SafeGroupBezpieczeństwoPomoc po zainfekowaniu v
Kto mi sprawdzi logi???

Tryby wyświetlania wątku
Kto mi sprawdzi logi???
dawidek11 Offline
Nowicjusz
Liczba postów: 8
Liczba wątków: 2
Dołączył: 05.06.2007
Reputacja: 0
#1
05.06.2007, 18:53
Witam bardzo mi sie komp wiesza jak chce otworzyc IE to czekam z 1 minute moze mam wirusa prosze o sprawdzenie log''ow

log z Silent''a

Cytat:HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}
"swg" = "CTonguerogram FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe" ["Google Inc."]
"Gadu-Gadu" = ""CTonguerogram FilesGadu-Gadugg.exe" /tray" ["sms-express.com"]
"MSMSGS" = ""CTonguerogram FilesMessengermsmsgs.exe" /background" [MS]
"STYLEXP" = "CTonguerogram FilesTGTSoftStyleXPStyleXP.exe -Hide" [empty string]
"ctfmon.exe" = "C:WINDOWSsystem32ctfmon.exe" [MS]
"Spyware Doctor" = ""CTonguerogram FilesSpyware Doctorswdoctor.exe" /Q" ["PC Tools Research Pty Ltd"]

HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++}
"C-Media Mixer" = "Mixer.exe /startup" ["C-Media Electronic Inc. (

[Aby zobaczyć linki, zarejestruj się tutaj]

)"]
"NvCplDaemon" = ""RUNDLL32.EXE" C:WINDOWSsystem32NvCpl.dll,NvStartup" [MS]
"nwiz" = ""nwiz.exe" /install" ["NVIDIA Corporation"]
"NvMediaCenter" = ""RUNDLL32.EXE" C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit" [MS]
"RemoteControl" = ""CTonguerogram FilesCyberLinkPowerDVDPDVDServ.exe"" ["Cyberlink Corp."]
"WinampAgent" = ""CTonguerogram FilesWinampwinampa.exe"" [null data]
"ZoneAlarm Client" = ""CTonguerogram FilesZone LabsZoneAlarmzlclient.exe"" ["Zone Labs, LLC"]
"PCSuiteTrayApplication" = ""CTonguerogram FilesNokiaNokia PC Suite 6LaunchApplication.exe" -startup" ["Nokia"]
"AVP" = ""CTonguerogram FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe"" ["Kaspersky Lab"]

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
InProcServer32(Default) = "CTonguerogram FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}(Default) = (no title provided)
-> {HKLM...CLSID} = "PCTools Site Guard"
InProcServer32(Default) = "CTongueROGRA~1SPYWAR~1toolsiesdsg.dll" ["PC Tools"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
InProcServer32(Default) = "c:program filesgooglegoogletoolbar2.dll" ["Google Inc."]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}(Default) = (no title provided)
-> {HKLM...CLSID} = "PCTools Browser Monitor"
InProcServer32(Default) = "CTongueROGRA~1SPYWAR~1toolsiesdpb.dll" ["PC Tools"]

HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
InProcServer32(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
InProcServer32(Default) = "C:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
InProcServer32(Default) = "C:WINDOWSsystem32nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
InProcServer32(Default) = "C:WINDOWSsystem32nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
InProcServer32(Default) = "C:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
InProcServer32(Default) = "C:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
InProcServer32(Default) = "D:WINZIPWZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
InProcServer32(Default) = "D:WINZIPWZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
InProcServer32(Default) = "D:WINZIPWZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
InProcServer32(Default) = "D:WINZIPWZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "D:WinZiprarext.dll" [null data]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
InProcServer32(Default) = "D:alkoholALCOHO~1AXShlEx.dll" ["Alcohol Soft Development Team"]
"{A5110426-177D-4e08-AB3F-785F10B4439C}" = "My Phones"
-> {HKLM...CLSID} = "My Phones"
InProcServer32(Default) = "CTonguerogram FilesSony EricssonMobileFile Managerfmgrgui.dll" ["Sony Ericsson Mobile Communications AB"]
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "Nokia Phone Browser"
-> {HKLM...CLSID} = "Nokia Phone Browser"
InProcServer32(Default) = "CTonguerogram FilesNokiaNokia PC Suite 6PhoneBrowser.dll" ["Nokia"]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statystyki ochrony WWW"
-> {HKLM...CLSID} = "Statystyki ochrony WWW"
InProcServer32(Default) = "CTonguerogram FilesKaspersky LabKaspersky Anti-Virus 6.0scieplugin.dll" ["Kaspersky Lab"]

HKLMSoftwareMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
InProcServer32(Default) = "C:WINDOWSsystem32WPDShServiceObj.dll" [MS]

HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify
<<!>> klogonDLLName = "C:WINDOWSsystem32klogon.dll" ["Kaspersky Lab"]

HKLMSoftwareClassesFoldershellexColumnHandlers
{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
InProcServer32(Default) = "CTonguerogram FilesAdobeAcrobat 7.0ActiveXPDFShell.dll" ["Adobe Systems, Inc."]

HKLMSoftwareClasses*shellexContextMenuHandlers
Kaspersky Anti-Virus(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "CTonguerogram FilesKaspersky LabKaspersky Anti-Virus 6.0ShellEx.dll" ["Kaspersky Lab"]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "D:WinZiprarext.dll" [null data]
WinZip(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
InProcServer32(Default) = "D:WINZIPWZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLMSoftwareClassesDirectoryshellexContextMenuHandlers
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "D:WinZiprarext.dll" [null data]
WinZip(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
InProcServer32(Default) = "D:WINZIPWZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLMSoftwareClassesFoldershellexContextMenuHandlers
Kaspersky Anti-Virus(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "CTonguerogram FilesKaspersky LabKaspersky Anti-Virus 6.0ShellEx.dll" ["Kaspersky Lab"]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "D:WinZiprarext.dll" [null data]
WinZip(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
InProcServer32(Default) = "D:WINZIPWZSHLSTB.DLL" ["WinZip Computing, Inc."]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem

"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}

HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral
"Wallpaper" = "%APPDATA%WebshotsThe Webshots DesktopWebshots Wallpaper.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCUControl PanelDesktop
"Wallpaper" = "CGrinocuments and SettingsAlbertApplication DataWebshotsThe Webshots DesktopWebshots Wallpaper.bmp"


Enabled Screen Saver:
---------------------

HKCUControl PanelDesktop
"SCRNSAVE.EXE" = "C:WINDOWSsystem32logon.scr" [MS]


Startup items in "Albert" & "All Users" startup folders:
--------------------------------------------------------

CGrinocuments and SettingsAlbertStart MenuProgramsStartup
"StyleXP" -> shortcut to: "CTonguerogram FilesTGTSoftStyleXPStyleXP.exe" [empty string]
"Webshots" -> shortcut to: "CTonguerogram FilesWebshotsLauncher.exe/t" [null data]

CGrinocuments and SettingsAll UsersStart MenuProgramsStartup
"Adobe Reader Speed Launch" -> shortcut to: "CTonguerogram FilesAdobeAcrobat 7.0Readerreader_sl.exe" ["Adobe Systems Incorporated"]
"WinZip Quick Pick" -> shortcut to: "D:WinZipWZQKPICK.EXE" ["WinZip Computing, Inc."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Entries {++}
000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]
000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]

Transport Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Entries {++}
0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%system32rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
InProcServer32(Default) = "c:program filesgooglegoogletoolbar2.dll" ["Google Inc."]

HKLMSoftwareMicrosoftInternet ExplorerToolbar
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
InProcServer32(Default) = "c:program filesgooglegoogletoolbar2.dll" ["Google Inc."]

Explorer Bars

HKLMSoftwareMicrosoftInternet ExplorerExplorer Bars

HKLMSoftwareClassesCLSID{85E0B171-04FA-11D1-B7DA-00A0C90348D6}(Default) = "Statystyki ochrony WWW"
Implemented Categories{00021493-0000-0000-C000-000000000046} [vertical bar]
InProcServer32(Default) = "CTonguerogram FilesKaspersky LabKaspersky Anti-Virus 6.0scieplugin.dll" ["Kaspersky Lab"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLMSoftwareMicrosoftInternet ExplorerExtensions
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}
"ButtonText" = "Statystyki ochrony WWW"

{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}
"ButtonText" = "Spyware Doctor"
"CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}"
-> {HKLM...CLSID} = "PCTools Browser Monitor"
InProcServer32(Default) = "CTongueROGRA~1SPYWAR~1toolsiesdpb.dll" ["PC Tools"]

{FB5F1910-F110-11D2-BB9E-00C04F795683}
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "CTonguerogram FilesMessengermsmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Kaspersky Anti-Virus 6.0, AVP, ""CTonguerogram FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe" -r" ["Kaspersky Lab"]
Machine Debug Manager, MDM, ""CTonguerogram FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE"" [MS]
NVIDIA Display Driver Service, NVSvc, "C:WINDOWSsystem32nvsvc32.exe" ["NVIDIA Corporation"]
PC Tools Spyware Doctor, SDhelper, "CTonguerogram FilesSpyware Doctorsdhelp.exe" ["PC Tools Research Pty Ltd"]
ProtexisLicensing, ProtexisLicensing, "C:WINDOWSsystem32PSIService.exe" [null data]
ServiceLayer, ServiceLayer, ""CTonguerogram FilesPC Connectivity SolutionServiceLayer.exe"" ["Nokia."]
TrueVector Internet Monitor, vsmon, "C:WINDOWSsystem32ZoneLabsvsmon.exe -service" ["Zone Labs, LLC"]
Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:WINDOWSsystem32svchost.exe -k WudfServiceGroup" {"C:WINDOWSSystem32WUDFSvc.dll" [MS]}


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 78 seconds.
---------- (total run time: 152 seconds


LOG Z HIJACKA

Cytat:Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:WINDOWSsystem32spoolsv.exe
CTonguerogram FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe
CTonguerogram FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32PSIService.exe
CTonguerogram FilesSpyware Doctorsdhelp.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32alg.exe
C:WINDOWSExplorer.EXE
C:WINDOWSMixer.exe
C:WINDOWSsystem32RUNDLL32.EXE
CTonguerogram FilesCyberLinkPowerDVDPDVDServ.exe
CTonguerogram FilesWinampwinampa.exe
CTonguerogram FilesZone LabsZoneAlarmzlclient.exe
CTonguerogram FilesNokiaNokia PC Suite 6LaunchApplication.exe
CTonguerogram FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe
CTonguerogram FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe
CTonguerogram FilesPC Connectivity SolutionServiceLayer.exe
CTonguerogram FilesTGTSoftStyleXPStyleXP.exe
C:WINDOWSsystem32ctfmon.exe
D:WinZipWZQKPICK.EXE
CTonguerogram FilesWebshotswebshots.scr
CTonguerogram FilesGadu-Gadugg.exe
C:WINDOWSsystem32taskmgr.exe
CTonguerogram FilesOperaOpera.exe
CGrinocuments and SettingsAlbertDesktopHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =

[Aby zobaczyć linki, zarejestruj się tutaj]

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =

[Aby zobaczyć linki, zarejestruj się tutaj]

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =

[Aby zobaczyć linki, zarejestruj się tutaj]

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page =

[Aby zobaczyć linki, zarejestruj się tutaj]

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =

[Aby zobaczyć linki, zarejestruj się tutaj]

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - CTonguerogram FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - CTongueROGRA~1SPYWAR~1toolsiesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - CTongueROGRA~1SPYWAR~1toolsiesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll
O4 - HKLM..Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM..Run: [NvCplDaemon] "RUNDLL32.EXE" C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] "nwiz.exe" /install
O4 - HKLM..Run: [NvMediaCenter] "RUNDLL32.EXE" C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [RemoteControl] "CTonguerogram FilesCyberLinkPowerDVDPDVDServ.exe"
O4 - HKLM..Run: [WinampAgent] "CTonguerogram FilesWinampwinampa.exe"
O4 - HKLM..Run: [ZoneAlarm Client] "CTonguerogram FilesZone LabsZoneAlarmzlclient.exe"
O4 - HKLM..Run: [PCSuiteTrayApplication] "CTonguerogram FilesNokiaNokia PC Suite 6LaunchApplication.exe" -startup
O4 - HKLM..Run: [AVP] "CTonguerogram FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe"
O4 - HKCU..Run: [swg] CTonguerogram FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe
O4 - HKCU..Run: [Gadu-Gadu] "CTonguerogram FilesGadu-Gadugg.exe" /tray
O4 - HKCU..Run: [MSMSGS] "CTonguerogram FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [STYLEXP] CTonguerogram FilesTGTSoftStyleXPStyleXP.exe -Hide
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Spyware Doctor] "CTonguerogram FilesSpyware Doctorswdoctor.exe" /Q
O4 - Startup: StyleXP.lnk = CTonguerogram FilesTGTSoftStyleXPStyleXP.exe
O4 - Startup: Webshots.lnk = CTonguerogram FilesWebshotsLauncher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = CTonguerogram FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:WinZipWZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://CTongueROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - CTonguerogram FilesKaspersky LabKaspersky Anti-Virus 6.0scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - CTongueROGRA~1SPYWAR~1toolsiesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - CTonguerogram FilesMessengermsmsgs.exe
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - CTonguerogram FilesMessengermsmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

[Aby zobaczyć linki, zarejestruj się tutaj]

O20 - Winlogon Notify: klogon - C:WINDOWSsystem32klogon.dll
O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - CTonguerogram FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - CTonguerogram FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:WINDOWSsystem32PSIService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - CTonguerogram FilesSpyware Doctorsdhelp.exe
O23 - Service: ServiceLayer - Nokia. - CTonguerogram FilesPC Connectivity SolutionServiceLayer.exe
O23 - Service: StyleXPService - Unknown owner - CTonguerogram FilesTGTSoftStyleXPStyleXPService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:WINDOWSsystem32ZoneLabsvsmon.exe


Log z Gmer''a
[code:1]GMER 1.0.12.12244 -

[Aby zobaczyć linki, zarejestruj się tutaj]

Rootkit scan 2007-06-05 21:28:35
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.12 ----

SSDT??C:WINDOWSsystem32driversklif.sysZwClose
SSDTSystemRootSystem32vsdatant.sys ZwConnectPort
SSDTSystemRootSystem32vsdatant.sys ZwCreateFile
SSDT??C:WINDOWSsystem32driversklif.sysZwCreateKey
SSDTa347bus.sys ZwCreatePagingFile
SSDTSystemRootSystem32vsdatant.sys ZwCreatePort
SSDTSystemRootSystem32vsdatant.sys ZwCreateProcess
SSDTSystemRootSystem32vsdatant.sys ZwCreateProcessEx
SSDTSystemRootSystem32vsdatant.sys ZwCreateSection
SSDT??C:WINDOWSsystem32driversklif.sysZwCreateSymbolicLinkObject
SSDT??C:WINDOWSsystem32driversklif.sysZwCreateThread
SSDTSystemRootSystem32vsdatant.sys ZwCreateWaitablePort
SSDTSystemRootSystem32vsdatant.sys ZwDeleteFile
SSDT??C:WINDOWSsystem32driversklif.sysZwDeleteKey
SSDT??C:WINDOWSsystem32driversklif.sysZwDeleteValueKey
SSDTSystemRootSystem32vsdatant.sys ZwDuplicateObject
SSDT??C:WINDOWSsystem32driversklif.sysZwEnumerateKey
SSDT??C:WINDOWSsystem32driversklif.sysZwEnumerateValueKey
SSDT??C:WINDOWSsystem32driversklif.sysZwFlushKey
SSDT??C:WINDOWSsystem32driversklif.sysZwInitializeRegistry
SSDTSystemRootSystem32vsdatant.sys ZwLoadDriver
SSDT??C:WINDOWSsystem32driversklif.sysZwLoadKey
SSDT??C:WINDOWSsystem32driversklif.sysZwLoadKey2
SSDTSystemRootSystem32vsdatant.sys ZwMapViewOfSection
SSDT??C:WINDOWSsystem32driversklif.sysZwNotifyChangeKey
SSDTSystemRootSystem32vsdatant.sys ZwOpenFile
SSDT??C:WINDOWSsystem32driversklif.sysZwOpenKey
SSDTSystemRootSystem32vsdatant.sys ZwOpenProcess
SSDT??C:WINDOWSsystem32driversklif.sysZwOpenSection
SSDTSystemRootSystem32vsdatant.sys ZwOpenThread
SSDT??C:WINDOWSsystem32driversklif.sysZwQueryKey
SSDT??C:WINDOWSsystem32driversklif.sysZwQueryMultipleValueKey
SSDT??C:WINDOWSsystem32driversklif.sysZwQuerySystemInformation
SSDT??C:WINDOWSsystem32driversklif.sysZwQueryValueKey
SSDT??C:WINDOWSsystem32driversklif.sysZwReplaceKey
SSDTSystemRootSystem32vsdatant.sys ZwRequestWaitReplyPort
SSDT??C:WINDOWSsystem32driversklif.sysZwRestoreKey
SSDT??C:WINDOWSsystem32driversklif.sysZwResumeThread
SSDT??C:WINDOWSsystem32driversklif.sysZwSaveKey
SSDTSystemRootSystem32vsdatant.sys ZwSecureConnectPort
SSDT??C:WINDOWSsystem32driversklif.sysZwSetContextThread
SSDT??C:WINDOWSsystem32driversklif.sysZwSetInformationFile
SSDT??C:WINDOWSsystem32driversklif.sysZwSetInformationKey
SSDT??C:WINDOWSsystem32driversklif.sysZwSetInformationProcess
SSDT??C:WINDOWSsystem32driversklif.sysZwSetSecurityObject
SSDTSystemRootSystem32vsdatant.sys ZwSetSystemInformation
SSDTa347bus.sys ZwSetSystemPowerState
SSDT??C:WINDOWSsystem32driversklif.sysZwSetValueKey
SSDT??C:WINDOWSsystem32driversklif.sysZwSuspendThread
SSDTSystemRootSystem32vsdatant.sys ZwTerminateProcess
SSDTSystemRootSystem32vsdatant.sys ZwUnloadDriver
SSDT??C:WINDOWSsystem32driversklif.sysZwUnloadKey
SSDT??C:WINDOWSsystem32driversklif.sysZwWriteVirtualMemory
SSDT??C:WINDOWSsystem32driversklif.sysSSDT[284]
SSDT??C:WINDOWSsystem32driversklif.sysSSDT[285]
SSDT??C:WINDOWSsystem32driversklif.sysSSDT[286]
SSDT??C:WINDOWSsystem32driversklif.sysSSDT[287]
SSDT??C:WINDOWSsystem32driversklif.sysSSDT[288]
SSDT??C:WINDOWSsystem32driversklif.sysSSDT[289]
SSDT??C:WINDOWSsystem32driversklif.sysSSDT[290]
SSDT??C:WINDOWSsystem32driversklif.sysSSDT[291]
SSDT??C:WINDOWSsystem32driversklif.sysSSDT[292]
SSDT??C:WINDOWSsystem32driversklif.sysSSDT[293]
SSDT??C:WINDOWSsystem32driversklif.sysSSDT[294]
SSDT??C:WINDOWSsystem32driversklif.sysSSDT[295]
SSDT??C:WINDOWSsystem32driversklif.sysSSDT[296]

INT 0x20srescan.sys F72B6A00

Code??C:WINDOWSsystem32driversklif.sysFsRtlCheckLockForReadAccess
Code??C:WINDOWSsystem32driversklif.sysIoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.12 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess804E9E54 5 BytesJMP EDA64F00 ??C:WINDOWSsystem32driversklif.sys
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EE738 5 BytesJMP EDA65400 ??C:WINDOWSsystem32driversklif.sys
.text ntkrnlpa.exe!KiDispatchInterrupt + BA 80540CDA 7 BytesJMP EDA683C0 ??C:WINDOWSsystem32driversklif.sys
? srescan.sys The system cannot find the file specified.
? C:WINDOWSsystem32DRIVERSupdate.sys
? C:WINDOWSTEMPmc253.tmp The system cannot find the file specified.
.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess804E9E54 5 BytesJMP EDA64F00 ??C:WINDOWSsystem32driversklif.sys
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EE738 5 BytesJMP EDA65400 ??C:WINDOWSsystem32driversklif.sys
.text ntkrnlpa.exe!KiDispatchInterrupt + BA 80540CDA 7 BytesJMP EDA683C0 ??C:WINDOWSsystem32driversklif.sys

---- User code sections - GMER 1.0.12 ----

.text C:WINDOWSsystem32PSIService.exe[284] ntdll.dll!NtTerminateProcess7C90E88E 3 Bytes[ FF, 25, 1E ]
.text C:WINDOWSsystem32PSIService.exe[284] ntdll.dll!NtTerminateProcess + 47C90E892 2 Bytes[ 0E, 5F ]
.text C:WINDOWSsystem32PSIService.exe[284] kernel32.dll!LoadLibraryExW 7C801AF1 6 BytesJMP 5F070F5A
.text C:WINDOWSsystem32PSIService.exe[284] kernel32.dll!CreateProcessW 7C802332 6 BytesJMP 5F0A0F5A
.text C:WINDOWSsystem32PSIService.exe[284] kernel32.dll!CreateProcessA 7C802367 6 BytesJMP 5F040F5A
.text C:WINDOWSsystem32PSIService.exe[284] USER32.dll!SetWindowsHookExW7E42DDB5 6 BytesJMP 5F1A0F5A
.text C:WINDOWSsystem32PSIService.exe[284] USER32.dll!SetWindowsHookExA7E4311D1 6 BytesJMP 5F160F5A
.text C:WINDOWSsystem32PSIService.exe[284] GDI32.dll!Escape77F273B4 6 BytesJMP 5F100F5A
.text CTonguerogram FilesWebshotsWebshots.scr[296] ntdll.dll!NtTerminateProcess7C90E88E 3 Bytes[ FF, 25, 1E ]
.text CTonguerogram FilesWebshotsWebshots.scr[296] ntdll.dll!NtTerminateProcess + 47C90E892 2 Bytes[ 0E, 5F ]
.text CTonguerogram FilesWebshotsWebshots.scr[296] kernel32.dll!LoadLibraryExW 7C801AF1 6 BytesJMP 5F070F5A
.text CTonguerogram FilesWebshotsWebshots.scr[296] kernel32.dll!CreateProcessW 7C802332 6 BytesJMP 5F0A0F5A
.text CTonguerogram FilesWebshotsWebshots.scr[296] kernel32.dll!CreateProcessA 7C802367 6 BytesJMP 5F040F5A
.text CTonguerogram FilesWebshotsWebshots.scr[296] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes[ 45, 54, 7F, E2 ]
.text CTonguerogram FilesWebshotsWebshots.scr[296] GDI32.dll!Escape77F273B4 6 BytesJMP 5F100F5A
.text CTonguerogram FilesWebshotsWebshots.scr[296] USER32.dll!SetWindowsHookExW7E42DDB5 6 BytesJMP 5F1A0F5A
.text CTonguerogram FilesWebshotsWebshots.scr[296] USER32.dll!SetWindowsHookExA7E4311D1 6 BytesJMP 5F160F5A
.text CTonguerogram FilesSpyware Doctorsdhelp.exe[416] user32.dll!SetWindowsHookExW7E42DDB5 6 BytesJMP 5F0E0F5A
.text CTonguerogram FilesSpyware Doctorsdhelp.exe[416] user32.dll!SetWindowsHookExA7E4311D1 6 BytesJMP 5F0A0F5A
.text CTonguerogram FilesSpyware Doctorsdhelp.exe[416] GDI32.dll!Escape77F273B4 6 BytesJMP 5F040F5A
.text CTonguerogram FilesGadu-Gadugg.exe[528] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes[ FF, 25, 1E ]
.text CTonguerogram FilesGadu-Gadugg.exe[528] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes[ 0E, 5F ]
.text CTonguerogram FilesGadu-Gadugg.exe[528] kernel32.dll!LoadLibraryExW7C801AF1 6 BytesJMP 5F070F5A
.text CTonguerogram FilesGadu-Gadugg.exe[528] kernel32.dll!CreateProcessW7C802332 6 BytesJMP 5F0A0F5A
.text CTonguerogram FilesGadu-Gadugg.exe[528] kernel32.dll!CreateProcessA7C802367 6 BytesJMP 5F040F5A
.text CTonguerogram FilesGadu-Gadugg.exe[528] kernel32.dll!FreeLibrary + 157C80ABF3 4 Bytes[ 45, 54, 7F, E2 ]
.text CTonguerogram FilesGadu-Gadugg.exe[528] USER32.dll!SetWindowsHookExW 7E42DDB5 6 BytesJMP 5F1A0F5A
.text CTonguerogram FilesGadu-Gadugg.exe[528] USER32.dll!SetWindowsHookExA 7E4311D1 6 BytesJMP 5F160F5A
.text CTonguerogram FilesGadu-Gadugg.exe[528] GDI32.dll!Escape 77F273B4 6 BytesJMP 5F100F5A
.text C:WINDOWSsystem32csrss.exe[824] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes[ FF, 25, 1E ]
.text C:WINDOWSsystem32csrss.exe[824] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes[ 0E, 5F ]
.text C:WINDOWSsystem32csrss.exe[824] GDI32.dll!Escape 77F273B4 6 BytesJMP 5F100F5A
.text C:WINDOWSsystem32csrss.exe[824] KERNEL32.dll!LoadLibraryExW7C801AF1 6 BytesJMP 5F070F5A
.text C:WINDOWSsystem32csrss.exe[824] KERNEL32.dll!CreateProcessW7C802332 6 BytesJMP 5F0A0F5A
.text C:WINDOWSsystem32csrss.exe[824] KERNEL32.dll!CreateProcessA7C802367 6 BytesJMP 5F040F5A
.text C:WINDOWSsystem32csrss.exe[824] USER32.dll!SetWindowsHookExW 7E42DDB5 6 BytesJMP 5F1A0F5A
.text C:WINDOWSsystem32csrss.exe[824] USER32.dll!SetWindowsHookExA 7E4311D1 6 BytesJMP 5F160F5A
.text C:WINDOWSsystem32winlogon.exe[848] ntdll.dll!NtTerminateProcess7C90E88E 3 Bytes[ FF, 25, 1E ]
.text C:WINDOWSsystem32winlogon.exe[848] ntdll.dll!NtTerminateProcess + 47C90E892 2 Bytes[ 0E, 5F ]
.text C:WINDOWSsystem32winlogon.exe[848] kernel32.dll!LoadLibraryExW 7C801AF1 6 BytesJMP 5F070F5A
.text C:WINDOWSsystem32winlogon.exe[848] kernel32.dll!CreateProcessW 7C802332 6 BytesJMP 5F0A0F5A
.text C:WINDOWSsystem32winlogon.exe[848] kernel32.dll!CreateProcessA 7C802367 6 BytesJMP 5F040F5A
.text C:WINDOWSsystem32winlogon.exe[848] USER32.dll!SetWindowsHookExW7E42DDB5 6 BytesJMP 5F1A0F5A
.text C:WINDOWSsystem32winlogon.exe[848] USER32.dll!SetWindowsHookExA7E4311D1 6 BytesJMP 5F160F5A
.text C:WINDOWSsystem32winlogon.exe[848] GDI32.dll!Escape77F273B4 6 BytesJMP 5F100F5A
.text C:WINDOWSsystem32taskmgr.exe[1052] ntdll.dll!NtTerminateProcess7C90E88E 3 Bytes[ FF, 25, 1E ]
.text C:WINDOWSsystem32taskmgr.exe[1052] ntdll.dll!NtTerminateProcess + 47C90E892 2 Bytes[ 0E, 5F ]
.text C:WINDOWSsystem32taskmgr.exe[1052] kernel32.dll!LoadLibraryExW 7C801AF1 6 BytesJMP 5F070F5A
.text C:WINDOWSsystem32taskmgr.exe[1052] kernel32.dll!CreateProcessW 7C802332 6 BytesJMP 5F0A0F5A
.text C:WINDOWSsystem32taskmgr.exe[1052] kernel32.dll!CreateProcessA 7C802367 6 BytesJMP 5F040F5A
.text C:WINDOWSsystem32taskmgr.exe[1052] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes[ 45, 54, 7F, E2 ]
.text C:WINDOWSsystem32taskmgr.exe[1052] GDI32.dll!Escape77F273B4 6 BytesJMP 5F100F5A
.text C:WINDOWSsystem32taskmgr.exe[1052] USER32.dll!SetWindowsHookExW7E42DDB5 6 BytesJMP 5F1A0F5A
.text C:WINDOWSsystem32taskmgr.exe[1052] USER32.dll!SetWindowsHookExA7E4311D1 6 BytesJMP 5F160F5A
.text C:WINDOWSsystem32svchost.exe[1228] ntdll.dll!NtTerminateProcess7C90E88E 3 Bytes[ FF, 25, 1E ]
.text C:WINDOWSsystem32svchost.exe[1228] ntdll.dll!NtTerminateProcess + 47C90E892 2 Bytes[ 0E, 5F ]
.text C:WINDOWSsystem32svchost.exe[1228] kernel32.dll!LoadLibraryExW 7C801AF1 6 BytesJMP 5F070F5A
.text C:WINDOWSsystem32svchost.exe[1228] kernel32.dll!CreateProcessW 7C802332 6 BytesJMP 5F0A0F5A
.text C:WINDOWSsystem32svchost.exe[1228] kernel32.dll!CreateProcessA 7C802367 6 BytesJMP 5F040F5A
.text C:WINDOWSsystem32svchost.exe[1228] USER32.dll!SetWindowsHookExW7E42DDB5 6 BytesJMP 5F1A0F5A
.text C:WINDOWSsystem32svchost.exe[1228] USER32.dll!SetWindowsHookExA7E4311D1 6 BytesJMP 5F160F5A
.text C:WINDOWSsystem32svchost.exe[1228] GDI32.dll!Escape77F273B4 6 BytesJMP 5F100F5A
.text C:WINDOWSsystem32svchost.exe[1280] ntdll.dll!NtTerminateProcess7C90E88E 3 Bytes[ FF, 25, 1E ]
.text C:WINDOWSsystem32svchost.exe[1280] ntdll.dll!NtTerminateProcess + 47C90E892 2 Bytes[ 0E, 5F ]
.text C:WINDOWSsystem32svchost.exe[1280] kernel32.dll!LoadLibraryExW 7C801AF1 6 BytesJMP 5F070F5A
.text C:WINDOWSsystem32svchost.exe[1280] kernel32.dll!CreateProcessW 7C802332 6 BytesJMP 5F0A0F5A
.text C:WINDOWSsystem32svchost.exe[1280] kernel32.dll!CreateProcessA 7C802367 6 BytesJMP 5F040F5A
.text C:WINDOWSsystem32svchost.exe[1280] USER32.dll!SetWindowsHookExW7E42DDB5 6 BytesJMP 5F1A0F5A
.text C:WINDOWSsystem32svchost.exe[1280] USER32.dll!SetWindowsHookExA7E4311D1 6 BytesJMP 5F160F5A
.text C:WINDOWSsystem32svchost.exe[1280] GDI32.dll!Escape77F273B4 6 BytesJMP 5F100F5A
.text C:WINDOWSsystem32ZoneLabsvsmon.exe[1496] ntdll.dll!KiFastSystemCall + 2 7C90EB8D 2 Bytes[ CD, 20 ]
.text C:WINDOWSsystem32spoolsv.exe[1816] ntdll.dll!NtTerminateProcess7C90E88E 3 Bytes[ FF, 25, 1E ]
.text C:WINDOWSsystem32spoolsv.exe[1816] ntdll.dll!NtTerminateProcess + 47C90E892 2 Bytes[ 0E, 5F ]
.text C:WINDOWSsystem32spoolsv.exe[1816] kernel32.dll!LoadLibraryExW 7C801AF1 6 BytesJMP 5F070F5A
.text C:WINDOWSsystem32spoolsv.exe[1816] kernel32.dll!CreateProcessW 7C802332 6 BytesJMP 5F0A0F5A
.text C:WINDOWSsystem32spoolsv.exe[1816] kernel32.dll!CreateProcessA 7C802367 6 BytesJMP 5F040F5A
.text C:WINDOWSsystem32spoolsv.exe[1816] GDI32.dll!Escape77F273B4 6 BytesJMP 5F100F5A
.text C:WINDOWSsystem32spoolsv.exe[1816] USER32.dll!SetWindowsHookExW7E42DDB5 6 BytesJMP 5F1A0F5A
.text C:WINDOWSsystem32spoolsv.exe[1816] USER32.dll!SetWindowsHookExA7E4311D1 6 BytesJMP 5F160F5A
.text CTonguerogram FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE[1996] ntdll.dll!NtTerminateProcess7C90E88E 3 Bytes[ FF, 25, 1E ]
.text CTonguerogram FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE[1996] ntdll.dll!NtTerminateProcess + 47C90E892 2 Bytes[ 0E, 5F ]
.text CTonguerogram FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE[1996] kernel32.dll!LoadLibraryExW 7C801AF1 6 BytesJMP 5F070F5A
.text CTonguerogram FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE[1996] kernel32.dll!CreateProcessW 7C802332 6 BytesJMP 5F0A0F5A
.text CTonguerogram FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE[1996] kernel32.dll!CreateProcessA 7C802367 6 BytesJMP 5F040F5A
.text CTonguerogram FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE[1996] GDI32.dll!Escape77F273B4 6 BytesJMP 5F100F5A
.text CTonguerogram FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE[1996] USER32.dll!SetWindowsHookExW7E42DDB5 6 BytesJMP 5F1A0F5A
.text CTonguerogram FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE[1996] USER32.dll!SetWindowsHookExA7E4311D1 6 BytesJMP 5F160F5A
.text C:WINDOWSexplorer.exe[3160] ntdll.dll!NtTerminateProcess7C90E88E 3 Bytes[ FF, 25, 1E ]
.text C:WINDOWSexplorer.exe[3160] ntdll.dll!NtTerminateProcess + 47C90E892 2 Bytes[ 0E, 5F ]
.text C:WINDOWSexplorer.exe[3160] kernel32.dll!LoadLibraryExW 7C801AF1 6 BytesJMP 5F070F5A
.text C:WINDOWSexplorer.exe[3160] kernel32.dll!CreateProcessW 7C802332 6 BytesJMP 5F0A0F5A
.text C:WINDOWSexplorer.exe[3160] kernel32.dll!CreateProcessA 7C802367 6 BytesJMP 5F040F5A
.text C:WINDOWSexplorer.exe[3160] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes[ 45, 54, 7F, E2 ]
.text C:WINDOWSexplorer.exe[3160] GDI32.dll!Escape77F273B4 6 BytesJMP 5F100F5A
.text C:WINDOWSexplorer.exe[3160] USER32.dll!SetWindowsHookExW7E42DDB5 6 BytesJMP 5F1A0F5A
.text C:WINDOWSexplorer.exe[3160] USER32.dll!SetWindowsHookExA7E4311D1 6 BytesJMP 5F160F5A
.text C:WINDOWSexplorer.exe[3160] SHELL32.dll!StrStrW + FFE2DAB67C9C8998 4 Bytes[ 20, 03, 4A, 7E ]
.text C:WINDOWSexplorer.exe[3160] SHELL32.dll!StrStrW + FFE34A267C9CF908 4 Bytes[ B0, 02, 4A, 7E ]
.text CTonguerogram FilesWinampwinampa.exe[3520] ntdll.dll!NtTerminateProcess7C90E88E 3 Bytes[ FF, 25, 1E ]
.text CTonguerogram FilesWinampwinampa.exe[3520] ntdll.dll!NtTerminateProcess + 47C90E892 2 Bytes[ 0E, 5F ]
.text CTonguerogram FilesWinampwinampa.exe[3520] kernel32.dll!LoadLibraryExW 7C801AF1 6 BytesJMP 5F070F5A
.text CTonguerogram FilesWinampwinampa.exe[3520] kernel32.dll!CreateProcessW 7C802332 6 BytesJMP 5F0A0F5A
.text CTonguerogram FilesWinampwinampa.exe[3520] kernel32.dll!CreateProcessA 7C802367 6 BytesJMP 5F040F5A
.text CTonguerogram FilesWinampwinampa.exe[3520] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes[ 45, 54, 7F, E2 ]
.text CTonguerogram FilesWinampwinampa.exe[3520] USER32.dll!SetWindowsHookExW7E42DDB5 6 BytesJMP 5F1A0F5A
.text CTonguerogram FilesWinampwinampa.exe[3520] USER32.dll!SetWindowsHookExA7E4311D1 6 BytesJMP 5F160F5A
.text CTonguerogram FilesWinampwinampa.exe[3520] GDI32.dll!Escape77F273B4 6 BytesJMP 5F100F5A
.text CTonguerogram FilesZone LabsZoneAlarmzlclient.exe[3544] ntdll.dll!NtTerminateProcess7C90E88E 3 Bytes[ FF, 25, 1E ]
.text CTonguerogram FilesZone LabsZoneAlarmzlclient.exe[3544] ntdll.dll!NtTerminateProcess + 47C90E892 2 Bytes[ 0E, 5F ]
.text CTonguerogram FilesZone LabsZoneAlarmzlclient.exe[3544] kernel32.dll!LoadLibraryExW 7C801AF1 6 BytesJMP 5F08001E
.text CTonguerogram FilesZone LabsZoneAlarmzlclient.exe[3544] kernel32.dll!CreateProcessW 7C802332 6 BytesJMP 5F0B001E
.text CTonguerogram FilesZone LabsZoneAlarmzlclient.exe[3544] kernel32.dll!CreateProcessA 7C802367 6 BytesJMP 5F05001E
.text CTonguerogram FilesZone LabsZoneAlarmzlclient.exe[3544] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes[ 45, 54, 7F, E2 ]
.text CTonguerogram FilesPC Connectivity SolutionServiceLayer.exe[3680] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes[ FF, 25, 1E ]
.text CTonguerogram FilesPC Connectivity SolutionServiceLayer.exe[3680] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes[ 0E, 5F ]
.text CTonguerogram FilesPC Connectivity SolutionServiceLayer.exe[3680] kernel32.dll!LoadLibraryExW7C801AF1 6 BytesJMP 5F070F5A
.text CTonguerogram FilesPC Connectivity SolutionServiceLayer.exe[3680] kernel32.dll!CreateProcessW7C802332 6 BytesJMP 5F0A0F5A
.text CTonguerogram FilesPC Connectivity SolutionServiceLayer.exe[3680] kernel32.dll!CreateProcessA7C802367 6 BytesJMP 5F040F5A
.text CTonguerogram FilesPC Connectivity SolutionServiceLayer.exe[3680] kernel32.dll!FreeLibrary + 157C80ABF3 4 Bytes[ 45, 54, 7F, E2 ]
.text CTonguerogram FilesPC Connectivity SolutionServiceLayer.exe[3680] GDI32.dll!Escape 77F273B4 6 BytesJMP 5F100F5A
.text CTonguerogram FilesPC Connectivity SolutionServiceLayer.exe[3680] USER32.dll!SetWindowsHookExW 7E42DDB5 6 BytesJMP 5F1A0F5A
.text CTonguerogram FilesPC Connectivity SolutionServiceLayer.exe[3680] USER32.dll!SetWindowsHookExA 7E4311D1 6 BytesJMP 5F160F5A
.text CTonguerogram FilesTGTSoftStyleXPStyleXP.exe[3772] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes[ FF, 25, 1E ]
.text CTonguerogram FilesTGTSoftStyleXPStyleXP.exe[3772] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes[ 0E, 5F ]
.text CTonguerogram FilesTGTSoftStyleXPStyleXP.exe[3772] kernel32.dll!LoadLibraryExW7C801AF1 6 BytesJMP 5F070F5A
.text CTonguerogram FilesTGTSoftStyleXPStyleXP.exe[3772] kernel32.dll!CreateProcessW7C802332 6 BytesJMP 5F0A0F5A
.text CTonguerogram FilesTGTSoftStyleXPStyleXP.exe[3772] kernel32.dll!CreateProcessA7C802367 6 BytesJMP 5F040F5A
.text CTonguerogram FilesTGTSoftStyleXPStyleXP.exe[3772] kernel32.dll!FreeLibrary + 157C80ABF3 4 Bytes[ 45, 54, 7F, E2 ]
.text CTonguerogram FilesTGTSoftStyleXPStyleXP.exe[3772] GDI32.dll!Escape 77F273B4 6 BytesJMP 5F100F5A
.text CTonguerogram FilesTGTSoftStyleXPStyleXP.exe[3772] USER32.dll!SetWindowsHookExW 7E42DDB5 6 BytesJMP 5F1A0F5A
.text CTonguerogram FilesTGTSoftStyleXPStyleXP.exe[3772] USER32.dll!SetWindowsHookExA 7E4311D1 6 BytesJMP 5F160F5A
.text CGrinocuments and SettingsAlbertDesktopgmer.exe[4168] ntdll.dll!NtTerminateProcess7C90E88E 3 Bytes[ FF, 25, 1E ]
.text CGrinocuments and SettingsAlbertDesktopgmer.exe[4168] ntdll.dll!NtTerminateProcess + 47C90E892 2 Bytes[ 0E, 5F ]
.text CGrinocuments and SettingsAlbertDesktopgmer.exe[4168] kernel32.dll!LoadLibraryExW 7C801AF1 6 BytesJMP 5F070F5A
.text CGrinocuments and SettingsAlbertDesktopgmer.exe[4168] kernel32.dll!CreateProcessW 7C802332 6 BytesJMP 5F0A0F5A
.text CGrinocuments and SettingsAlbertDesktopgmer.exe[4168] kernel32.dll!CreateProcessA 7C802367 6 BytesJMP 5F040F5A
.text CGrinocuments and SettingsAlbertDesktopgmer.exe[4168] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes[ 45, 54, 7F, E2 ]
.text CGrinocuments and SettingsAlbertDesktopgmer.exe[4168] USER32.dll!SetWindowsHookExW7E42DDB5 6 BytesJMP 5F180F5A
.text CGrinocuments and SettingsAlbertDesktopgmer.exe[4168] USER32.dll!SetWindowsHookExA7E4311D1 6 BytesJMP 5F140F5A
.text CGrinocuments and SettingsAlbertDesktopgmer.exe[4168] GDI32.dll!Escape77F273B4 6 BytesJMP 5F100F5A
.text CTonguerogram FilesOperaOpera.exe[5468] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes[ FF, 25, 1E ]
.text CTonguerogram FilesOperaOpera.exe[5468] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes[ 0E, 5F ]
.text CTonguerogram FilesOperaOpera.exe[5468] kernel32.dll!LoadLibraryExW7C801AF1 6 BytesJMP 5F070F5A
.text CTonguerogram FilesOperaOpera.exe[5468] kernel32.dll!CreateProcessW7C802332 6 BytesJMP 5F0A0F5A
.text CTonguerogram FilesOperaOpera.exe[5468] kernel32.dll!CreateProcessA7C802367 6 BytesJMP 5F040F5A
.text CTonguerogram FilesOperaOpera.exe[5468] kernel32.dll!FreeLibrary + 157C80ABF3 4 Bytes[ 45, 54, 7F, E2 ]
.text CTonguerogram FilesOperaOpera.exe[5468] user32.dll!SetWindowsHookExW 7E42DDB5 6 BytesJMP 5F180F5A
.text CTonguerogram FilesOperaOpera.exe[5468] user32.dll!SetWindowsHookExA 7E4311D1 6 BytesJMP 5F140F5A
.text CTonguerogram FilesOperaOpera.exe[5468] GDI32.dll!Escape 77F273B4 6 BytesJMP 5F100F5A

---- Devices - GMER 1.0.12 ----

DeviceFileSystemNtfs Ntfs IRP_MJ_READ84533870
DeviceDriverTcpip DeviceIp IRP_MJ_CREATE[EDB828A0] vsdatant.sys
DeviceDriverTcpip DeviceIp IRP_MJ_CLOSE [EDB828A0] vsdatant.sys
DeviceDriverTcpip DeviceIp IRP_MJ_DEVICE_CONTROL[EDB828A0] vsdatant.sys
DeviceDriverTcpip DeviceIp IRP_MJ_INTERNAL_DEVICE_CONTROL [EDB828A0] vsdatant.sys
DeviceDriverTcpip DeviceIp IRP_MJ_CLEANUP [EDB828A0] vsdatant.sys
DeviceDriverTcpip DeviceTcp IRP_MJ_CREATE [EDB828A0] vsdatant.sys
DeviceDriverTcpip DeviceTcp IRP_MJ_CLOSE[EDB828A0] vsdatant.sys
DeviceDriverTcpip DeviceTcp IRP_MJ_DEVICE_CONTROL [EDB828A0] vsdatant.sys
DeviceDriverTcpip DeviceTcp IRP_MJ_INTERNAL_DEVICE_CONTROL[EDB828A0] vsdatant.sys
DeviceDriverTcpip DeviceTcp IRP_MJ_CLEANUP[EDB828A0] vsdatant.sys
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_CREATE842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_CREATE_NAMED_PIPE 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_CLOSE 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_READ842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_WRITE 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_QUERY_INFORMATION 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_SET_INFORMATION 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_QUERY_EA842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_SET_EA842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_FLUSH_BUFFERS 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_SET_VOLUME_INFORMATION842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_DIRECTORY_CONTROL 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_DEVICE_CONTROL842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_SHUTDOWN842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_LOCK_CONTROL842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_CLEANUP 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_CREATE_MAILSLOT 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_QUERY_SECURITY842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_SET_SECURITY842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_POWER 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_SYSTEM_CONTROL842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_DEVICE_CHANGE 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_QUERY_QUOTA 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_SET_QUOTA 842B7160
DeviceDriverCdrom DeviceCdRom0 IRP_MJ_PNP 842B7160
DeviceFileSystemRdbss DeviceFsWrap IRP_MJ_READ8452FC98
DeviceDriverCdrom DeviceCdRom1 IRP_MJ_CREATE842B7160
DeviceDriverCdrom DeviceCdRom1 IRP_MJ_CREATE_NAMED_PIPE 842B7160
DeviceDriverCdrom DeviceCdRom1 IRP_MJ_CLOSE 842B7160
DeviceDriverCdrom DeviceCdRom1 IRP_MJ_READ842B7160
DeviceDriverCdrom DeviceCdRom1 IRP_MJ_WRITE 842B7160
DeviceDriverCdrom DeviceCdRom1 IRP_MJ_QUERY_INFORMATION 842B7160
DeviceDriverCdrom DeviceCdRom1 IRP_MJ_SET_INFORMATION 842B7160
DeviceDriverCdrom DeviceCdRom1 IRP_MJ_QUERY_EA842B7160
DeviceDriverCdrom DeviceCdRom1 IRP_MJ_SET_EA842B7160
DeviceDriverCdrom DeviceCdRom1 IRP_MJ_FLUSH_BUFFERS 842B7160
DeviceDriverCdrom DeviceCdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION842B7160
DeviceDriverCdrom DeviceCdRom1 IRP_MJ_SET_VOLUME_INFORMATIO
Szukaj
Odpowiedz
Serafin Offline
Użytkownik
Liczba postów: 850
Liczba wątków: 12
Dołączył: 15.07.2006
Reputacja: 0
#2
07.06.2007, 21:27
Logi są czyste i oba pourywane. wklej je jeszcze raz, ale tym razem mają być całe razem z nagłówkami, tak jak to pokazano

[Aby zobaczyć linki, zarejestruj się tutaj]

i

[Aby zobaczyć linki, zarejestruj się tutaj]

"Nie jestem konsumentem mieszczącym się w standardzie
Nie jestem gatunkiem skazanym na wymarcie
Nie jestem obiektem medialnego hałasu
Jestem nielegalnym zabójcą czasu"
Strona WWW Szukaj
Odpowiedz
dawidek11 Offline
Nowicjusz
Liczba postów: 8
Liczba wątków: 2
Dołączył: 05.06.2007
Reputacja: 0
#3
08.06.2007, 00:07
Cytat: Logfile of HijackThis v1.99.1
Scan saved at 11:43:29 PM, on 6/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
CTonguerogram FilesGrisoftAVG Anti-Spyware 7.5guard.exe
C:WINDOWSMixer.exe
CTonguerogram FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe
CTonguerogram FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32RUNDLL32.EXE
CTonguerogram FilesCyberLinkPowerDVDPDVDServ.exe
C:WINDOWSsystem32nvsvc32.exe
CTonguerogram FilesWinampwinampa.exe
C:WINDOWSsystem32PSIService.exe
CTonguerogram FilesZone LabsZoneAlarmzlclient.exe
CTonguerogram FilesNokiaNokia PC Suite 6LaunchApplication.exe
CTonguerogram FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe
C:WINDOWSsystem32svchost.exe
CTonguerogram FilesGrisoftAVG Anti-Spyware 7.5avgas.exe
CTonguerogram FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe
CTonguerogram FilesPC Connectivity SolutionServiceLayer.exe
CTonguerogram FilesTGTSoftStyleXPStyleXP.exe
C:WINDOWSsystem32ctfmon.exe
D:WinZipWZQKPICK.EXE
CTonguerogram FilesWebshotswebshots.scr
CTonguerogram FilesGadu-Gadugg.exe
CTonguerogram FilesWindows Media Playerwmplayer.exe
CTonguerogram FilesWebrootSpy SweeperSpySweeperUI.exe
CTonguerogram FilesWebrootSpy SweeperSpySweeper.exe
CTonguerogram FilesWebrootSpy SweeperSSU.EXE
CTonguerogram FilesOperaOpera.exe
CGrinocuments and SettingsAlbertDesktopHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =

[Aby zobaczyć linki, zarejestruj się tutaj]

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =

[Aby zobaczyć linki, zarejestruj się tutaj]

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =

[Aby zobaczyć linki, zarejestruj się tutaj]

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page =

[Aby zobaczyć linki, zarejestruj się tutaj]

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =

[Aby zobaczyć linki, zarejestruj się tutaj]

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - CTonguerogram FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll
O4 - HKLM..Run: [C-Media Mixer]Mixer.exe /startup
O4 - HKLM..Run: [NvCplDaemon]"RUNDLL32.EXE" C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz]"nwiz.exe" /install
O4 - HKLM..Run: [NvMediaCenter]"RUNDLL32.EXE" C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [RemoteControl]"CTonguerogram FilesCyberLinkPowerDVDPDVDServ.exe"
O4 - HKLM..Run: [WinampAgent]"CTonguerogram FilesWinampwinampa.exe"
O4 - HKLM..Run: [ZoneAlarm Client]"CTonguerogram FilesZone LabsZoneAlarmzlclient.exe"
O4 - HKLM..Run: [PCSuiteTrayApplication]"CTonguerogram FilesNokiaNokia PC Suite 6LaunchApplication.exe" -startup
O4 - HKLM..Run: [AVP]"CTonguerogram FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe"
O4 - HKLM..Run: [!AVG Anti-Spyware]"CTonguerogram FilesGrisoftAVG Anti-Spyware 7.5avgas.exe" /minimized
O4 - HKLM..Run: [SpySweeper]"CTonguerogram FilesWebrootSpy SweeperSpySweeperUI.exe" /startintray
O4 - HKCU..Run: [swg]"CTonguerogram FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe"
O4 - HKCU..Run: [Gadu-Gadu]"CTonguerogram FilesGadu-Gadugg.exe" /tray
O4 - HKCU..Run: [MSMSGS]"CTonguerogram FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [STYLEXP]"CTonguerogram FilesTGTSoftStyleXPStyleXP.exe" -Hide
O4 - HKCU..Run: [ctfmon.exe]C:WINDOWSsystem32ctfmon.exe
O4 - Startup: StyleXP.lnk = CTonguerogram FilesTGTSoftStyleXPStyleXP.exe
O4 - Startup: Webshots.lnk = CTonguerogram FilesWebshotsLauncher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = CTonguerogram FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:WinZipWZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -

[Aby zobaczyć linki, zarejestruj się tutaj]

O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - CTonguerogram FilesKaspersky LabKaspersky Anti-Virus 6.0scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - CTonguerogram FilesMessengermsmsgs.exe
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - CTonguerogram FilesMessengermsmsgs.exe
O11 - Options group: [INTERNATIONAL]International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

[Aby zobaczyć linki, zarejestruj się tutaj]

O20 - Winlogon Notify: klogon - C:WINDOWSsystem32klogon.dll
O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:WINDOWSSYSTEM32WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - CTonguerogram FilesGrisoftAVG Anti-Spyware 7.5guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - CTonguerogram FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - CTonguerogram FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:WINDOWSsystem32PSIService.exe
O23 - Service: ServiceLayer - Nokia. - CTonguerogram FilesPC Connectivity SolutionServiceLayer.exe
O23 - Service: StyleXPService - Unknown owner - CTonguerogram FilesTGTSoftStyleXPStyleXPService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:WINDOWSsystem32ZoneLabsvsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - CTonguerogram FilesWebrootSpy SweeperSpySweeper.exe




"Silent Runners.vbs", revision R50,

[Aby zobaczyć linki, zarejestruj się tutaj]

Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}
"swg" = ""CTonguerogram FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe"" ["Google Inc."]
"Gadu-Gadu" = ""CTonguerogram FilesGadu-Gadugg.exe" /tray" ["sms-express.com"]
"MSMSGS" = ""CTonguerogram FilesMessengermsmsgs.exe" /background" [MS]
"STYLEXP" = ""CTonguerogram FilesTGTSoftStyleXPStyleXP.exe" -Hide" [empty string]
"ctfmon.exe" = "C:WINDOWSsystem32ctfmon.exe" [MS]

HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++}
"C-Media Mixer" = "Mixer.exe /startup" ["C-Media Electronic Inc. (

[Aby zobaczyć linki, zarejestruj się tutaj]

)"]
"NvCplDaemon" = ""RUNDLL32.EXE" C:WINDOWSsystem32NvCpl.dll,NvStartup" [MS]
"nwiz" = ""nwiz.exe" /install" ["NVIDIA Corporation"]
"NvMediaCenter" = ""RUNDLL32.EXE" C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit" [MS]
"RemoteControl" = ""CTonguerogram FilesCyberLinkPowerDVDPDVDServ.exe"" ["Cyberlink Corp."]
"WinampAgent" = ""CTonguerogram FilesWinampwinampa.exe"" [null data]
"ZoneAlarm Client" = ""CTonguerogram FilesZone LabsZoneAlarmzlclient.exe"" ["Zone Labs, LLC"]
"PCSuiteTrayApplication" = ""CTonguerogram FilesNokiaNokia PC Suite 6LaunchApplication.exe" -startup" ["Nokia"]
"AVP" = ""CTonguerogram FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe"" ["Kaspersky Lab"]
"!AVG Anti-Spyware" = ""CTonguerogram FilesGrisoftAVG Anti-Spyware 7.5avgas.exe" /minimized" ["GRISOFT s.r.o."]
"SpySweeper" = ""CTonguerogram FilesWebrootSpy SweeperSpySweeperUI.exe" /startintray" ["Webroot Software, Inc."]

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
InProcServer32(Default) = "CTonguerogram FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
InProcServer32(Default) = "c:program filesgooglegoogletoolbar2.dll" ["Google Inc."]

HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
InProcServer32(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
InProcServer32(Default) = "C:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
InProcServer32(Default) = "C:WINDOWSsystem32nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
InProcServer32(Default) = "C:WINDOWSsystem32nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
InProcServer32(Default) = "C:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
InProcServer32(Default) = "C:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
InProcServer32(Default) = "D:WINZIPWZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
InProcServer32(Default) = "D:WINZIPWZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
InProcServer32(Default) = "D:WINZIPWZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
InProcServer32(Default) = "D:WINZIPWZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "D:WinZiprarext.dll" [null data]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
InProcServer32(Default) = "D:alkoholALCOHO~1AXShlEx.dll" ["Alcohol Soft Development Team"]
"{A5110426-177D-4e08-AB3F-785F10B4439C}" = "My Phones"
-> {HKLM...CLSID} = "My Phones"
InProcServer32(Default) = "CTonguerogram FilesSony EricssonMobileFile Managerfmgrgui.dll" ["Sony Ericsson Mobile Communications AB"]
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "Nokia Phone Browser"
-> {HKLM...CLSID} = "Nokia Phone Browser"
InProcServer32(Default) = "CTonguerogram FilesNokiaNokia PC Suite 6PhoneBrowser.dll" ["Nokia"]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statystyki ochrony WWW"
-> {HKLM...CLSID} = "Statystyki ochrony WWW"
InProcServer32(Default) = "CTonguerogram FilesKaspersky LabKaspersky Anti-Virus 6.0scieplugin.dll" ["Kaspersky Lab"]
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"
-> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"
InProcServer32(Default) = "CTongueROGRA~1WebrootSPYSWE~1SSCtxMnu.dll" ["Webroot Software, Inc."]

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
InProcServer32(Default) = "CTonguerogram FilesGrisoftAVG Anti-Spyware 7.5shellexecutehook.dll" ["GRISOFT s.r.o."]

HKLMSoftwareMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
InProcServer32(Default) = "C:WINDOWSsystem32WPDShServiceObj.dll" [MS]

HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify
<<!>> klogonDLLName = "C:WINDOWSsystem32klogon.dll" ["Kaspersky Lab"]
<<!>> WRNotifierDLLName = "WRLogonNTF.dll" ["Webroot Software, Inc."]

HKLMSoftwareClassesFoldershellexColumnHandlers
{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
InProcServer32(Default) = "CTonguerogram FilesAdobeAcrobat 7.0ActiveXPDFShell.dll" ["Adobe Systems, Inc."]

HKLMSoftwareClasses*shellexContextMenuHandlers
AVG Anti-Spyware(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
InProcServer32(Default) = "CTonguerogram FilesGrisoftAVG Anti-Spyware 7.5context.dll" ["GRISOFT s.r.o."]
Kaspersky Anti-Virus(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "CTonguerogram FilesKaspersky LabKaspersky Anti-Virus 6.0ShellEx.dll" ["Kaspersky Lab"]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "D:WinZiprarext.dll" [null data]
WinZip(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
InProcServer32(Default) = "D:WINZIPWZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLMSoftwareClassesDirectoryshellexContextMenuHandlers
AVG Anti-Spyware(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
InProcServer32(Default) = "CTonguerogram FilesGrisoftAVG Anti-Spyware 7.5context.dll" ["GRISOFT s.r.o."]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "D:WinZiprarext.dll" [null data]
WinZip(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
InProcServer32(Default) = "D:WINZIPWZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLMSoftwareClassesFoldershellexContextMenuHandlers
Kaspersky Anti-Virus(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "CTonguerogram FilesKaspersky LabKaspersky Anti-Virus 6.0ShellEx.dll" ["Kaspersky Lab"]
SpySweeper(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"
-> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"
InProcServer32(Default) = "CTongueROGRA~1WebrootSPYSWE~1SSCtxMnu.dll" ["Webroot Software, Inc."]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "D:WinZiprarext.dll" [null data]
WinZip(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
InProcServer32(Default) = "D:WINZIPWZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLMSoftwareClassesAllFilesystemObjectsshellexContextMenuHandlers
SpySweeper(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"
-> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"
InProcServer32(Default) = "CTongueROGRA~1WebrootSPYSWE~1SSCtxMnu.dll" ["Webroot Software, Inc."]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem

"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}

HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral
"Wallpaper" = "%APPDATA%WebshotsThe Webshots DesktopWebshots Wallpaper.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCUControl PanelDesktop
"Wallpaper" = "CGrinocuments and SettingsAlbertApplication DataWebshotsThe Webshots DesktopWebshots Wallpaper.bmp"


Enabled Screen Saver:
---------------------

HKCUControl PanelDesktop
"SCRNSAVE.EXE" = "C:WINDOWSsystem32logon.scr" [MS]


Startup items in "Albert" & "All Users" startup folders:
--------------------------------------------------------

CGrinocuments and SettingsAlbertStart MenuProgramsStartup
"StyleXP" -> shortcut to: "CTonguerogram FilesTGTSoftStyleXPStyleXP.exe" [empty string]
"Webshots" -> shortcut to: "CTonguerogram FilesWebshotsLauncher.exe/t" [null data]

CGrinocuments and SettingsAll UsersStart MenuProgramsStartup
"Adobe Reader Speed Launch" -> shortcut to: "CTonguerogram FilesAdobeAcrobat 7.0Readerreader_sl.exe" ["Adobe Systems Incorporated"]
"WinZip Quick Pick" -> shortcut to: "D:WinZipWZQKPICK.EXE" ["WinZip Computing, Inc."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Entries {++}
000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]
000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]

Transport Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Entries {++}
0000000000##PackedCatalogItem (contains) DLL [Company Name] , (at) ## range:
%SystemRoot%system32mswsock.dll [MS] , 01 - 03, 06 - 17
%SystemRoot%system32rsvpsp.dll [MS] , 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
InProcServer32(Default) = "c:program filesgooglegoogletoolbar2.dll" ["Google Inc."]

HKLMSoftwareMicrosoftInternet ExplorerToolbar
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
InProcServer32(Default) = "c:program filesgooglegoogletoolbar2.dll" ["Google Inc."]

Explorer Bars

HKLMSoftwareMicrosoftInternet ExplorerExplorer Bars

HKLMSoftwareClassesCLSID{85E0B171-04FA-11D1-B7DA-00A0C90348D6}(Default) = "Statystyki ochrony WWW"
Implemented Categories{00021493-0000-0000-C000-000000000046} [vertical bar]
InProcServer32(Default) = "CTonguerogram FilesKaspersky LabKaspersky Anti-Virus 6.0scieplugin.dll" ["Kaspersky Lab"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLMSoftwareMicrosoftInternet ExplorerExtensions
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}
"ButtonText" = "Statystyki ochrony WWW"

{FB5F1910-F110-11D2-BB9E-00C04F795683}
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "CTonguerogram FilesMessengermsmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "CTonguerogram FilesGrisoftAVG Anti-Spyware 7.5guard.exe" ["GRISOFT s.r.o."]
Kaspersky Anti-Virus 6.0, AVP, ""CTonguerogram FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe" -r" ["Kaspersky Lab"]
Machine Debug Manager, MDM, ""CTonguerogram FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE"" [MS]
NVIDIA Display Driver Service, NVSvc, "C:WINDOWSsystem32nvsvc32.exe" ["NVIDIA Corporation"]
ProtexisLicensing, ProtexisLicensing, "C:WINDOWSsystem32PSIService.exe" [null data]
ServiceLayer, ServiceLayer, ""CTonguerogram FilesPC Connectivity SolutionServiceLayer.exe"" ["Nokia."]
TrueVector Internet Monitor, vsmon, "C:WINDOWSsystem32ZoneLabsvsmon.exe -service" ["Zone Labs, LLC"]
Webroot Spy Sweeper Engine, WebrootSpySweeperService, "CTonguerogram FilesWebrootSpy SweeperSpySweeper.exe" ["Webroot Software, Inc."]
Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:WINDOWSsystem32svchost.exe -k WudfServiceGroup" {"C:WINDOWSSystem32WUDFSvc.dll" [MS] }


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 94 seconds.
---------- (total run time: 174 seconds)
Szukaj
Odpowiedz
Serafin Offline
Użytkownik
Liczba postów: 850
Liczba wątków: 12
Dołączył: 15.07.2006
Reputacja: 0
#4
08.06.2007, 11:17
Jest ok, poczytaj:

[Aby zobaczyć linki, zarejestruj się tutaj]

[Aby zobaczyć linki, zarejestruj się tutaj]

[Aby zobaczyć linki, zarejestruj się tutaj]


Możesz jeszcze preskanować

[Aby zobaczyć linki, zarejestruj się tutaj]

po update.
"Nie jestem konsumentem mieszczącym się w standardzie
Nie jestem gatunkiem skazanym na wymarcie
Nie jestem obiektem medialnego hałasu
Jestem nielegalnym zabójcą czasu"
Strona WWW Szukaj
Odpowiedz
dawidek11 Offline
Nowicjusz
Liczba postów: 8
Liczba wątków: 2
Dołączył: 05.06.2007
Reputacja: 0
#5
13.11.2011, 11:28
bodek napisał(a):Jest ok, poczytaj:

[Aby zobaczyć linki, zarejestruj się tutaj]

[Aby zobaczyć linki, zarejestruj się tutaj]

[Aby zobaczyć linki, zarejestruj się tutaj]


Możesz jeszcze preskanować

[Aby zobaczyć linki, zarejestruj się tutaj]

po update.



Aha dzieki :wink:
Szukaj
Odpowiedz


Skocz do:


Użytkownicy przeglądający ten wątek: 2 gości