Skocz do zawartości
Geoorg

Proszę O Sprawdzenie Loga Z Cobofix I Hjt Oraz Silent Runners

Przez Geoorg, w Centrum Bezpieczeństwa

Rekomendowane odpowiedzi

Geoorg Newbie

Geoorg

Opublikowano
Opublikowano

Proszę o sprawdzenie loga ComboFix i HJT, Silent Runners

 

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Log ComboFix"
ComboFix 08-11-11.01 - Przemek 2008-11-12 18:36:58.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.666 [GMT 1:00]

Uruchomiony z: c:\documents and settings\Przemek\Pulpit\ComboFix.exe

Użyto następujących komend :: c:\documents and settings\Przemek\Pulpit\WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

* Utworzono nowy punkt przywracania

.

 

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\ffaadfbcb_z.dll

 

.

((((((((((((((((((((((((( Pliki utworzone od 2008-10-12 do 2008-11-12 )))))))))))))))))))))))))))))))

.

 

2008-11-05 13:02 . 2008-11-05 13:02 <DIR> d-------- c:\program files\jv16 PowerTools 2008

2008-11-05 13:02 . 2008-11-05 13:02 23 --a------ c:\windows\system32\faefcd6_z.ocx

2008-11-02 20:28 . 2008-11-02 20:28 0 --a------ c:\windows\system32\cid_store.dat

2008-11-02 20:20 . 2008-11-12 18:14 <DIR> d-------- c:\documents and settings\Przemek\Dane aplikacji\MxBoost

2008-11-02 20:18 . 2008-11-02 20:21 <DIR> d-------- c:\program files\Maxthon2

2008-11-01 14:56 . 2008-11-01 15:48 2,042 --a------ c:\windows\system32\tmp.reg

2008-11-01 14:54 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe

2008-11-01 14:54 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe

2008-11-01 14:54 . 2008-09-08 22:38 88,576 --a------ c:\windows\system32\AntiXPVSTFix.exe

2008-11-01 14:54 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe

2008-11-01 14:54 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe

2008-11-01 14:54 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe

2008-11-01 14:54 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe

2008-11-01 14:54 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe

2008-11-01 14:54 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe

2008-11-01 14:54 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe

2008-11-01 14:54 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe

2008-10-31 20:25 . 2008-10-31 20:25 <DIR> d-------- c:\program files\Panda Security

2008-10-31 20:25 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys

2008-10-31 15:01 . 2008-10-31 15:01 <DIR> d-------- c:\program files\Trend Micro

 

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-28 01:05 --------- d-----w c:\documents and settings\Przemek\Dane aplikacji\Skype

2008-11-12 18:08 10,704,928 --sha-w c:\windows\system32\drivers\fidbox.dat

2008-11-12 17:33 --------- d-----w c:\program files\Neostrada TP

2008-11-12 17:20 128,888 --sha-w c:\windows\system32\drivers\fidbox.idx

2008-11-11 14:20 3,619,840 ----a-w c:\windows\Internet Logs\xDB1.tmp

2008-11-11 14:20 1,939,968 ----a-w c:\windows\Internet Logs\xDB2.tmp

2008-11-06 12:29 --------- d-----w c:\documents and settings\Przemek\Dane aplikacji\ZoomBrowser EX

2008-11-02 17:40 25,992 ----a-w c:\windows\system32\pgdfgsvc.exe

2008-11-02 16:02 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Ashampoo

2008-11-01 14:11 --------- d-----w c:\program files\Spybot - Search & Destroy

2008-11-01 10:57 --------- d-----w c:\program files\Eraser

2008-10-27 13:54 --------- d-----w c:\documents and settings\Przemek\Dane aplikacji\Ahead

2008-10-11 12:55 --------- d-----w c:\documents and settings\Przemek\Dane aplikacji\skypePM

2008-10-09 09:27 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab

2008-09-17 17:30 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP

2008-09-16 16:45 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy

2008-09-16 16:17 --------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)

2008-09-14 19:52 --------- d--h--w c:\program files\InstallShield Installation Information

2008-09-14 19:52 --------- d-----w c:\program files\Avanquest update

2008-09-14 19:52 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\BVRP Software

2008-09-14 19:50 --------- d-----w c:\program files\Sony Ericsson

2008-09-14 19:50 --------- d-----w c:\documents and settings\Przemek\Dane aplikacji\InstallShield

2008-09-14 19:50 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Sony Ericsson

2008-09-14 19:46 --------- d-----w c:\program files\Common Files\Teleca Shared

2008-01-17 16:32 32 ----a-w c:\documents and settings\All Users\Dane aplikacji\ezsid.dat

.

 

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2006-02-17 2396160]

"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-11-02 160592]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WooCnxMon"="c:\progra~1\NEOSTR~1\CnxMon.exe" [2003-10-16 24576]

"WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2003-10-16 20480]

"WOOTASKBARICON"="c:\progra~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 53248]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]

"DefragTaskBar"="c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2008-10-09 173408]

"SMSERIAL"="sm56hlpr.exe" [2005-04-07 c:\windows\sm56hlpr.exe]

"VTTrayp"="VTtrayp.exe" [2005-03-11 c:\windows\system32\VTTrayp.exe]

"SoundMan"="SOUNDMAN.EXE" [2005-05-17 c:\windows\SOUNDMAN.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c7d61f8-f6bb-11dc-a2cb-0014a50ea024}]

\Shell\AutoRun\command - F:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5046acb0-734c-11dd-b531-000e50b273de}]

\Shell\AutoRun\command - F:\InstallTomTomHOME.exe

.

.

------- Skan uzupełniający -------

.

FireFox -: Profile - c:\documents and settings\Przemek\Dane aplikacji\Mozilla\Firefox\Profiles\ti7bsmti.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://profil.wp.pl/login.html?url=http%3A%2F%2Fpoczta.wp.pl%2Findex.html%3Fflg%3D1&serwis=nowa_poczta_wp&ticaid=15053&_ticrsn=3

FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-12 19:04:55

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

 

skanowanie ukrytych procesów ...

 

skanowanie ukrytych wpisów autostartu ...

 

skanowanie ukrytych plików ...

 

skanowanie pomyślnie ukończone

ukryte pliki: 0

 

**************************************************************************

.

Czas ukończenia: 2008-11-12 19:17:53

ComboFix-quarantined-files.txt 2008-11-12 18:17:17

ComboFix2.txt 2008-10-31 17:25:02

 

Przed: 1,829,949,440 bajtów wolnych

Po: 1,877,135,360 bajtów wolnych

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Log HijackThis"
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:52:22, on 2008-11-12

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\sm56hlpr.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\PROGRA~1\NEOSTR~1\CnxMon.exe

C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\Program Files\Neostrada TP\NeostradaTP.exe

C:\Program Files\Neostrada TP\ComComp.exe

C:\Program Files\Neostrada TP\Watch.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Pasek Narzędzi RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Personalizuj Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: Wypełnij Pola - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: Zapisz Pola - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Wypełnij pola - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Wypełnij Pola - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Zapisz - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Zapisz Pola - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: Pasek Narzędzi RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virussca...can_unicode.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1D6} (Instalator oprogramowania Onet.pl) - http://slimak.onet.pl/_m/kamerzysta/OnetInstalator012s.ocx

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1197829254234

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...373/mcfscan.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2774C82D-89D8-4C81-9B7C-9D27EEAC84F1}: NameServer = 194.204.159.1 217.98.63.164

O17 - HKLM\System\CS1\Services\Tcpip\..\{2774C82D-89D8-4C81-9B7C-9D27EEAC84F1}: NameServer = 194.204.159.1 217.98.63.164

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 9771 bytes

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Log z Silent Runners"
"Silent Runners.vbs", revision 58, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu Sp. z oo"]

"RoboForm" = ""C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"" ["Siber Systems"]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"SMSERIAL" = "sm56hlpr.exe" ["Motorola Inc."]

"VTTrayp" = "VTtrayp.exe" ["S3 Graphics Co., Ltd."]

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"WooCnxMon" = "C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [empty string]

"WOOWATCH" = "C:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"]

"WOOTASKBARICON" = "C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" ["France Télécom R&D"]

"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]

"ZoneAlarm Client" = ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"]

"DefragTaskBar" = ""C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"" [null data]

"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"" ["Sun Microsystems, Inc."]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Spybot-S&D IE Protection"

\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{724d43a9-0d85-11d4-9908-00400523e39a}\(Default) = "RoboForm"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Siber Systems\AI RoboForm\roboform.dll" ["Siber Systems Inc."]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]

{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}\(Default) = "ZoneAlarm Spy Blocker BHO"

-> {HKLM...CLSID} = "ZoneAlarm Spy Blocker BHO"

\InProcServer32\(Default) = "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" ["ZoneAlarm"]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"

-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"

-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{D9872D13-7651-4471-9EEE-F0A00218BEBB}" = "Multiscan"

-> {HKLM...CLSID} = "ZLAVShExt Class"

\InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

-> {HKLM...CLSID} = "Microsoft Office Outlook"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

-> {HKLM...CLSID} = "avast"

\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

"{8BE13461-936F-11D1-A87D-444553540000}" = "Eraser Shell Extension"

-> {HKLM...CLSID} = "Eraser Shell Extension"

\InProcServer32\(Default) = "C:\PROGRA~1\Eraser\erasext.dll" ["-"]

 

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\

<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]| [file not found]| [file not found]

 

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

 

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"

-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

 

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

Erasext\(Default) = "{8BE13461-936F-11D1-A87D-444553540000}"

-> {HKLM...CLSID} = "Eraser Shell Extension"

\InProcServer32\(Default) = "C:\PROGRA~1\Eraser\erasext.dll" ["-"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}"

-> {HKLM...CLSID} = "ZLAVShExt Class"

\InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]

 

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

Erasext\(Default) = "{8BE13461-936F-11D1-A87D-444553540000}"

-> {HKLM...CLSID} = "Eraser Shell Extension"

\InProcServer32\(Default) = "C:\PROGRA~1\Eraser\erasext.dll" ["-"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}"

-> {HKLM...CLSID} = "ZLAVShExt Class"

\InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]

 

 

Default executables:

--------------------

 

<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile"

 

 

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

 

Note: detected settings may not have any effect.

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

 

"NoDrives" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

 

"NoRecentDocsHistory" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

 

"NoDrives" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

 

"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

 

"HideLogoffScripts" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

 

"HideStartupScripts" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

 

"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

 

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

 

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

 

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

 

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

 

"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

 

"HideLogoffScripts" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

 

"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

 

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

 

"HideStartupScripts" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

 

 

Active Desktop and Wallpaper:

-----------------------------

 

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

 

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

 

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Przemek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

 

 

Windows Portable Device AutoPlay Handlers

-----------------------------------------

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

 

CanonCW50PicturesOnArrival\

"Provider" = "Canon CameraWindow"

"InvokeProgID" = "Cw50.AutoplayHandler"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\Cw50.AutoplayHandler\shell\open\command\(Default) = "C:\Program Files\Canon\CameraWindow\CameraWindowMC\CameraLauncherMC.exe" [null data]

 

CanonZB4PicturesOnArrival\

"Provider" = "ZoomBrowser EX"

"InvokeProgID" = "Zb.AutoplayHandler"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\Zb.AutoplayHandler\shell\open\command\(Default) = "C:\Program Files\Canon\ZoomBrowser EX\Program\ZoomBrowser.exe /AUTOPLAY ""%1"""" [empty string]

 

NeroAutoPlay7AudioToNeroDigital\

"Provider" = "Nero Burning ROM"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "AudioToNeroDigital_PlayCDAudioOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]

 

NeroAutoPlay7CDAudio\

"Provider" = "Nero Express"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /New:AudioCD" ["Nero AG"]

 

NeroAutoPlay7CopyCD\

"Provider" = "Nero Burning ROM"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:DiscCopy %L" ["Nero AG"]

 

NeroAutoPlay7DataDisc\

"Provider" = "Nero Express"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "DataDisc_HandleCDBurningOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /New:ISODisc" ["Nero AG"]

 

NeroAutoPlay7LaunchNeroStartSmart\

"Provider" = "Nero StartSmart"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]

 

NeroAutoPlay7PlayAudioCD\

"Provider" = "Nero ShowTime"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

 

NeroAutoPlay7PlayDVD\

"Provider" = "Nero ShowTime"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

 

NeroAutoPlay7RipCD\

"Provider" = "Nero Burning ROM"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "RipCD_PlayCDAudioOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]

 

NeroAutoPlay7TranscodeVideo\

"Provider" = "Nero Recode"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"]

 

NeroAutoPlay7VideoCapture\

"Provider" = "Nero Vision"

"ProgID" = "Shell.HWEventHandlerShellExecute"

"InitCmdLine" = "/New:VideoCapture"

HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"

-> {HKLM...CLSID} = "ShellExecute HW Event Handler"

\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

 

NeroAutoPlay7ViewPhotos\

"Provider" = "Nero PhotoSnap Viewer"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"]

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

 

Transport Service Providers

 

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 25

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

 

 

Toolbars, Explorer Bars, Extensions:

------------------------------------

 

Toolbars

 

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\

"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"

-> {HKLM...CLSID} = "ZoneAlarm Spy Blocker"

\InProcServer32\(Default) = "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" ["ZoneAlarm"]

"{724D43A0-0D85-11D4-9908-00400523E39A}"

-> {HKLM...CLSID} = "&RoboForm"

\InProcServer32\(Default) = "C:\Program Files\Siber Systems\AI RoboForm\roboform.dll" ["Siber Systems Inc."]

 

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{724D43A0-0D85-11D4-9908-00400523E39A}"

-> {HKLM...CLSID} = "&RoboForm"

\InProcServer32\(Default) = "C:\Program Files\Siber Systems\AI RoboForm\roboform.dll" ["Siber Systems Inc."]

"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"

-> {HKLM...CLSID} = "ZoneAlarm Spy Blocker"

\InProcServer32\(Default) = "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" ["ZoneAlarm"]

 

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\

"{724D43A0-0D85-11D4-9908-00400523E39A}" = (no title provided)

-> {HKLM...CLSID} = "&RoboForm"

\InProcServer32\(Default) = "C:\Program Files\Siber Systems\AI RoboForm\roboform.dll" ["Siber Systems Inc."]

"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" = (no title provided)

-> {HKLM...CLSID} = "ZoneAlarm Spy Blocker"

\InProcServer32\(Default) = "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" ["ZoneAlarm"]

 

Explorer Bars

 

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

 

HKLM\SOFTWARE\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\(Default) = "Volet Wanadoo"

Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]

 

HKLM\SOFTWARE\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\(Default) = "ToolBand Class"

Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]

 

HKLM\SOFTWARE\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\(Default) = "Volet Wanadoo"

Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]

 

HKLM\SOFTWARE\Classes\CLSID\{916C1EF1-CA89-4F1B-AFDA-3CA85BD0F831}\(Default) = "ZoneAlarm PopBlocker"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]

 

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

 

Extensions (Tools menu items, main toolbar menu buttons)

 

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}"

-> {HKCU...CLSID} = "Java Plug-in 1.6.0_07"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]

-> {HKLM...CLSID} = "Java Plug-in 1.6.0_07"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll" ["Sun Microsystems, Inc."]

 

{320AF880-6646-11D3-ABEE-C5DBF3571F46}\

"ButtonText" = "Wypełnij pola"

"MenuText" = "Wypełnij Pola"

"Script" = "file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html" [file not found]

 

{320AF880-6646-11D3-ABEE-C5DBF3571F49}\

"ButtonText" = "Zapisz"

"MenuText" = "Zapisz Pola"

"Script" = "file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html" [file not found]

 

{724D43AA-0D85-11D4-9908-00400523E39A}\

"ButtonText" = "RoboForm"

"MenuText" = "Pasek Narzędzi RoboForm"

"Script" = "file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html" [file not found]

 

{85D1F590-48F4-11D9-9669-0800200C9A66}\

"MenuText" = "Uninstall BitDefender Online Scanner v8"

"Exec" = "%windir%\bdoscandel.exe" [null data]

 

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Badanie"

 

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\

"MenuText" = "Spybot - Search & Destroy Configuration"

"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"

-> {HKLM...CLSID} = "Spybot-S&D IE Protection"

\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

 

 

Miscellaneous IE Hijack Points

------------------------------

 

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

<<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)

-> {HKLM...CLSID} = "Search Class"

\InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string]

 

 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

 

Ashampoo Defrag Service, AshampooDefragService, "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe" [" "]

avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]

avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]

avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]

avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]

Canon Camera Access Library 8, CCALib8, "C:\Program Files\Canon\CAL\CALMAIN.exe" ["Canon Inc."]

Lavasoft Ad-Aware Service, aawservice, ""C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"" ["Lavasoft"]

TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]

 

 

Print Monitors:

---------------

 

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\

Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

 

 

---------- (launch time: 2008-11-12 20:41:15)

<<!>>: Suspicious data at a malware launch point.

<<H>>: Suspicious data at a browser hijack point.

 

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer "No" at the

first message box and "Yes" at the second message box.

---------- (total run time: 79 seconds, including 16 seconds for message boxes)

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi
Udostępnij na innych stronach

Dołącz do dyskusji

Możesz dodać zawartość już teraz a zarejestrować się później. Jeśli posiadasz już konto, zaloguj się aby dodać zawartość za jego pomocą.

Gość
Dodaj odpowiedź do tematu...

×   Wklejono zawartość z formatowaniem.   Przywróć formatowanie

  Dozwolonych jest tylko 75 emoji.

×   Odnośnik został automatycznie osadzony.   Przywróć wyświetlanie jako odnośnik

×   Przywrócono poprzednią zawartość.   Wyczyść edytor

×   Nie możesz bezpośrednio wkleić grafiki. Dodaj lub załącz grafiki z adresu URL.

Ładowanie
×
Tematy
×
×
  • Dodaj nową pozycję...