings\Mateusz P\Dane aplikacji\Thunderbird
2007-12-18 22:09 . 2007-12-18 22:09 <DIR> d-------- C:\Documents and Settings\Mateusz P\Dane aplikacji\Talkback
2007-12-18 21:57 . 2007-12-18 21:57 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-18 19:28 . 2007-12-27 22:46 <DIR> d-------- C:\Documents and Settings\LocalService\Pulpit
2007-12-17 23:53 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-17 23:52 . 2007-12-17 23:53 <DIR> d-------- C:\Program Files\Java
2007-12-17 23:45 . 2007-12-17 23:45 <DIR> d-------- C:\Program Files\Common Files\Java
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 21:24 --------- d-----w C:\Program Files\Deluxe Ski Jump
2007-12-25 15:05 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2007-12-25 09:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-24 19:20 --------- d-----w C:\Program Files\RALINK
2007-12-24 18:18 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-20 21:00 1,001,984 ----a-w C:\WINDOWS\UNRecode.exe
2007-12-20 21:00 1,001,984 ----a-w C:\WINDOWS\UNNeroVision.exe
2007-12-20 20:59 350,720 ------r C:\WINDOWS\alcupd.exe
2007-12-20 20:59 252,416 ----a-r C:\WINDOWS\Alcrmv.exe
2007-12-20 20:59 1,001,984 ----a-w C:\WINDOWS\UNNeroShowTime.exe
2007-12-20 20:59 1,001,984 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-12-20 20:59 1,001,984 ----a-w C:\WINDOWS\UNNeroBackItUp.exe
2007-12-16 20:21 --------- d-----w C:\Documents and Settings\Mateusz P\Dane aplikacji\Winamp
2007-12-16 17:32 --------- d-----w C:\Documents and Settings\Mateusz P\Dane aplikacji\Apple Computer
2007-11-24 21:21 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-11-24 21:20 --------- d-----w C:\Program Files\Common Files\Ahead
2007-11-24 21:18 --------- d-----w C:\Program Files\Nero
2007-11-24 21:18 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero
2007-11-24 21:14 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-21 22:30 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-21 22:29 --------- d-----w C:\Program Files\Usługi online
2007-11-15 20:51 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-11-15 15:58 --------- d-----w C:\Program Files\Winamp
2007-11-15 14:08 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-15 13:54 --------- d-----w C:\Program Files\Carbon
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 12:07 --------- d-----w C:\Program Files\ATI Technologies
2007-11-11 12:06 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-11 12:03 --------- d-----w C:\Program Files\Realtek Sound Manager
2007-11-11 12:03 --------- d-----w C:\Program Files\Realtek AC97
2007-11-11 12:03 --------- d-----w C:\Program Files\AvRack
2007-11-11 12:00 --------- d-----w C:\Program Files\VIA
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D10CD11A-4CA6-453A-ABE5-71EA37E1BC45}]
2007-12-27 11:17 278528 --a------ C:\WINDOWS\domnftwvmd.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0124123D-61B4-456F-AF86-78C53A0790C5}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{0D704FAD-66E9-4F0A-BFED-4F665770DDB3}
{8F96EAED-F89E-4B56-89C7-9B9F9C9F3A36}
[HKEY_CLASSES_ROOT\clsid\{8f96eaed-f89e-4b56-89c7-9b9f9c9f3a36}]
[HKEY_CLASSES_ROOT\emlkdvo.ToolBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{234BBDA5-7AC3-4DCD-BD11-93B27916CF89}]
[HKEY_CLASSES_ROOT\emlkdvo.ToolBar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AQQ"="C:\PROGRA~1\WapSter\AQQ\AQQ.exe" [2007-02-28 13:18]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 09:22 C:\WINDOWS\soundman.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-27 22:50]
"Ashampoo FireWall"="C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2007-04-05 14:57]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-27 22:46]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2007-12-24 20:21:10]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"alxvdvm"= {3B475BF3-E813-4173-905D-4BA9E642F630} - C:\WINDOWS\alxvdvm.dll [2007-12-27 11:16 270336]
"bvtqfvx"= {A0D4EC68-2B09-4950-A897-1F26D5E1F8D5} - C:\WINDOWS\bvtqfvx.dll [2007-12-27 11:16 208896]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 04:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 04:39]
R2 GDTdiInterceptor;GDTdiInterceptor;C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [2007-12-20 21:47]
S2 AVKProxy;G DATA AntiVirus Proxy;"C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe" []
S2 AVKService;G DATA Scheduler;C:\Program Files\G DATA AntiVirus Trial\AVK\AVKService.exe []
S2 AVKWCtl;Strażnik AntiVirus;C:\Program Files\G DATA AntiVirus Trial\AVK\AVKWCtl.exe []
S2 Windows Firewall;Windows Firewall;C:\WINDOWS\system32\SVCH0ST.EXE []
S3 GDMnIcpt;GDMnIcpt;C:\WINDOWS\system32\drivers\MiniIcpt.sys [2007-12-20 21:47]
S3 HookCentre;HookCentre;C:\WINDOWS\system32\drivers\HookCentre.sys [2007-12-20 21:47]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 08:42]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 08:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 08:42]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 08:42]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 08:42]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e29ac05-9a15-11dc-9035-cb0cd1d44cd0}]
\Shell\AutoRun\command - F:\SETUP.EXE /AUTORUN
\Shell\configure\command - F:\SETUP.EXE
\Shell\install\command - F:\SETUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20c1b6a4-9394-11dc-94d9-000e2e9ffe36}]
\Shell\Auto\command - F:\SVCH0ST.EXE
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SVCH0ST.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fce01ffd-9a94-11dc-949f-d0117ac2fda7}]
\Shell\Auto\command - J:\SVCH0ST.EXE
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SVCH0ST.EXE
.
Contents of the 'Scheduled Tasks' folder
"2007-12-25 13:31:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-27 23:10:57
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
C:\WINDOWS\bvtqfvx.dll
C:\Program Files\WinRAR\rarext.dll
C:\PROGRA~1\WapSter\AQQ\System\AQQSHE~1.DLL
.
Completion time: 2007-12-27 23:11:40 - machine was rebooted
.
2007-12-27 12:40:04 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:17:02, on 2007-12-27
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\PROGRA~1\WapSter\AQQ\AQQ.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: BDEX System - {D10CD11A-4CA6-453A-ABE5-71EA37E1BC45} - C:\WINDOWS\domnftwvmd.dll
O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O3 - Toolbar: The emlkdvo - {8F96EAED-F89E-4B56-89C7-9B9F9C9F3A36} - C:\WINDOWS\emlkdvo.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\WapSter\AQQ\AQQ.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O21 - SSODL: alxvdvm - {3B475BF3-E813-4173-905D-4BA9E642F630} - C:\WINDOWS\alxvdvm.dll
O21 - SSODL: bvtqfvx - {A0D4EC68-2B09-4950-A897-1F26D5E1F8D5} - C:\WINDOWS\bvtqfvx.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - Unknown owner - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe (file missing)
O23 - Service: G DATA Scheduler (AVKService) - Unknown owner - C:\Program Files\G DATA AntiVirus Trial\AVK\AVKService.exe (file missing)
O23 - Service: Strażnik AntiVirus (AVKWCtl) - Unknown owner - C:\Program Files\G DATA AntiVirus Trial\AVK\AVKWCtl.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Windows Firewall - Unknown owner - C:\WINDOWS\system32\SVCH0ST.EXE (file missing)
--
End of file - 6428 bytes
"Silent Runners.vbs", revision 55, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"AQQ" = "C:\PROGRA~1\WapSter\AQQ\AQQ.exe" ["AQQ Sp. z o.o."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"Ashampoo FireWall" = ""C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY" [null data]
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
>{26923b43-4d38-484f-9b9e-de460746276c}\(Default) = "Internet Explorer"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE" [MS]
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
{HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}\(Default) = (no title provided)
{HKLM...CLSID} = "UrlHelper Class"
\InProcServer32\(Default) = "C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll" [file not found]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
{HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
{D10CD11A-4CA6-453A-ABE5-71EA37E1BC45}\(Default) = (no title provided)
{HKLM...CLSID} = "BDEX System"
\InProcServer32\(Default) = "C:\WINDOWS\domnftwvmd.dll" [empty string]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
{HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
{HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
{HKLM...CLSID} = "AlcoholShellEx"
\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
{HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
{HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{453D1B6D-BD6A-4FA1-B876-9E4DD848D434}" = "AQQ File Transfer Shell Extension"
{HKLM...CLSID} = "AQQ File Transfer Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\WapSter\AQQ\System\AQQSHE~1.DLL" [null data]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
{HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
{HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{03DAACC5-10BA-4E3E-9D54-2A569F6B4B87}" = "Sony Ericsson File Manager"
{HKLM...CLSID} = "Sony Ericsson File Manager"
\InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile2\File Manager\FM.dll" ["Popwire AB"]
"{738D66C6-0149-4D40-84E4-A7BB2D0CE949}" = "Sony Ericsson File Manager"
{HKLM...CLSID} = "Sony Ericsson File Manager"
\InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile2\File Manager\FM.dll" ["Popwire AB"]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
{HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
{HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"alxvdvm" = "{3B475BF3-E813-4173-905D-4BA9E642F630}"
{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\alxvdvm.dll" [null data]
"bvtqfvx" = "{A0D4EC68-2B09-4950-A897-1F26D5E1F8D5}"
{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\bvtqfvx.dll" [null data]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
{HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
{HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
AQQFileTransfer\(Default) = "{453D1B6D-BD6A-4FA1-B876-9E4DD848D434}"
{HKLM...CLSID} = "AQQ File Transfer Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\WapSter\AQQ\System\AQQSHE~1.DLL" [null data]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
{HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
{HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Mateusz P\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Startup items in "Mateusz P" & "All Users" startup folders:
-----------------------------------------------------------
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Ralink Wireless Utility" shortcut to: "C:\Program Files\RALINK\Common\RaUI.exe -s" ["Ralink Technology, Corp."]
Enabled Scheduled Tasks:
------------------------
"AppleSoftwareUpdate" launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll [null data], 01 - 05, 16
%SystemRoot%\system32\mswsock.dll [MS], 06 - 15, 17 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 20 - 21
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
{HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
{HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
"{0D704FAD-66E9-4F0A-BFED-4F665770DDB3}" = (no title provided)
{HKLM...CLSID} = "&Tłumaczenie"
\InProcServer32\(Default) = "C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll" ["Techland"]
"{8F96EAED-F89E-4B56-89C7-9B9F9C9F3A36}" = (no title provided)
{HKLM...CLSID} = "The emlkdvo"
\InProcServer32\(Default) = "C:\WINDOWS\emlkdvo.dll" [null data]
Explorer Bars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
HKLM\SOFTWARE\Classes\CLSID\{175556B1-4D91-4E9A-9C4B-D6888D5DEE6C}\(Default) = "&Ramka Tłumaczenia"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll" ["Techland"]
Proszę o szybką pomoc
Dołączam logi
ComboFix 07-12-21.4 - Mateusz P 2007-12-27 23:08:02.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.572 [GMT 1:00]
Running from: D:\Programy\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Mateusz P\Ulubione\Error Cleaner.url
C:\Documents and Settings\Mateusz P\Ulubione\Privacy Protector.url
C:\Documents and Settings\Mateusz P\Ulubione\Spyware&Malware Protection.url
C:\WINDOWS\dat.txt
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\svch0st.exe
.
((((((((((((((((((((((((( Files Created from 2007-11-27 to 2007-12-27 )))))))))))))))))))))))))))))))
.
2007-12-27 22:55 . 2007-12-27 22:55 <DIR> d-------- C:\Program Files\Ashampoo
2007-12-27 22:46 . 2007-12-27 22:46 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Grisoft
2007-12-27 22:44 . 2007-12-27 22:45 <DIR> d-------- C:\Program Files\XP Antivirus
2007-12-27 18:58 . 2007-12-27 18:58 <DIR> d-------- C:\Documents and Settings\Mateusz P\Dane aplikacji\AdobeUM
2007-12-27 18:02 . 2007-12-27 11:17 278,528 --a------ C:\WINDOWS\domnftwvmd.dll
2007-12-27 18:02 . 2007-12-27 11:16 270,336 --a------ C:\WINDOWS\alxvdvm.dll
2007-12-27 18:02 . 2007-12-27 11:16 208,896 --a------ C:\WINDOWS\bvtqfvx.dll
2007-12-27 18:02 . 2007-12-27 11:17 200,704 --a------ C:\WINDOWS\emlkdvo.dll
2007-12-27 18:02 . 2007-12-27 11:17 90,112 --a------ C:\WINDOWS\fvkwdrt.exe
2007-12-27 18:01 . 2007-12-27 18:02 <DIR> d-------- C:\Program Files\MediaSupplyCodec
2007-12-27 17:52 . 2007-12-27 17:52 <DIR> d-------- C:\Program Files\Real Alternative
2007-12-27 13:31 . 2006-11-30 15:14 90,800 -ra------ C:\WINDOWS\system32\drivers\se45unic.sys
2007-12-27 13:31 . 2006-11-30 15:14 18,704 -ra------ C:\WINDOWS\system32\drivers\se45nd5.sys
2007-12-27 13:31 . 2006-11-30 15:14 4,128 -ra------ C:\WINDOWS\system32\drivers\se45cr.sys
2007-12-27 13:29 . 2006-11-30 15:14 88,624 -ra------ C:\WINDOWS\system32\drivers\se45mgmt.sys
2007-12-27 13:28 . 2006-11-30 15:14 97,088 -ra------ C:\WINDOWS\system32\drivers\se45mdm.sys
2007-12-27 13:28 . 2006-11-30 15:14 86,432 -ra------ C:\WINDOWS\system32\drivers\se45obex.sys
2007-12-27 13:28 . 2006-11-30 15:13 61,536 -ra------ C:\WINDOWS\system32\drivers\se45bus.sys
2007-12-27 13:28 . 2006-11-30 15:14 9,360 -ra------ C:\WINDOWS\system32\drivers\se45mdfl.sys
2007-12-27 13:28 . 2006-11-30 15:13 6,240 -ra------ C:\WINDOWS\system32\drivers\se45cmnt.sys
2007-12-27 13:28 . 2006-11-30 15:13 6,240 -ra------ C:\WINDOWS\system32\drivers\se45cm.sys
2007-12-27 13:28 . 2006-11-30 15:14 5,872 -ra------ C:\WINDOWS\system32\drivers\se45whnt.sys
2007-12-27 13:28 . 2006-11-30 15:14 5,872 -ra------ C:\WINDOWS\system32\drivers\se45wh.sys
2007-12-27 13:25 . 2007-12-27 13:25 <DIR> d-------- C:\Program Files\Sony Ericsson
2007-12-27 13:25 . 2007-12-27 13:25 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2007-12-27 13:25 . 2007-12-27 13:25 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2007-12-27 13:25 . 2007-12-27 13:25 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Teleca
2007-12-27 13:25 . 2007-12-27 13:25 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2007-12-26 21:43 . 2007-12-27 17:27 <DIR> d-------- C:\Program Files\ImTOO
2007-12-26 20:04 . 2007-12-26 20:04 <DIR> d-------- C:\Program Files\Ares
2007-12-26 18:24 . 2007-12-26 18:24 32 --a------ C:\WINDOWS\go
2007-12-26 11:05 . 2007-12-26 11:05 <DIR> d-------- C:\Program Files\MoorHunt
2007-12-26 11:04 . 2007-12-26 11:04 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-12-26 11:04 . 2007-12-26 11:04 <DIR> d-------- C:\Program Files\MSBuild
2007-12-26 11:03 . 2007-12-26 11:03 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-12-26 11:03 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-12-26 11:01 . 2007-12-26 11:01 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-12-26 10:41 . 2007-12-26 10:41 <DIR> d-------- C:\Documents and Settings\Mateusz P\Dane aplikacji\Canon
2007-12-25 18:22 . 2007-12-25 18:22 <DIR> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2007-12-25 18:22 . 2007-12-25 18:22 <DIR> d--h----- C:\Documents and Settings\All Users\Dane aplikacji\CanonBJ
2007-12-25 18:22 . 2007-03-23 08:30 1,400,832 --a------ C:\WINDOWS\system32\CNC210C.DLL
2007-12-25 18:22 . 2007-03-19 02:16 200,704 --a------ C:\WINDOWS\system32\CNC210L.DLL
2007-12-25 18:22 . 2007-03-15 06:12 188,416 --a------ C:\WINDOWS\system32\CNC210O.DLL
2007-12-25 18:22 . 2007-03-23 08:29 98,304 --a------ C:\WINDOWS\system32\CNC210I.DLL
2007-12-25 18:22 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-12-25 18:21 . 2007-12-25 18:21 <DIR> d--h----- C:\Program Files\CanonBJ
2007-12-25 16:05 . 2007-12-25 16:05 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-12-25 16:05 . 2007-12-25 16:05 <DIR> d-------- C:\Program Files\QuickTime Alternative
2007-12-25 16:05 . 2004-09-23 18:57 747,008 --a------ C:\WINDOWS\system32\Indeo4.qtx
2007-12-25 16:05 . 2004-09-23 18:57 323,072 --a------ C:\WINDOWS\system32\QuickTime.cpl
2007-12-25 16:05 . 2002-11-08 20:04 225,280 --a------ C:\WINDOWS\system32\qtmlClient.dll
2007-12-25 16:05 . 2004-09-23 18:57 70,144 --a------ C:\WINDOWS\system32\QuickTimeCheck.ocx
2007-12-25 11:15 . 2007-12-25 11:15 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-12-25 10:50 . 2007-12-25 10:50 <DIR> d-------- C:\Program Files\Techland
2007-12-24 23:05 . 2007-12-24 23:05 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-12-24 23:05 . 2007-12-24 23:05 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-12-24 23:05 . 2007-12-24 23:05 <DIR> d-------- C:\Program Files\Microsoft Works
2007-12-24 22:57 . 2007-12-24 22:57 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-12-24 22:49 . 2007-12-24 22:49 <DIR> d-------- C:\Program Files\Lavalys
2007-12-24 22:41 . 2007-12-24 22:41 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-12-24 22:41 . 2004-04-30 09:37 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2007-12-24 22:41 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2007-12-24 20:20 . 2006-05-04 19:02 380,928 --a------ C:\WINDOWS\system32\drivers\rt61.sys
2007-12-24 20:20 . 2005-12-15 10:38 315,392 --a------ C:\WINDOWS\system32\AegisI5.exe
2007-12-24 20:20 . 2006-05-15 16:25 295,028 --a------ C:\WINDOWS\system32\Install6x.dll
2007-12-24 20:20 . 2006-04-06 13:15 8,192 --a------ C:\WINDOWS\system32\drivers\RT2661.bin
2007-12-24 20:20 . 2006-04-06 13:15 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561s.bin
2007-12-24 20:20 . 2006-04-06 13:15 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561.bin
2007-12-24 20:20 . 2006-03-10 15:33 78 --a------ C:\WINDOWS\filespec6x
2007-12-23 22:24 . 2007-12-23 22:24 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-12-23 20:29 . 2007-12-23 20:29 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-23 20:29 . 2007-12-23 20:29 <DIR> d-------- C:\Documents and Settings\Mateusz P\Dane aplikacji\Lavasoft
2007-12-23 16:28 . 2007-12-23 16:28 44,644 --ah----- C:\WINDOWS\system32\mlfcache.dat
2007-12-22 21:53 . 2007-12-22 21:53 <DIR> d-------- C:\Program Files\Google
2007-12-22 00:41 . 2007-12-22 00:41 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-22 00:41 . 2007-12-22 00:41 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple
2007-12-21 21:06 . 2007-12-21 21:16 <DIR> d-------- C:\Program Files\RegCleaner
2007-12-21 20:46 . 2007-12-21 20:46 <DIR> d-------- C:\Program Files\MarBit
2007-12-21 20:30 . 2007-12-21 20:30 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Yahoo! Companion
2007-12-21 20:22 . 2007-12-23 20:39 <DIR> d-a------ C:\Program Files\BearShare Applications
2007-12-21 20:22 . 2007-12-22 22:01 <DIR> d-------- C:\Documents and Settings\Mateusz P\Dane aplikacji\BearShare
2007-12-21 20:22 . 2006-11-12 11:39 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2007-12-21 18:54 . 2007-12-27 22:51 <DIR> d-------- C:\Documents and Settings\Mateusz P\Dane aplikacji\AVG7
2007-12-21 18:54 . 2007-12-21 18:54 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\AVG7
2007-12-21 18:54 . 2007-12-27 22:45 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\avg7
2007-12-20 23:47 . 2007-12-20 23:47 <DIR> d-------- C:\Program Files\Yahoo!
2007-12-20 23:47 . 2007-12-20 23:47 <DIR> d-------- C:\Program Files\CCleaner
2007-12-20 21:47 . 2007-12-20 21:47 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\G DATA
2007-12-20 21:47 . 2007-12-20 21:47 45,768 --a------ C:\WINDOWS\system32\drivers\MiniIcpt.sys
2007-12-20 21:47 . 2007-12-20 21:47 41,928 --a------ C:\WINDOWS\system32\drivers\GDTdiIcpt.sys
2007-12-20 21:47 . 2007-12-20 21:47 32,072 --a------ C:\WINDOWS\system32\drivers\HookCentre.sys
2007-12-20 21:45 . 2007-12-20 21:45 <DIR> d-------- C:\Documents and Settings\Mateusz P\Dane aplikacji\InstallShield
2007-12-20 17:22 . 2007-12-20 17:22 21,275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-12-18 22:09 . 2007-12-18 22:09 <DIR> d-------- C:\Documents and Settings\Mateusz P\Dane aplikacji\Thunderbird
2007-12-18 22:09 . 2007-12-18 22:09 <DIR> d-------- C:\Documents and Settings\Mateusz P\Dane aplikacji\Talkback
2007-12-18 21:57 . 2007-12-18 21:57 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-18 19:28 . 2007-12-27 22:46 <DIR> d-------- C:\Documents and Settings\LocalService\Pulpit
2007-12-17 23:53 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-17 23:52 . 2007-12-17 23:53 <DIR> d-------- C:\Program Files\Java
2007-12-17 23:45 . 2007-12-17 23:45 <DIR> d-------- C:\Program Files\Common Files\Java
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 21:24 --------- d-----w C:\Program Files\Deluxe Ski Jump
2007-12-25 15:05 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2007-12-25 09:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-24 19:20 --------- d-----w C:\Program Files\RALINK
2007-12-24 18:18 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-20 21:00 1,001,984 ----a-w C:\WINDOWS\UNRecode.exe
2007-12-20 21:00 1,001,984 ----a-w C:\WINDOWS\UNNeroVision.exe
2007-12-20 20:59 350,720 ------r C:\WINDOWS\alcupd.exe
2007-12-20 20:59 252,416 ----a-r C:\WINDOWS\Alcrmv.exe
2007-12-20 20:59 1,001,984 ----a-w C:\WINDOWS\UNNeroShowTime.exe
2007-12-20 20:59 1,001,984 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-12-20 20:59 1,001,984 ----a-w C:\WINDOWS\UNNeroBackItUp.exe
2007-12-16 20:21 --------- d-----w C:\Documents and Settings\Mateusz P\Dane aplikacji\Winamp
2007-12-16 17:32 --------- d-----w C:\Documents and Settings\Mateusz P\Dane aplikacji\Apple Computer
2007-11-24 21:21 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-11-24 21:20 --------- d-----w C:\Program Files\Common Files\Ahead
2007-11-24 21:18 --------- d-----w C:\Program Files\Nero
2007-11-24 21:18 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero
2007-11-24 21:14 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-21 22:30 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-21 22:29 --------- d-----w C:\Program Files\Usługi online
2007-11-15 20:51 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-11-15 15:58 --------- d-----w C:\Program Files\Winamp
2007-11-15 14:08 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-15 13:54 --------- d-----w C:\Program Files\Carbon
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 12:07 --------- d-----w C:\Program Files\ATI Technologies
2007-11-11 12:06 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-11 12:03 --------- d-----w C:\Program Files\Realtek Sound Manager
2007-11-11 12:03 --------- d-----w C:\Program Files\Realtek AC97
2007-11-11 12:03 --------- d-----w C:\Program Files\AvRack
2007-11-11 12:00 --------- d-----w C:\Program Files\VIA
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D10CD11A-4CA6-453A-ABE5-71EA37E1BC45}]
2007-12-27 11:17 278528 --a------ C:\WINDOWS\domnftwvmd.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0124123D-61B4-456F-AF86-78C53A0790C5}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{0D704FAD-66E9-4F0A-BFED-4F665770DDB3}
{8F96EAED-F89E-4B56-89C7-9B9F9C9F3A36}
[HKEY_CLASSES_ROOT\clsid\{8f96eaed-f89e-4b56-89c7-9b9f9c9f3a36}]
[HKEY_CLASSES_ROOT\emlkdvo.ToolBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{234BBDA5-7AC3-4DCD-BD11-93B27916CF89}]
[HKEY_CLASSES_ROOT\emlkdvo.ToolBar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AQQ"="C:\PROGRA~1\WapSter\AQQ\AQQ.exe" [2007-02-28 13:18]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 09:22 C:\WINDOWS\soundman.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-27 22:50]
"Ashampoo FireWall"="C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2007-04-05 14:57]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-27 22:46]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2007-12-24 20:21:10]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"alxvdvm"= {3B475BF3-E813-4173-905D-4BA9E642F630} - C:\WINDOWS\alxvdvm.dll [2007-12-27 11:16 270336]
"bvtqfvx"= {A0D4EC68-2B09-4950-A897-1F26D5E1F8D5} - C:\WINDOWS\bvtqfvx.dll [2007-12-27 11:16 208896]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 04:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 04:39]
R2 GDTdiInterceptor;GDTdiInterceptor;C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [2007-12-20 21:47]
S2 AVKProxy;G DATA AntiVirus Proxy;"C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe" []
S2 AVKService;G DATA Scheduler;C:\Program Files\G DATA AntiVirus Trial\AVK\AVKService.exe []
S2 AVKWCtl;Strażnik AntiVirus;C:\Program Files\G DATA AntiVirus Trial\AVK\AVKWCtl.exe []
S2 Windows Firewall;Windows Firewall;C:\WINDOWS\system32\SVCH0ST.EXE []
S3 GDMnIcpt;GDMnIcpt;C:\WINDOWS\system32\drivers\MiniIcpt.sys [2007-12-20 21:47]
S3 HookCentre;HookCentre;C:\WINDOWS\system32\drivers\HookCentre.sys [2007-12-20 21:47]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 08:42]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 08:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 08:42]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 08:42]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 08:42]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e29ac05-9a15-11dc-9035-cb0cd1d44cd0}]
\Shell\AutoRun\command - F:\SETUP.EXE /AUTORUN
\Shell\configure\command - F:\SETUP.EXE
\Shell\install\command - F:\SETUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20c1b6a4-9394-11dc-94d9-000e2e9ffe36}]
\Shell\Auto\command - F:\SVCH0ST.EXE
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SVCH0ST.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fce01ffd-9a94-11dc-949f-d0117ac2fda7}]
\Shell\Auto\command - J:\SVCH0ST.EXE
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SVCH0ST.EXE
.
Contents of the 'Scheduled Tasks' folder
"2007-12-25 13:31:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-27 23:10:57
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
C:\WINDOWS\bvtqfvx.dll
C:\Program Files\WinRAR\rarext.dll
C:\PROGRA~1\WapSter\AQQ\System\AQQSHE~1.DLL
.
Completion time: 2007-12-27 23:11:40 - machine was rebooted
.
2007-12-27 12:40:04 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:17:02, on 2007-12-27
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\PROGRA~1\WapSter\AQQ\AQQ.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: BDEX System - {D10CD11A-4CA6-453A-ABE5-71EA37E1BC45} - C:\WINDOWS\domnftwvmd.dll
O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O3 - Toolbar: The emlkdvo - {8F96EAED-F89E-4B56-89C7-9B9F9C9F3A36} - C:\WINDOWS\emlkdvo.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\WapSter\AQQ\AQQ.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O21 - SSODL: alxvdvm - {3B475BF3-E813-4173-905D-4BA9E642F630} - C:\WINDOWS\alxvdvm.dll
O21 - SSODL: bvtqfvx - {A0D4EC68-2B09-4950-A897-1F26D5E1F8D5} - C:\WINDOWS\bvtqfvx.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - Unknown owner - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe (file missing)
O23 - Service: G DATA Scheduler (AVKService) - Unknown owner - C:\Program Files\G DATA AntiVirus Trial\AVK\AVKService.exe (file missing)
O23 - Service: Strażnik AntiVirus (AVKWCtl) - Unknown owner - C:\Program Files\G DATA AntiVirus Trial\AVK\AVKWCtl.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Windows Firewall - Unknown owner - C:\WINDOWS\system32\SVCH0ST.EXE (file missing)
--
End of file - 6428 bytes
"Silent Runners.vbs", revision 55, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"AQQ" = "C:\PROGRA~1\WapSter\AQQ\AQQ.exe" ["AQQ Sp. z o.o."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"Ashampoo FireWall" = ""C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY" [null data]
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
>{26923b43-4d38-484f-9b9e-de460746276c}\(Default) = "Internet Explorer"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE" [MS]
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
{HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}\(Default) = (no title provided)
{HKLM...CLSID} = "UrlHelper Class"
\InProcServer32\(Default) = "C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll" [file not found]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
{HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
{D10CD11A-4CA6-453A-ABE5-71EA37E1BC45}\(Default) = (no title provided)
{HKLM...CLSID} = "BDEX System"
\InProcServer32\(Default) = "C:\WINDOWS\domnftwvmd.dll" [empty string]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
{HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
{HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
{HKLM...CLSID} = "AlcoholShellEx"
\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
{HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
{HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{453D1B6D-BD6A-4FA1-B876-9E4DD848D434}" = "AQQ File Transfer Shell Extension"
{HKLM...CLSID} = "AQQ File Transfer Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\WapSter\AQQ\System\AQQSHE~1.DLL" [null data]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
{HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
{HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{03DAACC5-10BA-4E3E-9D54-2A569F6B4B87}" = "Sony Ericsson File Manager"
{HKLM...CLSID} = "Sony Ericsson File Manager"
\InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile2\File Manager\FM.dll" ["Popwire AB"]
"{738D66C6-0149-4D40-84E4-A7BB2D0CE949}" = "Sony Ericsson File Manager"
{HKLM...CLSID} = "Sony Ericsson File Manager"
\InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile2\File Manager\FM.dll" ["Popwire AB"]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
{HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
{HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"alxvdvm" = "{3B475BF3-E813-4173-905D-4BA9E642F630}"
{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\alxvdvm.dll" [null data]
"bvtqfvx" = "{A0D4EC68-2B09-4950-A897-1F26D5E1F8D5}"
{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\bvtqfvx.dll" [null data]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
{HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
{HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
AQQFileTransfer\(Default) = "{453D1B6D-BD6A-4FA1-B876-9E4DD848D434}"
{HKLM...CLSID} = "AQQ File Transfer Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\WapSter\AQQ\System\AQQSHE~1.DLL" [null data]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
{HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
{HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Mateusz P\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Startup items in "Mateusz P" & "All Users" startup folders:
-----------------------------------------------------------
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Ralink Wireless Utility"
shortcut to: "C:\Program Files\RALINK\Common\RaUI.exe -s" ["Ralink Technology, Corp."]
Enabled Scheduled Tasks:
------------------------
"AppleSoftwareUpdate"
launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll [null data], 01 - 05, 16
%SystemRoot%\system32\mswsock.dll [MS], 06 - 15, 17 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 20 - 21
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
{HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
{HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
"{0D704FAD-66E9-4F0A-BFED-4F665770DDB3}" = (no title provided)
{HKLM...CLSID} = "&Tłumaczenie"
\InProcServer32\(Default) = "C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll" ["Techland"]
"{8F96EAED-F89E-4B56-89C7-9B9F9C9F3A36}" = (no title provided)
{HKLM...CLSID} = "The emlkdvo"
\InProcServer32\(Default) = "C:\WINDOWS\emlkdvo.dll" [null data]
Explorer Bars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
HKLM\SOFTWARE\Classes\CLSID\{175556B1-4D91-4E9A-9C4B-D6888D5DEE6C}\(Default) = "&Ramka Tłumaczenia"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll" ["Techland"]
Proszę o szybką pomoc
- mateusz x man
- Aktywny w piśmie
- Posty: 750
- Dołączenie: 09 Cze 2007, 13:15
- Miejscowość: Kielce
- Pochwały: 2
- LucaS
- Zasłużony działacz forum
- Posty: 2820
- Dołączenie: 11 Maj 2006, 21:45
- Pochwały: 7
-
niunka - Zasłużony działacz forum
- Posty: 2410
- Dołączenie: 08 Maj 2005, 15:21
- Miejscowość: Kempten
- Pochwały: 1
- mateusz x man
- Aktywny w piśmie
- Posty: 750
- Dołączenie: 09 Cze 2007, 13:15
- Miejscowość: Kielce
- Pochwały: 2
przez mateusz x man » 28 Gru 2007, 17:25
UA:
Proszę o szybką pomoc.
Zauważyłem że po jednym z tych komunikatów zawsze miga mi na żółto na pasku zadań program AQQ. Możliwe że to jest ze sobą powiązane?[/b]
Zauważyłem że po jednym z tych komunikatów zawsze miga mi na żółto na pasku zadań program AQQ. Możliwe że to jest ze sobą powiązane?[/b]
- mateusz x man
- Aktywny w piśmie
- Posty: 750
- Dołączenie: 09 Cze 2007, 13:15
- Miejscowość: Kielce
- Pochwały: 2
przez 1jaa » 29 Gru 2007, 01:34
UA:
Już po screenach widać, że w kompie syf jak cholera. Zresztą takie przypadki opisywał pp3088 w swoim poradniku http://forum.instalki.pl/viewtopic.php?t=6607
Na wstępie pozbyj się avg bo to żadna ochrona dla Twojego komputera. Sciągnij chociażby noda i przeskanuj kompa
Jak widać Twój avg nie radzi sobie z tym, nod napewno da rade.
Wywal to
Czyli jak już przeczytasz tego mojego posta to zrób tak najpierw wywal to co podałem, a potem noda i nowe logi. Nie zapomnij pozbyć się tego avg!
Na wstępie pozbyj się avg bo to żadna ochrona dla Twojego komputera. Sciągnij chociażby noda i przeskanuj kompa
Jak widać Twój avg nie radzi sobie z tym, nod napewno da rade.
Wywal to
- Kod: Zaznacz wszystko
O21 - SSODL: alxvdvm - {3B475BF3-E813-4173-905D-4BA9E642F630} - C:\WINDOWS\alxvdvm.dll
O21 - SSODL: bvtqfvx - {A0D4EC68-2B09-4950-A897-1F26D5E1F8D5} - C:\WINDOWS\bvtqfvx.dll
Czyli jak już przeczytasz tego mojego posta to zrób tak najpierw wywal to co podałem, a potem noda i nowe logi. Nie zapomnij pozbyć się tego avg!
-
1jaa - Zacny pisarz
- Posty: 1151
- Dołączenie: 24 Sty 2006, 21:35
- Pochwały: 2
8 posty(ów)
• Strona 1 z 1
Kto jest na forum
Zarejestrowani użytkownicy: Bing [Bot]