Gość: slawas
IP: 82.139.21.*
20.10.05, 05:55
* DLLCompare Log version(1.0.0.125)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________
C:\WINDOWS\SYSTEM32\wznstrm.dll Thu 2005-10-20 4:15:28 ..S.R
234 098 228,61 K
C:\WINDOWS\SYSTEM32\dud8.dll Thu 2005-10-20 4:13:16 ..S.R
234 098 228,61 K
C:\WINDOWS\SYSTEM32\mmrepl40.dll Thu 2005-10-20 0:14:50 ..S.R
234 736 229,23 K
C:\WINDOWS\SYSTEM32\siobject.dll Thu 2005-10-20 1:29:48 ..S.R
236 317 230,78 K
C:\WINDOWS\SYSTEM32\rxgapi.dll Thu 2005-10-20 0:30:02 ..S.R
234 736 229,23 K
C:\WINDOWS\SYSTEM32\mrang.dll Thu 2005-10-20 2:34:38 ..S.R
234 098 228,61 K
C:\WINDOWS\SYSTEM32\imxmontr.dll Thu 2005-10-20 2:45:40 ..S.R
234 098 228,61 K
C:\WINDOWS\SYSTEM32\lv0s09~1.dll Thu 2005-10-20 2:32:50 ..S.R
236 317 230,78 K
________________________________________________
1 331 items found: 1 331 files (8 H/S), 0 directories.
Total of file sizes: 267 256 936 bytes 254,88 M
Administrator Account = True
--------------------End log---------------------
"Silent Runners.vbs", revision 36, www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized"
["Skype Technologies S.A."]
"RoboForm" = ""C:\Program Files\Siber Systems\AI
RoboForm\RoboTaskBarIcon.exe"" ["Siber Systems"]
"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu Sp. z oo"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Zone Labs Client" = ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe""
["Zone Labs LLC"]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"WINDVDPatch" = "CTHELPER.EXE" ["Creative Technology Ltd"]
"UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."]
"Jet Detection" = ""C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe""
[empty string]
"CTStartup" = "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run"
["Creative Technology Ltd."]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
-osboot" ["RealNetworks, Inc."]
"SunJavaUpdateSched" = "C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe"
[null data]
"Cobian Backup 7 Interface" = ""C:\Program Files\Cobian Backup 7\cobui.exe"
-service" ["Luis Cobian"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania
wyświetlania"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll"
["Hilgraeve, Inc."]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil
Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) =
"C:\PROGRA~1\MICROS~1\Office\OLKFSTUB.DLL" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program
Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll"
[null data]
"{57C51AF9-DEF7-11D3-A801-00C04F163490}" = "Ghost Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Symantec\Norton
Ghost 2003\GhoShExt.dll" ["Symantec Corporation"]
"{4C061DFE-76C1-4FE8-A5D7-A49E083F7CA0}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\mrang.dll" [null
data]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}" = "Trend Micro Anti-Spyware Shell
Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Trend
Micro\Tmas\sshook.dll" ["Trend Micro Incorporated"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}" = "Trend Micro
Anti-Spyware Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Trend
Micro\Tmas\sshook.dll" ["Trend Micro Incorporated"]
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
INFECTION WARNING! "load" = "C:\YDPDict\watch.exe" [null data]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! wzcnotif\DLLName = "wzcdlg.dll" [MS]
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssstars.scr" [MS]
Enabled Wallpaper and Active Desktop:
-------------------------------------
Active Desktop is disabled.
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\Firefox Wallpaper.bmp"
Startup items in "slawas2001" & "All Users" startup folders:
------------------------------------------------------------
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\
{++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\
{++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {CLSID}\(Default) = "&Google"
-> {CLSID}\InProcServer32\(Default) = "c:\program
files\google\googletoolbar1.dll" ["Google Inc."]
"{724D43A0-0D85-11D4-9908-00400523E39A}"
-> {CLSID}\(Default) = "&RoboForm"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Siber Systems\AI
RoboForm\roboform.dll" ["Siber Systems"]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {CLSID}\(Default) = "&Google"
-> {CLSID}\InProcServer32\(Default) = "c:\program
files\google\googletoolbar1.dll" ["Google Inc."]
"{724D43A0-0D85-11D4-9908-00400523E39A}"
-> {CLSID}\(Default) = "&RoboForm"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Siber Systems\AI
RoboForm\roboform.dll" ["Siber Systems"]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{724D43A0-0D85-11D4-9908-00400523E39A}"
-> {CLSID}\(Default) = "&RoboForm"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Siber Systems\AI
RoboForm\roboform.dll" ["Siber Systems"]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {CLSID}\(Default) = "&Google"
-> {CLSID}\InProcServer32\(Default) = "c:\program
files\google\googletoolbar1.dll" ["Google Inc."]
Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\
-> {CLSID}\(Default) = "&Y