Skocz do zawartości

misiek2

Użytkownik
  • Liczba zawartości

    1
  • Rejestracja

  • Ostatnia wizyta

misiek2's Achievements

Newbie

Newbie (1/14)

0

Reputacja

  1. Witam, Czy znalazby sie dzenelmen;) i pomogl bialoglowie w ewentualnym zlokalizowaniu chwastow w ponizszym logu? Dziekuje:) Pozdrawiam, Magda Hijack: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:57:34, on 07/06/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18226)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\ntvdm.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeD:\Program Files\Java\jre6\bin\jusched.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exeD:\Program Files\Java\jdk1.6.0_12\bin\javaw.exeC:\Windows\system32\taskeng.exeC:\Windows\ehome\ehmsas.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files\McAfee\MSC\mcuimgr.exeC:\Program Files\Mcafee\MWL\MwlGui.exeC:\Program Files\Gadu-Gadu\gg.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Skype\Plugin Manager\skypePM.exeC:\Windows\system32\wuauclt.exeC:\Program Files\Windows Media Player\WMPNSCFG.exeC:\Windows\system32\Taskmgr.exeC:\Program Files\Windows Media Player\wmplayer.exeC:\Program Files\McAfee\MQC\QcConsol.exeC:\Program Files\Mozilla Firefox\firefox.exeD:\Program Files\PWN\WSPWNOUP2006\SPWNOUP.exeC:\Windows\system32\SearchFilterHost.exeD:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dllF3 - REG:win.ini: load=c:\slowni~1\watch.exeO1 - Hosts: ::1 localhostO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dllO2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dllO2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dllO3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dllO3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGuiSt.exeO4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hideO4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkeyO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exeO4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorunO4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O4 - Startup: SDK Tray Menu.lnk = ?O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exeO8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htmO8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htmO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htmO13 - Gopher Prefix: O15 - Trusted Zone: http://*.mcafee.comO18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exeO23 - Service: SunJavaSystemAppserver9PE (AppServer9PE) - Unknown owner - D:\Sun\SDK\lib\appservService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Macromedia JRun Admin Server (JRun Admin) - Macromedia Inc. - D:\JRun4\bin\jrunsvc.exeO23 - Service: Macromedia JRun Default Server (JRun Default) - Macromedia Inc. - D:\JRun4\bin\jrunsvc.exeO23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exeO23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exeO23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exeO23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeO23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeO23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeO23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exeO23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exeO23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exeO23 - Service: MySQL - Unknown owner - C:\MySQL5.1\bin\mysqld-nt (file missing)O23 - Service: Apache Tomcat (Tomcat6) - Apache Software Foundation - D:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe--End of file - 8492 bytes Silent Runners: "Silent Runners.vbs", revision 59, http://www.silentrunners.org/Operating System: Windows VistaOutput limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]"ehTray.exe" = "C:\Windows\ehome\ehTray.exe" [MS]"DAEMON Tools Lite" = ""D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun" ["DT Soft Ltd"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"Windows Defender" = "C:\Program Files\Windows Defender\MSASCui.exe -hide""MWLExe" = "C:\Program Files\Mcafee\MWL\MWLGuiSt.exe" ["McAfee, Inc."]"McENUI" = "C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide" ["McAfee, Inc."]"mcagent_exe" = "C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey" ["McAfee, Inc."]"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]"SunJavaUpdateSched" = ""D:\Program Files\Java\jre6\bin\jusched.exe"" ["Sun Microsystems, Inc."]"QuickTime Task" = ""D:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub" -> {HKLM...CLSID} = "Adobe PDF Link Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"]{22BF413B-C6D2-4d91-82A9-A0F997BA588C}\(Default) = "Skype add-on (mastermind)" -> {HKLM...CLSID} = "Skype add-on (mastermind)" \InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."]{3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided) -> {HKLM...CLSID} = "RealPlayer Download and Record Plugin for Internet Explorer" \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll" ["RealPlayer"]{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}\(Default) = "McAntiPhishingBHO" -> {HKLM...CLSID} = "McAfee Phishing Filter" \InProcServer32\(Default) = "C:\Program Files\McAfee\MSK\mcapbho.dll" ["McAfee, Inc."]{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\(Default) = "scriptproxy" -> {HKLM...CLSID} = "scriptproxy" \InProcServer32\(Default) = "C:\Program Files\McAfee\VirusScan\scriptsn.dll" ["McAfee, Inc."]{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\(Default) = (no title provided) -> {HKLM...CLSID} = "McAfee SiteAdvisor BHO" \InProcServer32\(Default) = "c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll" ["McAfee, Inc."]{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper" \InProcServer32\(Default) = "D:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]{ecdee021-0d17-467f-a1ff-c7a115230949}\(Default) = (no title provided) -> {HKLM...CLSID} = "free-downloads.net Toolbar" \InProcServer32\(Default) = "C:\Program Files\free-downloads.net\tbfree.dll" ["Conduit Ltd."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{7842554E-6BED-11D2-8CDB-B05550C10000}" = "Monitor" -> {HKLM...CLSID} = "Monitor Class" \InProcServer32\(Default) = "C:\Windows\system32\btncopy.dll" ["Broadcom Corporation."]"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]"{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" = "DropboxExt" -> {HKLM...CLSID} = "DropboxExt" \InProcServer32\(Default) = "e:\Dropbox\DropboxExt.dll" ["Evenflow, Inc."]"{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" = "DropboxExt" -> {HKLM...CLSID} = "DropboxExt" \InProcServer32\(Default) = "e:\Dropbox\DropboxExt.dll" ["Evenflow, Inc."]"{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" = "DropboxExt" -> {HKLM...CLSID} = "DropboxExt" \InProcServer32\(Default) = "e:\Dropbox\DropboxExt.dll" ["Evenflow, Inc."]HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\DropboxExt\(Default) = "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" -> {HKLM...CLSID} = "DropboxExt" \InProcServer32\(Default) = "e:\Dropbox\DropboxExt.dll" ["Evenflow, Inc."]McCtxMenu\(Default) = "{01576F39-90DE-4D6E-A068-5B20C22BAAEE}" -> {HKLM...CLSID} = "CtxMenu Class" \InProcServer32\(Default) = "C:\Program Files\McAfee\VirusScan\mcctxmnu.dll" ["McAfee, Inc."]Notepad++\(Default) = "{120B94B5-2E6A-4F13-94D0-414BCB64FA0F}" -> {HKLM...CLSID} = "Notepad++" \InProcServer32\(Default) = "C:\Program Files\Notepad++\nppcm.dll" ["Burgaud.com"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\DropboxExt\(Default) = "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" -> {HKLM...CLSID} = "DropboxExt" \InProcServer32\(Default) = "e:\Dropbox\DropboxExt.dll" ["Evenflow, Inc."]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\McCtxMenu\(Default) = "{01576F39-90DE-4D6E-A068-5B20C22BAAEE}" -> {HKLM...CLSID} = "CtxMenu Class" \InProcServer32\(Default) = "C:\Program Files\McAfee\VirusScan\mcctxmnu.dll" ["McAfee, Inc."]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]Group Policies {GPedit.msc branch and setting}:-----------------------------------------------Note: detected settings may not have any effect.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000002{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}"ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|User Account Control: Behavior Of The Elevation Prompt For Standard Users}"EnableInstallerDetection" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|User Account Control: Detect Application Installations And Prompt For Elevation}"EnableLUA" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|User Account Control: Run All Administrators In Admin Approval Mode}"EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|User Account Control: Only elevate UIAccess applications that are installed in secure locations}"EnableVirtualization" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|User Account Control: Virtualize file and registry write failures to per-user locations}"PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|User Account Control: Switch to the secure desktop when prompting for elevation}"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Devices: Allow undock without having to log on}"FilterAdministratorToken" = (REG_DWORD) dword:0x00000000{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|User Account Control: Admin Approval Mode for the Built-in Administrator Account}"EnableUIADesktopToggle" = (REG_DWORD) dword:0x00000000{unrecognized setting}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCU\Software\Microsoft\Internet Explorer\Desktop\General\"Wallpaper" = "C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "C:\Users\rebel\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg"Windows Portable Device AutoPlay Handlers-----------------------------------------HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\NeroAutoPlay9AudioToNeroDigital\"Provider" = "Nero Burning ROM""InvokeProgID" = "Nero.AutoPlay8""InvokeVerb" = "AudioToNeroDigital_PlayCDAudioOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = "D:\Program Files\Nero\Nero 9\Nero Burning ROM\Nero.exe /Dialog:SaveTracks %L" [file not found]NeroAutoPlay9CDAudio\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay8""InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "D:\Program Files\Nero\Nero 9\Nero Express\NeroExpress.exe -w /New:AudioCD" [file not found]NeroAutoPlay9CopyCD\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay8""InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "D:\Program Files\Nero\Nero 9\Nero Express\NeroExpress.exe -w /Dialog:DiscCopy" [file not found]NeroAutoPlay9DataDisc\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay8""InvokeVerb" = "DataDisc_HandleCDBurningOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "D:\Program Files\Nero\Nero 9\Nero Express\NeroExpress.exe -w /New:ISODisc" [file not found]NeroAutoPlay9RipCD\"Provider" = "Nero Burning ROM""InvokeProgID" = "Nero.AutoPlay8""InvokeVerb" = "RipCD_PlayCDAudioOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = "D:\Program Files\Nero\Nero 9\Nero Burning ROM\Nero.exe /Dialog:SaveTracks %L" [file not found]Picasa2ImportPicturesOnArrival\"Provider" = "Picasa3""InvokeProgID" = "picasa2.autoplay""InvokeVerb" = "import"HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = "D:\Program Files\Google\Picasa3\Picasa3.exe "%1"" ["Google Inc."]RPCDBurningOnArrival\"Provider" = "RealPlayer""InvokeProgID" = "RealPlayer.CDBurn.6""InvokeVerb" = "open"HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."]RPDeviceOnArrival\"Provider" = "RealPlayer""ProgID" = "RealPlayer.HWEventHandler"HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}" -> {HKLM...CLSID} = "RealNetworks Scheduler" \LocalServer32\(Default) = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -autoplay" ["RealNetworks, Inc."]RPPlayCDAudioOnArrival\"Provider" = "RealPlayer""InvokeProgID" = "RealPlayer.AudioCD.6""InvokeVerb" = "play"HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /play %1 " ["RealNetworks, Inc."]RPPlayDVDMovieOnArrival\"Provider" = "RealPlayer""InvokeProgID" = "RealPlayer.DVD.6""InvokeVerb" = "play"HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /dvd %1 " ["RealNetworks, Inc."]RPPlayMediaOnArrival\"Provider" = "RealPlayer""InvokeProgID" = "RealPlayer.AutoPlay.6""InvokeVerb" = "open"HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."]VLCPlayCDAudioOnArrival\"Provider" = "VideoLAN VLC media player""InvokeProgID" = "VLC.CDAudio""InvokeVerb" = "play"HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\play\command\(Default) = ""d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file cdda://%1" ["the VideoLAN Team"]VLCPlayDVDMovieOnArrival\"Provider" = "VideoLAN VLC media player""InvokeProgID" = "VLC.DVDMovie""InvokeVerb" = "play"HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\play\command\(Default) = ""d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file dvd://%1" ["the VideoLAN Team"]WIA_{449584F0-CC14-477D-88F0-6E9C54FDADCA}\"Provider" = "Picasa3""CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}""InitCmdLine" = "/WiaCmd;C:\Program Files\Google\Picasa3\Picasa3.exe /StiDevice:%1 /StiEvent:%2;" -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]WIA_{6FFDAED1-F0CF-46C5-8215-7DFE65FFA7CD}\"Provider" = "Picasa3""CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}""InitCmdLine" = "/WiaCmd;D:\Program Files\Google\Picasa3\Picasa3.exe /StiDevice:%1 /StiEvent:%2;" -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]Startup items in "rebel" & "All Users" startup folders:-------------------------------------------------------C:\Users\rebel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"SDK Tray Menu" -> shortcut to: "D:\Program Files\Java\jdk1.6.0_12\bin\javaw.exe -Xms2m -Dadmin.port=4848 -cp "D:\Sun\SDK\lib\jdic\jdic.jar;D:\Sun\SDK\lib\install\tray\tray.jar;D:\Sun\SDK\lib\appserv-rt.jar;." Tray" ["Sun Microsystems, Inc."]C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup"Monitor Apache Servers" -> shortcut to: "C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe" ["Apache Software Foundation"]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]000000000004\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]000000000005\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]000000000006\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000007\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000008\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Inc."]Transport Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 31Toolbars, Explorer Bars, Extensions:------------------------------------ToolbarsHKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\"{ECDEE021-0D17-467F-A1FF-C7A115230949}" -> {HKLM...CLSID} = "free-downloads.net Toolbar" \InProcServer32\(Default) = "C:\Program Files\free-downloads.net\tbfree.dll" ["Conduit Ltd."]"{32099AAC-C132-4136-9E9A-4E364A424E17}" -> {HKLM...CLSID} = "DAEMON Tools Toolbar" \InProcServer32\(Default) = "C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll" [null data]HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" = "McAfee SiteAdvisor" -> {HKLM...CLSID} = "McAfee SiteAdvisor Toolbar" \InProcServer32\(Default) = "c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll" ["McAfee, Inc."]"{ECDEE021-0D17-467F-A1FF-C7A115230949}" = "free-downloads.net Toolbar" -> {HKLM...CLSID} = "free-downloads.net Toolbar" \InProcServer32\(Default) = "C:\Program Files\free-downloads.net\tbfree.dll" ["Conduit Ltd."]"{32099AAC-C132-4136-9E9A-4E364A424E17}" = (no title provided) -> {HKLM...CLSID} = "DAEMON Tools Toolbar" \InProcServer32\(Default) = "C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll" [null data]Explorer BarsHKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\HKLM\SOFTWARE\Classes\CLSID\{1B6A4510-F6D7-491C-AAB2-0B8B3FE82C9D}\(Default) = "free-downloads.net Findbar"Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]InProcServer32\(Default) = "C:\Program Files\free-downloads.net\tbfree.dll" ["Conduit Ltd."]Extensions (Tools menu items, main toolbar menu buttons)HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{77BF5300-1474-4EC7-9980-D32B190E9B07}\"ButtonText" = "Skype""CLSIDExtension" = "{77BF5300-1474-4EC7-9980-D32B190E9B07}" -> {HKLM...CLSID} = "Skype add-on (button)" \InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."]{CCA281CA-C863-46EF-9331-5C8D4460577F}\"ButtonText" = "@btrez.dll,-4015""MenuText" = "@btrez.dll,-12650""Script" = "C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm" [null data]Miscellaneous IE Hijack Points------------------------------HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\<<H>> "{ecdee021-0d17-467f-a1ff-c7a115230949}" = (no title provided) -> {HKLM...CLSID} = "free-downloads.net Toolbar" \InProcServer32\(Default) = "C:\Program Files\free-downloads.net\tbfree.dll" ["Conduit Ltd."]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------Apache Tomcat, Tomcat6, ""D:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe" //RS//Tomcat6" ["Apache Software Foundation"]Apache2.2, Apache2.2, ""C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice" ["Apache Software Foundation"]Application Management, AppMgmt, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\System32\appmgmts.dll" [MS]}Bluetooth Support Service, BthServ, "C:\Windows\system32\svchost.exe -k bthsvcs" {"C:\Windows\System32\bthserv.dll" [MS]}Bonjour Service, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Inc."]CNG Key Isolation, KeyIso, "C:\Windows\system32\lsass.exe" [MS]Extensible Authentication Protocol, EapHost, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\eapsvc.dll" [MS]}Human Interface Device Access, hidserv, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\system32\hidserv.dll" [MS]}McAfee Network Agent, McNASvc, ""c:\program files\common files\mcafee\mna\mcnasvc.exe"" ["McAfee, Inc."]McAfee Personal Firewall Service, MpfService, ""C:\Program Files\McAfee\MPF\MPFSrv.exe"" ["McAfee, Inc."]McAfee Proxy Service, McProxy, "c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe" ["McAfee, Inc."]McAfee Real-time Scanner, McShield, "C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe" ["McAfee, Inc."]McAfee Services, mcmscsvc, "C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe" ["McAfee, Inc."]McAfee SiteAdvisor Service, McAfee SiteAdvisor Service, ""C:\Program Files\McAfee\SiteAdvisor\McSACore.exe"" ["McAfee, Inc."]McAfee SpamKiller Service, MSK80Service, ""C:\Program Files\McAfee\MSK\MskSrver.exe"" ["McAfee, Inc."]McAfee SystemGuards, McSysmon, "C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe" ["McAfee, Inc."]McAfee Wireless Network Security Service, MWLSvc, "C:\Program Files\Mcafee\MWL\MwlSvc.exe" ["McAfee, Inc."]MySQL, MySQL, ""C:\MySQL5.1\bin\mysqld-nt" --defaults-file="C:\MySQL5.1\my.ini" MySQL" [null data]Secure Socket Tunneling Protocol Service, SstpSvc, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\system32\sstpsvc.dll" [MS]}SunJavaSystemAppserver9PE, AppServer9PE, "D:\Sun\SDK\lib\appservService.exe "\"D:\Sun\SDK\bin\asadmin.bat\" start-domain --user admin domain1" "\"D:\Sun\SDK\bin\asadmin.bat\" stop-domain domain1\"" [null data]Windows Backup, SDRSVC, "C:\Windows\system32\svchost.exe -k SDRSVC" {"C:\Windows\System32\SDRSVC.dll" [MS]}Windows Driver Foundation - User-mode Driver Framework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [MS]}Windows Image Acquisition (WIA), stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]}Windows Media Player Network Sharing Service, WMPNetworkSvc, ""C:\Program Files\Windows Media Player\wmpnetwk.exe"" [MS]WLAN AutoConfig, Wlansvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\wlansvc.dll" [MS]}---------- (launch time: 2009-06-07 12:20:00)<<H>>: Suspicious data at a browser hijack point.+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter.+ To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box.---------- (total run time: 175 seconds, including 18 seconds for message boxes)
×
×
  • Dodaj nową pozycję...