Maciekk_ Opublikowano 26 Czerwca 2008 Zgłoś Opublikowano 26 Czerwca 2008 ComboFix ComboFix 08-06-20.4 - Maciek 2008-06-26 14:03:59.5 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1508 [GMT 2:00]Running from: C:\Documents and Settings\Maciek\Moje dokumenty\hjt\ComboFix.exeCommand switches used :: C:\Documents and Settings\Maciek\Moje dokumenty\hjt\CFScript.txt * Created a new restore point[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color].((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 ))))))))))))))))))))))))))))))).2008-06-26 11:27 . 2008-06-26 11:27 0 --a------ C:\WINNT\nsreg.dat2008-06-26 06:43 . 2008-06-26 06:43 <DIR> d-------- C:\Program Files\MSXML 4.02008-06-25 21:36 . 2008-06-14 20:01 273,024 --------- C:\WINNT\system32\drivers\bthport.sys2008-06-25 21:36 . 2008-06-14 20:01 273,024 -----c--- C:\WINNT\system32\dllcache\bthport.sys2008-06-25 21:33 . 2007-07-09 15:11 584,192 -----c--- C:\WINNT\system32\dllcache\rpcrt4.dll2008-06-25 21:31 . 2008-05-08 14:28 202,752 -----c--- C:\WINNT\system32\dllcache\rmcast.sys2008-06-25 19:55 . 2008-06-25 19:55 <DIR> d-------- C:\WINNT\system32\xircom2008-06-25 19:55 . 2008-06-25 19:55 <DIR> d-------- C:\Program Files\microsoft frontpage2008-06-25 14:49 . 2008-06-25 14:49 15,544 --a------ C:\WINNT\system32\drivers\sbhr.sys2008-06-25 14:09 . 2008-06-25 14:17 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP2008-06-25 13:01 . 2008-06-25 13:01 <DIR> d-------- C:\Documents and Settings\Maciek\Dane aplikacji\Sunbelt Software2008-06-25 13:01 . 2008-06-25 13:01 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Sunbelt Software2008-06-25 13:01 . 2008-06-25 13:01 0 --a------ C:\WINNT\system32\SBRC.dat2008-06-25 13:01 . 2008-06-25 13:01 0 --a------ C:\WINNT\system32\SBFC.dat2008-06-25 13:00 . 2008-06-25 13:00 <DIR> d-------- C:\Program Files\Sunbelt Software2008-06-25 12:41 . 2008-06-26 11:09 <DIR> d-------- C:\Program Files\Spyware Terminator2008-06-25 12:41 . 2008-06-26 11:17 <DIR> d-------- C:\Documents and Settings\Maciek\Dane aplikacji\Spyware Terminator2008-06-25 12:41 . 2008-06-26 11:09 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator2008-06-25 12:41 . 2008-06-25 12:41 141,312 --a------ C:\WINNT\system32\drivers\sp_rsdrv2.sys2008-06-25 11:19 . 2008-06-25 11:19 <DIR> d-------- C:\Program Files\Lavasoft2008-06-25 11:19 . 2008-06-25 11:19 <DIR> d-------- C:\Documents and Settings\Maciek\Dane aplikacji\Lavasoft2008-06-25 11:11 . 2008-06-25 11:11 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft2008-06-24 22:34 . 2008-06-25 15:15 90,838 --a------ C:\WINNT\system32\phc1c1j0eg03.bmp2008-06-24 22:34 . 2008-06-25 15:15 60,928 --a------ C:\WINNT\system32\blphc1c1j0eg03.scr2008-06-24 22:33 . 2008-06-24 22:33 54,156 --ah----- C:\WINNT\QTFont.qfn2008-06-24 22:33 . 2008-06-24 22:33 1,409 --a------ C:\WINNT\QTFont.for2008-06-04 15:44 . 2008-06-04 15:44 <DIR> d-------- C:\Soldat2008-06-03 19:47 . 2008-06-03 19:47 <DIR> d-------- C:\Program Files\Google2008-06-02 21:32 . 2008-06-02 21:32 <DIR> d-------- C:\Documents and Settings\Maciek\Dane aplikacji\DAEMON Tools2008-05-31 21:21 . 2008-05-31 21:21 0 -ra------ C:\logwmemory.bin2008-05-31 21:19 . 2008-05-31 21:19 <DIR> d-------- C:\Documents and Settings\Maciek\Dane aplikacji\Soldat.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-06-26 07:57 --------- d-----w C:\Documents and Settings\Maciek\Dane aplikacji\AVG72008-06-25 09:10 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard2008-06-24 16:01 --------- d-----w C:\Documents and Settings\Beata.LESZEK-4025D4B0\Dane aplikacji\AVG72008-06-18 16:47 --------- d-----w C:\Documents and Settings\Maciek\Dane aplikacji\teamspeak22008-06-15 14:49 196,608 ----a-w C:\WINNT\system32\drivers\nStandard.bin2008-05-24 07:44 43,520 ----a-w C:\WINNT\system32\CmdLineExt03.dll2008-05-23 18:22 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-05-23 18:12 --------- d-----w C:\Program Files\Sygate2008-05-16 21:00 --------- d-----w C:\Documents and Settings\Maciek\Dane aplikacji\Winamp2008-05-08 12:28 202,752 ----a-w C:\WINNT\system32\drivers\rmcast.sys2008-05-07 05:03 1,291,776 ----a-w C:\WINNT\system32\quartz.dll2008-04-21 06:58 669,184 ----a-w C:\WINNT\system32\wininet.dll2008-04-13 17:28 98,304 ----a-w C:\WINNT\system32\qttask.exe2008-04-12 11:09 9,309,344 ----a-w C:\winamp5531_full_emusic-7plus_sv-se.exe2008-04-12 11:05 1,732,834 ----a-w C:\ALLPlayer_[www.instalki.pl].exe2008-04-10 18:16 6,184,960 ----a-w C:\epson26382eu.exe2008-04-10 18:10 24,754,048 ----a-w C:\AdbeRdr812_pl_PL.exe2008-04-09 20:26 499,712 ----a-w C:\WINNT\system32\msvcp71.dll.((((((((((((((((((((((((((((( snapshot@2008-06-26_ 9.54.38,35 ))))))))))))))))))))))))))))))))))))))))).- 2008-06-26 07:32:55 2,048 --s-a-w C:\WINNT\bootstat.dat+ 2008-06-26 11:43:10 2,048 --s-a-w C:\WINNT\bootstat.dat- 2008-06-26 04:47:05 2,912 ----a-w C:\WINNT\SoftwareDistribution\EventCache\{83906E52-06C3-467E-9800-9051A2D159BE}.bin+ 2008-06-26 08:02:10 2,912 ----a-w C:\WINNT\SoftwareDistribution\EventCache\{83906E52-06C3-467E-9800-9051A2D159BE}.bin- 2007-04-10 12:02:50 1,476,992 ------w C:\WINNT\system32\LegitCheckControl.dll+ 2008-03-20 16:06:36 1,480,232 ----a-w C:\WINNT\system32\LegitCheckControl.DLL.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Gadu-Gadu"="C:\Documents and Settings\Maciek\Moje dokumenty\gg\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\WINNT\system32\NvCpl.dll" [2007-12-07 07:51 8523776]"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-06-25 12:41 1817600][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"msacm.sl_anet"= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm"vidc.yv12"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL"vidc.divx"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll"vidc.iyuv"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll"vidc.uyvy"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll"vidc.yuy2"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll"vidc.yvyu"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll"msacm.msaudio1"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\WINNT\\system32\\sessmgr.exe"="C:\\Soldat\\Soldat.exe"="E:\\cs 1.6\\hl.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009R0 SBHR;SBHR;C:\WINNT\system32\drivers\sbhr.sys [2008-06-25 14:49]R1 EIO_XP;EIO_XP;C:\WINNT\system32\drivers\EIO_XP.sys [2006-06-14 13:44]R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINNT\system32\DRIVERS\msikbd2k.sys [2001-12-20 08:02]R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINNT\system32\drivers\sp_rsdrv2.sys [2008-06-25 12:41]R2 nhksrv;Netropa NHK Server;C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 05:41]R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINNT\system32\drivers\asusgsb.sys [2007-10-23 17:48]R3 ASUSVRC;ASUSTeK Virtual Capture Device;C:\WINNT\system32\DRIVERS\AsusVRC.sys [2007-01-29 17:12]R3 SBAPIFS;SBAPIFS;C:\WINNT\system32\drivers\sbapifs.sys []R3 Video3D;ASUS Video3D Service;C:\WINNT\system32\Drivers\Video3D32.sys [2007-10-23 17:48]S3 axskbus;axskbus;C:\WINNT\system32\DRIVERS\axskbus.sys []S3 cdrmkaun;cdrmkaun;C:\DOCUME~1\Maciek\USTAWI~1\Temp\cdrmkaun.sys []S3 mamotou;mamotou;C:\WINNT\system32\DRIVERS\mamotou.sys [2005-11-07 17:50]*Newly Created Service* - SBAPIFS.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-06-26 14:04:44Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]"ImagePath"="".Completion time: 2008-06-26 14:05:23ComboFix-quarantined-files.txt 2008-06-26 12:05:19ComboFix2.txt 2008-06-26 10:09:36ComboFix3.txt 2008-06-26 07:54:52Pre-Run: 31,008,063,488 bajtów wolnychPost-Run: 31,009,034,240 bajtów wolnych130 --- E O F --- 2008-06-26 07:52:26 HiJack Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:07:21, on 2008-06-26Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\svchost.exeC:\Program Files\Sygate\SPF\smc.exeC:\WINNT\system32\spoolsv.exeC:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exeC:\WINNT\ATKKBService.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\WINNT\system32\nvsvc32.exeC:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exeC:\Program Files\Spyware Terminator\SpywareTerminatorShield.exeC:\Program Files\Spyware Terminator\sp_rsser.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\WgaTray.exeC:\WINNT\system32\wuauclt.exeC:\WINNT\explorer.exeC:\Program Files\internet explorer\iexplore.exeC:\Documents and Settings\Maciek\Moje dokumenty\hjt\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Documents and Settings\Maciek\Moje dokumenty\gg\Gadu-Gadu\gg.exe" /trayO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINNT\ATKKBService.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exeO23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exeO23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exeO23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe--End of file - 3263 bytes SilentRunners "Silent Runners.vbs", revision 58, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"Gadu-Gadu" = ""C:\Documents and Settings\Maciek\Moje dokumenty\gg\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"NvCplDaemon" = "RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup" [MS]"SpywareTerminator" = ""C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"" ["Crawler.com"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINNT\system32\hticons.dll" ["Hilgraeve, Inc."]"{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete" -> {HKLM...CLSID} = "IE Microsoft AutoComplete" \InProcServer32\(Default) = "C:\WINNT\system32\browseui.dll" [MS]"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" -> {HKLM...CLSID} = "History Band" \InProcServer32\(Default) = "C:\WINNT\system32\shdocvw.dll" [MS]"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINNT\system32\nvcpl.dll" ["NVIDIA Corporation"]"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINNT\system32\nvcpl.dll" ["NVIDIA Corporation"]"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINNT\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINNT\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINNT\system32\nvshell.dll" ["NVIDIA Corporation"]"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension" -> {HKLM...CLSID} = "AVG7 Find Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\rpshell.dll" ["RealNetworks, Inc."]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]"{BD88A479-9623-4897-8546-BC62B9628F44}" = "SPTHandler" -> {HKLM...CLSID} = "SPTHandler" \InProcServer32\(Default) = "C:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"]HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [file not found]| [file not found]HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]SPTContMenu\(Default) = "{BD88A479-9623-4897-8546-BC62B9628F44}" -> {HKLM...CLSID} = "SPTHandler" \InProcServer32\(Default) = "C:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]SPTContMenu\(Default) = "{BD88A479-9623-4897-8546-BC62B9628F44}" -> {HKLM...CLSID} = "SPTHandler" \InProcServer32\(Default) = "C:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\SPTContMenu\(Default) = "{BD88A479-9623-4897-8546-BC62B9628F44}" -> {HKLM...CLSID} = "SPTHandler" \InProcServer32\(Default) = "C:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"]Group Policies {GPedit.msc branch and setting}:-----------------------------------------------Note: detected settings may not have any effect.HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoDrives" = (REG_DWORD) dword:0x00000000{unrecognized setting}HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoDrives" = (REG_DWORD) dword:0x00000000{unrecognized setting}HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideLogoffScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001{unrecognized setting}"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideStartupScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Devices: Allow undock without having to log on}"DisableRegistryTools" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideLogoffScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001{unrecognized setting}"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideStartupScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCU\Software\Microsoft\Internet Explorer\Desktop\General\"Wallpaper" = "C:\WINNT\web\wallpaper\Idylla.bmp"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\Maciek\Dane aplikacji\Microsoft\Internet Explorer\Tapeta programu Internet Explorer.bmp"Windows Portable Device AutoPlay Handlers-----------------------------------------HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\FunMultiMediaHandler\"Provider" = "MultiMedia Manager""ProgID" = "FUNBOX.Autoplay"HKLM\SOFTWARE\Classes\FUNBOX.Autoplay\CLSID\(Default) = "{DF866F1F-10DF-4694-94A9-7F526FC8800A}" -> {HKLM...CLSID} = "FUNBOX Autoplay Sample 2" \LocalServer32\(Default) = "C:\Program Files\Samsung\Samsung PC Studio 3\Share_autoplay.exe" ["TODO: <** **>" (unwritable string)]MSPlayCDAudioOnArrival\"Provider" = "ALLPlayer""InvokeProgID" = "AllPlayerFile""InvokeVerb" = "play"HKLM\SOFTWARE\Classes\AllPlayerFile\shell\play\command\(Default) = ""C:\Program Files\MarBit\ALLPlayer\ALLPlayer.exe" "%1"" ["MarBit"]NeroAutoPlay2CDAudio\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "HandleCDBurningOnArrival_CDAudio"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_CDAudio\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:AudioCD /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2CopyCD\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "PlayCDAudioOnArrival_CopyCD"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_CopyCD\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /Dialog:DiscCopy /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2DataDisc\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "HandleCDBurningOnArrival_DataDisc"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_DataDisc\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:ISODisc /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2LaunchNeroStartSmart\"Provider" = "Nero StartSmart""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_LaunchNeroStartSmart\command\(Default) = "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe /AutoPlay /Drive:%L" ["Ahead Software AG"]WinampMTPHandler\"Provider" = "Winamp""ProgID" = "Shell.HWEventHandlerShellExecute""InitCmdLine" = "C:\Program Files\Winamp\winamp.exe"HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]WinampPlayMediaOnArrival\"Provider" = "Winamp""InvokeProgID" = "Winamp.File""InvokeVerb" = "Play"HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"]HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}" -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = ""C:\Program Files\Winamp\winamp.exe"" ["Nullsoft"] Próbowałem różnymi anty wirusami itp. ale nic nie daje. Pierw zamiast tapety miałem informacje o tym, że na moim komputerze jest spyware, po 1 dniu to znikło ale mam kolejne problemy: -Internet się rozłącza co jakiś czas i trzeba resetować kompute. -Przy włączaniu komputera pokazuje mi się takie coś: -A na pasku zadań: Da to się jakoś naprawić ? PS windows orginalny. PS2 prosze o nie pisanie skomplikowanych rzeczy bo się nie znam dobrze na komputerach. Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
Kolobos Opublikowano 26 Czerwca 2008 Zgłoś Opublikowano 26 Czerwca 2008 Przeskanuj system przy pomocy AVPTool. Usun z dysku te dwa pliki: C:\WINNT\system32\phc1c1j0eg03.bmp C:\WINNT\system32\blphc1c1j0eg03.scr Co do sprawdzania oryginalnosci to zwroc sie do MS. Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
