Mógłby ktoś to sprawdzić?
I sillent runners
@down
Czy mi się zdaje czy ty na siłe wrzucasz logi?
btw nie graj w tibie...
Kod:
Logfile of HijackThis v1.99.1
Scan saved at 14:27:46, on 2007-07-15
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32svchost.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesZone LabsZoneAlarmzlclient.exe
C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesHPDigital Imagingbinhpqtra08.exe
C:Program FilesHPDigital ImagingbinhpqSTE08.exe
C:Program FilesHPDigital ImagingProduct Assistantbinhprblog.exe
C:Program FilesOperaOpera.exe
C:Program FilesGadu-Gadugg.exe
C:Program FilesSAGEMSAGEM F@st 800-840dslmon.exe
C:Documents and SettingsAdminPulpithijackthisHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://www.neostrada.pl[/url]
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada TP
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:PROGRA~1NEOSTR~1SEARCH~1.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [ZoneAlarm Client] "C:Program FilesZone LabsZoneAlarmzlclient.exe"
O4 - HKLM..Run: [AVP] "C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe"
O4 - HKLM..Run: [WooCnxMon] C:PROGRA~1NEOSTR~1CnxMon.exe
O4 - HKLM..Run: [WOOTASKBARICON] C:PROGRA~1NEOSTR~1taskbaricon.exe
O4 - HKLM..Run: [WOOWATCH] C:PROGRA~1NEOSTR~1Watch.exe
O4 - HKLM..Run: [adiras] adiras.exe
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - Global Startup: DSLMON.lnk = C:Program FilesSAGEMSAGEM F@st 800-840dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0scieplugin.dll
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLMSystemCCSServicesTcpip..{5CCC0E4F-3985-453B-BC7C-997ED086DC98}: NameServer = 194.204.159.1 217.98.63.164
O20 - Winlogon Notify: klogon - C:WINDOWSsystem32klogon.dll
O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe" -r (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:WINDOWSsystem32ZoneLabsvsmon.exe
I sillent runners
Kod:
"Silent Runners.vbs", revision R50, [url]http://www.silentrunners.org/[/url]
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}
"CTFMON.EXE" = "C:WINDOWSsystem32ctfmon.exe" [MS]
HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++}
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"NvCplDaemon" = "RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit" [MS]
"HP Software Update" = "C:Program FilesHPHP Software UpdateHPWuSchd2.exe" ["Hewlett-Packard Co."]
"ZoneAlarm Client" = ""C:Program FilesZone LabsZoneAlarmzlclient.exe"" ["Zone Labs, LLC"]
"AVP" = ""C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe"" ["Kaspersky Lab"]
"WooCnxMon" = "C:PROGRA~1NEOSTR~1CnxMon.exe" [file not found]
"WOOTASKBARICON" = "C:PROGRA~1NEOSTR~1taskbaricon.exe" [file not found]
"WOOWATCH" = "C:PROGRA~1NEOSTR~1Watch.exe" [file not found]
"adiras" = "adiras.exe" [null data]
HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
InProcServer32(Default) = "C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:PROGRA~1SPYBOT~1SDHelper.dll" ["Safer Networking Limited"]
HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
InProcServer32(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
InProcServer32(Default) = "C:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
InProcServer32(Default) = "C:WINDOWSsystem32nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
InProcServer32(Default) = "C:WINDOWSsystem32nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
InProcServer32(Default) = "C:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
InProcServer32(Default) = "C:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statystyki ochrony WWW"
-> {HKLM...CLSID} = "Statystyki ochrony WWW"
InProcServer32(Default) = "C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0scieplugin.dll" ["Kaspersky Lab"]
HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify
<<!>> klogonDLLName = "C:WINDOWSsystem32klogon.dll" ["Kaspersky Lab"]
HKLMSoftwareClasses*shellexContextMenuHandlers
HexWorkshopContextMenu(Default) = "{DB34D5DC-D41A-482E-A5EF-8FA0F88761DA}"
-> {HKLM...CLSID} = "Hex Workshop Shell Extension"
InProcServer32(Default) = "C:Program FilesBreakPoint SoftwareHex Workshop 4.2hwext.dll" ["BreakPoint Software, Inc."]
Kaspersky Anti-Virus(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0ShellEx.dll" ["Kaspersky Lab"]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]
HKLMSoftwareClassesDirectoryshellexContextMenuHandlers
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]
HKLMSoftwareClassesFoldershellexContextMenuHandlers
Kaspersky Anti-Virus(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0ShellEx.dll" ["Kaspersky Lab"]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]
Group Policies {policy setting}:
--------------------------------
Note: detected settings may not have any effect.
HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral
"Wallpaper" = "C:WINDOWSwebwallpaperIdylla.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCUControl PanelDesktop
"Wallpaper" = "C:WINDOWSwebwallpaperIdylla.bmp"
Enabled Screen Saver:
---------------------
HKCUControl PanelDesktop
"SCRNSAVE.EXE" = "C:WINDOWSsystem32logon.scr" [MS]
Startup items in "Admin" & "All Users" startup folders:
-------------------------------------------------------
C:Documents and SettingsAll UsersMenu StartProgramyAutostart
"DSLMON" -> shortcut to: "C:Program FilesSAGEMSAGEM F@st 800-840dslmon.exe" [empty string]
"HP Digital Imaging Monitor" -> shortcut to: "C:Program FilesHPDigital Imagingbinhpqtra08.exe" ["Hewlett-Packard Co."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_E
ntries {++}
000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]
000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
Transport Service Providers
HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_En
tries {++}
0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%system32rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKLMSoftwareMicrosoftInternet ExplorerExplorer Bars
HKLMSoftwareClassesCLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = "Volet Wanadoo"
Implemented Categories{00021494-0000-0000-C000-000000000046} [horizontal bar]
InProcServer32(Default) = "C:PROGRA~1NEOSTR~1audienceaudience.dll" [file not found]
HKLMSoftwareClassesCLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = "ToolBand Class"
Implemented Categories{00021494-0000-0000-C000-000000000046} [horizontal bar]
InProcServer32(Default) = "C:PROGRA~1NEOSTR~1audienceaudience.dll" [file not found]
HKLMSoftwareClassesCLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = "Volet Wanadoo"
Implemented Categories{00021494-0000-0000-C000-000000000046} [horizontal bar]
InProcServer32(Default) = "C:PROGRA~1NEOSTR~1audienceaudience.dll" [file not found]
HKLMSoftwareClassesCLSID{85E0B171-04FA-11D1-B7DA-00A0C90348D6}(Default) = "Statystyki ochrony WWW"
Implemented Categories{00021493-0000-0000-C000-000000000046} [vertical bar]
InProcServer32(Default) = "C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0scieplugin.dll" ["Kaspersky Lab"]
Extensions (Tools menu items, main toolbar menu buttons)
HKLMSoftwareMicrosoftInternet ExplorerExtensions
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}
"ButtonText" = "Statystyki ochrony WWW"
Miscellaneous IE Hijack Points
------------------------------
HKCUSoftwareMicrosoftInternet ExplorerURLSearchHooks
<<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)
-> {HKLM...CLSID} = "Search Class"
InProcServer32(Default) = "C:PROGRA~1NEOSTR~1SEARCH~1.DLL" [file not found]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Kaspersky Anti-Virus 6.0, AVP, ""C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe" -r" ["Kaspersky Lab"]
NVIDIA Display Driver Service, NVSvc, "C:WINDOWSsystem32nvsvc32.exe" ["NVIDIA Corporation"]
TrueVector Internet Monitor, vsmon, "C:WINDOWSsystem32ZoneLabsvsmon.exe -service" ["Zone Labs, LLC"]
Print Monitors:
---------------
HKLMSystemCurrentControlSetControlPrintMonitors
HP Standard TCP/IP PortDriver = "HpTcpMon.dll" ["Hewlett Packard"]
hpzlnt12Driver = "hpzlnt12.dll" ["HP"]
----------
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 101 seconds.
---------- (total run time: 148 seconds)
@down
Czy mi się zdaje czy ty na siłe wrzucasz logi?
btw nie graj w tibie...