ComboFix 08-06-20.4 - Maciek 2008-06-26 14:03:59.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1508 [GMT 2:00] Running from: C:\Documents and Settings\Maciek\Moje dokumenty\hjt\ComboFix.exe Command switches used :: C:\Documents and Settings\Maciek\Moje dokumenty\hjt\CFScript.txt * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED [img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img][/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 ))))))))))))))))))))))))))))))) . 2008-06-26 11:27 . 2008-06-26 11:27 0 --a------ C:\WINNT\nsreg.dat 2008-06-26 06:43 . 2008-06-26 06:43 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-06-25 21:36 . 2008-06-14 20:01 273,024 --------- C:\WINNT\system32\drivers\bthport.sys 2008-06-25 21:36 . 2008-06-14 20:01 273,024 -----c--- C:\WINNT\system32\dllcache\bthport.sys 2008-06-25 21:33 . 2007-07-09 15:11 584,192 -----c--- C:\WINNT\system32\dllcache\rpcrt4.dll 2008-06-25 21:31 . 2008-05-08 14:28 202,752 -----c--- C:\WINNT\system32\dllcache\rmcast.sys 2008-06-25 19:55 . 2008-06-25 19:55 <DIR> d-------- C:\WINNT\system32\xircom 2008-06-25 19:55 . 2008-06-25 19:55 <DIR> d-------- C:\Program Files\microsoft frontpage 2008-06-25 14:49 . 2008-06-25 14:49 15,544 --a------ C:\WINNT\system32\drivers\sbhr.sys 2008-06-25 14:09 . 2008-06-25 14:17 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-06-25 13:01 . 2008-06-25 13:01 <DIR> d-------- C:\Documents and Settings\Maciek\Dane aplikacji\Sunbelt Software 2008-06-25 13:01 . 2008-06-25 13:01 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Sunbelt Software 2008-06-25 13:01 . 2008-06-25 13:01 0 --a------ C:\WINNT\system32\SBRC.dat 2008-06-25 13:01 . 2008-06-25 13:01 0 --a------ C:\WINNT\system32\SBFC.dat 2008-06-25 13:00 . 2008-06-25 13:00 <DIR> d-------- C:\Program Files\Sunbelt Software 2008-06-25 12:41 . 2008-06-26 11:09 <DIR> d-------- C:\Program Files\Spyware Terminator 2008-06-25 12:41 . 2008-06-26 11:17 <DIR> d-------- C:\Documents and Settings\Maciek\Dane aplikacji\Spyware Terminator 2008-06-25 12:41 . 2008-06-26 11:09 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator 2008-06-25 12:41 . 2008-06-25 12:41 141,312 --a------ C:\WINNT\system32\drivers\sp_rsdrv2.sys 2008-06-25 11:19 . 2008-06-25 11:19 <DIR> d-------- C:\Program Files\Lavasoft 2008-06-25 11:19 . 2008-06-25 11:19 <DIR> d-------- C:\Documents and Settings\Maciek\Dane aplikacji\Lavasoft 2008-06-25 11:11 . 2008-06-25 11:11 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft 2008-06-24 22:34 . 2008-06-25 15:15 90,838 --a------ C:\WINNT\system32\phc1c1j0eg03.bmp 2008-06-24 22:34 . 2008-06-25 15:15 60,928 --a------ C:\WINNT\system32\blphc1c1j0eg03.scr 2008-06-24 22:33 . 2008-06-24 22:33 54,156 --ah----- C:\WINNT\QTFont.qfn 2008-06-24 22:33 . 2008-06-24 22:33 1,409 --a------ C:\WINNT\QTFont.for 2008-06-04 15:44 . 2008-06-04 15:44 <DIR> d-------- C:\Soldat 2008-06-03 19:47 . 2008-06-03 19:47 <DIR> d-------- C:\Program Files\Google 2008-06-02 21:32 . 2008-06-02 21:32 <DIR> d-------- C:\Documents and Settings\Maciek\Dane aplikacji\DAEMON Tools 2008-05-31 21:21 . 2008-05-31 21:21 0 -ra------ C:\logwmemory.bin 2008-05-31 21:19 . 2008-05-31 21:19 <DIR> d-------- C:\Documents and Settings\Maciek\Dane aplikacji\Soldat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-26 07:57 --------- d-----w C:\Documents and Settings\Maciek\Dane aplikacji\AVG7 2008-06-25 09:10 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-06-24 16:01 --------- d-----w C:\Documents and Settings\Beata.LESZEK-4025D4B0\Dane aplikacji\AVG7 2008-06-18 16:47 --------- d-----w C:\Documents and Settings\Maciek\Dane aplikacji\teamspeak2 2008-06-15 14:49 196,608 ----a-w C:\WINNT\system32\drivers\nStandard.bin 2008-05-24 07:44 43,520 ----a-w C:\WINNT\system32\CmdLineExt03.dll 2008-05-23 18:22 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-23 18:12 --------- d-----w C:\Program Files\Sygate 2008-05-16 21:00 --------- d-----w C:\Documents and Settings\Maciek\Dane aplikacji\Winamp 2008-05-08 12:28 202,752 ----a-w C:\WINNT\system32\drivers\rmcast.sys 2008-05-07 05:03 1,291,776 ----a-w C:\WINNT\system32\quartz.dll 2008-04-21 06:58 669,184 ----a-w C:\WINNT\system32\wininet.dll 2008-04-13 17:28 98,304 ----a-w C:\WINNT\system32\qttask.exe 2008-04-12 11:09 9,309,344 ----a-w C:\winamp5531_full_emusic-7plus_sv-se.exe 2008-04-12 11:05 1,732,834 ----a-w C:\ALLPlayer_[www.instalki.pl].exe 2008-04-10 18:16 6,184,960 ----a-w C:\epson26382eu.exe 2008-04-10 18:10 24,754,048 ----a-w C:\AdbeRdr812_pl_PL.exe 2008-04-09 20:26 499,712 ----a-w C:\WINNT\system32\msvcp71.dll . ((((((((((((((((((((((((((((( snapshot@2008-06-26_ 9.54.38,35 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-26 07:32:55 2,048 --s-a-w C:\WINNT\bootstat.dat + 2008-06-26 11:43:10 2,048 --s-a-w C:\WINNT\bootstat.dat - 2008-06-26 04:47:05 2,912 ----a-w C:\WINNT\SoftwareDistribution\EventCache\{83906E52-06C3-467E-9800-9051A2D159BE}.bin + 2008-06-26 08:02:10 2,912 ----a-w C:\WINNT\SoftwareDistribution\EventCache\{83906E52-06C3-467E-9800-9051A2D159BE}.bin - 2007-04-10 12:02:50 1,476,992 ------w C:\WINNT\system32\LegitCheckControl.dll + 2008-03-20 16:06:36 1,480,232 ----a-w C:\WINNT\system32\LegitCheckControl.DLL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="C:\Documents and Settings\Maciek\Moje dokumenty\gg\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINNT\system32\NvCpl.dll" [2007-12-07 07:51 8523776] "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-06-25 12:41 1817600] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.sl_anet"= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm "vidc.yv12"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL "vidc.divx"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll "vidc.iyuv"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll "vidc.uyvy"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll "vidc.yuy2"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll "vidc.yvyu"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll "msacm.msaudio1"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\\WINNT\\system32\\sessmgr.exe"= "C:\\Soldat\\Soldat.exe"= "E:\\cs 1.6\\hl.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 R0 SBHR;SBHR;C:\WINNT\system32\drivers\sbhr.sys [2008-06-25 14:49] R1 EIO_XP;EIO_XP;C:\WINNT\system32\drivers\EIO_XP.sys [2006-06-14 13:44] R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINNT\system32\DRIVERS\msikbd2k.sys [2001-12-20 08:02] R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINNT\system32\drivers\sp_rsdrv2.sys [2008-06-25 12:41] R2 nhksrv;Netropa NHK Server;C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 05:41] R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINNT\system32\drivers\asusgsb.sys [2007-10-23 17:48] R3 ASUSVRC;ASUSTeK Virtual Capture Device;C:\WINNT\system32\DRIVERS\AsusVRC.sys [2007-01-29 17:12] R3 SBAPIFS;SBAPIFS;C:\WINNT\system32\drivers\sbapifs.sys [] R3 Video3D;ASUS Video3D Service;C:\WINNT\system32\Drivers\Video3D32.sys [2007-10-23 17:48] S3 axskbus;axskbus;C:\WINNT\system32\DRIVERS\axskbus.sys [] S3 cdrmkaun;cdrmkaun;C:\DOCUME~1\Maciek\USTAWI~1\Temp\cdrmkaun.sys [] S3 mamotou;mamotou;C:\WINNT\system32\DRIVERS\mamotou.sys [2005-11-07 17:50] *Newly Created Service* - SBAPIFS . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-26 14:04:44 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant] "ImagePath"="" . Completion time: 2008-06-26 14:05:23 ComboFix-quarantined-files.txt 2008-06-26 12:05:19 ComboFix2.txt 2008-06-26 10:09:36 ComboFix3.txt 2008-06-26 07:54:52 Pre-Run: 31,008,063,488 bajtów wolnych Post-Run: 31,009,034,240 bajtów wolnych 130 --- E O F --- 2008-06-26 07:52:26
HiJack
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:07:21, on 2008-06-26 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe C:\WINNT\ATKKBService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINNT\system32\nvsvc32.exe C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\WgaTray.exe C:\WINNT\system32\wuauclt.exe C:\WINNT\explorer.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\Maciek\Moje dokumenty\hjt\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Documents and Settings\Maciek\Moje dokumenty\gg\Gadu-Gadu\gg.exe" /tray O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINNT\ATKKBService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe -- End of file - 3263 bytes
SilentRunners
"Silent Runners.vbs", revision 58, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "Gadu-Gadu" = ""C:\Documents and Settings\Maciek\Moje dokumenty\gg\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "NvCplDaemon" = "RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup" [MS] "SpywareTerminator" = ""C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"" ["Crawler.com"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINNT\system32\hticons.dll" ["Hilgraeve, Inc."] "{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete" -> {HKLM...CLSID} = "IE Microsoft AutoComplete" \InProcServer32\(Default) = "C:\WINNT\system32\browseui.dll" [MS] "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" -> {HKLM...CLSID} = "History Band" \InProcServer32\(Default) = "C:\WINNT\system32\shdocvw.dll" [MS] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINNT\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINNT\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINNT\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINNT\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINNT\system32\nvshell.dll" ["NVIDIA Corporation"] "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."] "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension" -> {HKLM...CLSID} = "AVG7 Find Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\rpshell.dll" ["RealNetworks, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{BD88A479-9623-4897-8546-BC62B9628F44}" = "SPTHandler" -> {HKLM...CLSID} = "SPTHandler" \InProcServer32\(Default) = "C:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"] HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\ <<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [file not found]| [file not found] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."] SPTContMenu\(Default) = "{BD88A479-9623-4897-8546-BC62B9628F44}" -> {HKLM...CLSID} = "SPTHandler" \InProcServer32\(Default) = "C:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."] SPTContMenu\(Default) = "{BD88A479-9623-4897-8546-BC62B9628F44}" -> {HKLM...CLSID} = "SPTHandler" \InProcServer32\(Default) = "C:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ SPTContMenu\(Default) = "{BD88A479-9623-4897-8546-BC62B9628F44}" -> {HKLM...CLSID} = "SPTHandler" \InProcServer32\(Default) = "C:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoDrives" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoDrives" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideLogoffScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "RunLogonScriptSync" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "RunStartupScriptSync" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideStartupScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} "DisableRegistryTools" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideLogoffScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "RunLogonScriptSync" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "RunStartupScriptSync" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideStartupScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINNT\web\wallpaper\Idylla.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Maciek\Dane aplikacji\Microsoft\Internet Explorer\Tapeta programu Internet Explorer.bmp" Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ FunMultiMediaHandler\ "Provider" = "MultiMedia Manager" "ProgID" = "FUNBOX.Autoplay" HKLM\SOFTWARE\Classes\FUNBOX.Autoplay\CLSID\(Default) = "{DF866F1F-10DF-4694-94A9-7F526FC8800A}" -> {HKLM...CLSID} = "FUNBOX Autoplay Sample 2" \LocalServer32\(Default) = "C:\Program Files\Samsung\Samsung PC Studio 3\Share_autoplay.exe" ["TODO: <** **>" (unwritable string)] MSPlayCDAudioOnArrival\ "Provider" = "ALLPlayer" "InvokeProgID" = "AllPlayerFile" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\AllPlayerFile\shell\play\command\(Default) = ""C:\Program Files\MarBit\ALLPlayer\ALLPlayer.exe" "%1"" ["MarBit"] NeroAutoPlay2CDAudio\ "Provider" = "Nero Express" "InvokeProgID" = "Nero.AutoPlay2" "InvokeVerb" = "HandleCDBurningOnArrival_CDAudio" HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_CDAudio\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:AudioCD /Drive:%L" ["Ahead Software AG"] NeroAutoPlay2CopyCD\ "Provider" = "Nero Express" "InvokeProgID" = "Nero.AutoPlay2" "InvokeVerb" = "PlayCDAudioOnArrival_CopyCD" HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_CopyCD\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /Dialog:DiscCopy /Drive:%L" ["Ahead Software AG"] NeroAutoPlay2DataDisc\ "Provider" = "Nero Express" "InvokeProgID" = "Nero.AutoPlay2" "InvokeVerb" = "HandleCDBurningOnArrival_DataDisc" HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_DataDisc\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:ISODisc /Drive:%L" ["Ahead Software AG"] NeroAutoPlay2LaunchNeroStartSmart\ "Provider" = "Nero StartSmart" "InvokeProgID" = "Nero.AutoPlay2" "InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart" HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_LaunchNeroStartSmart\command\(Default) = "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe /AutoPlay /Drive:%L" ["Ahead Software AG"] WinampMTPHandler\ "Provider" = "Winamp" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = "C:\Program Files\Winamp\winamp.exe" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] WinampPlayMediaOnArrival\ "Provider" = "Winamp" "InvokeProgID" = "Winamp.File" "InvokeVerb" = "Play" HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"] HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}" -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = ""C:\Program Files\Winamp\winamp.exe"" ["Nullsoft"]
Próbowałem różnymi anty wirusami itp. ale nic nie daje. Pierw zamiast tapety miałem informacje o tym, że na moim komputerze jest spyware, po 1 dniu to znikło ale mam kolejne problemy:
-Internet się rozłącza co jakiś czas i trzeba resetować kompute.
-Przy włączaniu komputera pokazuje mi się takie coś:
-A na pasku zadań:
Da to się jakoś naprawić ?
PS windows orginalny.
PS2 prosze o nie pisanie skomplikowanych rzeczy bo się nie znam dobrze na komputerach.