Ad-adware wykrywa dziwne spyware

michal.uszynski · 25 Sierpień 2006 11:56

Siemka ad-adware wykryło mi dziś (skanuje codzień) 100 nowych grożnych zagrożęń , większość 98 to jest BPS SpywareRemover(Indeks TAC:3):92 łącznie referencji nie wiem skąd to sie wzieło nic nie instalowałem może mułek coś złego zassał, możecie mi powiedzieć co to jest iczy usuwająć to niczego dobrego nie strace. pozdr

matio · 25 Sierpień 2006 12:00

najpierw wrzuć logi z hijackthis i silentrunners: http://forum.dobreprogramy.pl/viewtopic.php?t=36654

michal.uszynski · 25 Sierpień 2006 12:14

Logfile of HijackThis v1.99.1 Scan saved at 14:05:08, on 2006-08-25 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\HCOUNT.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\RUNSERVICE.EXE C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\OUTPOST.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\INTERNAT.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\A4TECH\MOUSE\AMOUMAIN.EXE C:\PROGRAM FILES\WINAMP\WINAMPA.EXE C:\WINDOWS\SYSTEM\HPZTSB03.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\PROGRAM FILES\CYBERLINK\POWERDVD\PDVDSERV.EXE C:\PROGRAM FILES\BROWSER MOUSE\BROWSER MOUSE\1.0\LWBWHEEL.EXE C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISSCH.EXE C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPLORER 7.0\MONITOR.EXE C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\NEOSTRADA TP\CNXMON.EXE C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE C:\PROGRAM FILES\NEOSTRADA TP\TASKBARICON.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE C:\PROGRAM FILES\OPENOFFICE.ORG1.1.0\PROGRAM\SOFFICE.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE C:\PROGRAM FILES\NEOSTRADA TP\NEOSTRADATP.EXE C:\PROGRAM FILES\NEOSTRADA TP\COMCOMP.EXE C:\PROGRAM FILES\NEOSTRADA TP\WATCH.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = £¹cza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM…\Run: [internat.exe] internat.exe O4 - HKLM…\Run: [Windows Millennium Edition Intro Video] C:\WINDOWS\Applic~1\Micros~1\Intro\content.hta O4 - HKLM…\Run: [selfHostUtil] C:\WINDOWS\selfhost.exe /L O4 - HKLM…\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM…\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM…\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM…\Run: [systemTray] SysTray.Exe O4 - HKLM…\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM…\Run: [WheelMouse] C:\PROGRA~1\A4TECH\MOUSE\AMOUMAIN.EXE O4 - HKLM…\Run: [WinampAgent] “C:\PROGRAM FILES\WINAMP\WINAMPa.exe” O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb03.exe O4 - HKLM…\Run: [QuickTime Task] “C:\WINDOWS\SYSTEM\QTTASK.EXE” -atboottime O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe O4 - HKLM…\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.EXE -startup O4 - HKLM…\Run: [iSUSScheduler] “C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\issch.exe” -start O4 - HKLM…\Run: [ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe O4 - HKLM…\Run: [MMTray] “C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe” O4 - HKLM…\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRAM FILES\NEOSTRADA TP\taskbaricon.exe O4 - HKLM…\Run: [Outpost Firewall] C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\outpost.exe /waitservice O4 - HKLM…\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE O4 - HKLM…\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe O4 - HKLM…\Run: [WinPatrol] C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\winpatrol.exe O4 - HKLM…\Run: [KonektorTP] “c:\program files\konektortp\konektortp.exe” tray O4 - HKLM…\Run: [bearShare] “C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE” /pause O4 - HKLM…\RunServices: [HiberMonitor] HCount.exe O4 - HKLM…\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM…\RunServices: [schedulingAgent] mstask.exe O4 - HKLM…\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM…\RunServices: [LicCtrl] runservice.exe O4 - HKLM…\RunServices: [Outpost Firewall] C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\outpost.exe /service O4 - HKLM…\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe O4 - HKCU…\Run: [Zegarynka] C:\WINDOWS\PROFILES\KRZYSIEK\PULPIT\ZEGARYNKA.EXE O4 - HKCU…\Run: [Zinio DLM] C:\PROGRAM FILES\ZINIO\ZINIODELIVERYMANAGER.EXE /autostart O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU…\Run: [Malware Sweeper] C:\PROGRAM FILES\MALWARESWEEPER.COM\MALWARE SWEEPER\MALSWEP.exe /STARTUP O4 - HKCU…\Run: [Dzieñdobry!] C:\PROGRAM FILES\VSD SOFTWARE\DZIEñDOBRY!\DZIENDOBRY.EXE /auto O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Startup: OpenOffice.org 1.1.0.lnk = C:\Program Files\OpenOffice.org1.1.0\program\quickstart.exe O4 - Startup: PowerReg Scheduler.exe O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - User Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - User Startup: OpenOffice.org 1.1.0.lnk = C:\Program Files\OpenOffice.org1.1.0\program\quickstart.exe O4 - User Startup: PowerReg Scheduler.exe O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l … cfscan.cab O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab

Złączono Posta : 25.08.2006 (Pią) 14:16

silentrunners nie mam i nie moge zainstalować bo na twardym został 195MB

Złączono Posta : 25.08.2006 (Pią) 14:19

spybot nic nie znalazł

Myszak · 25 Sierpień 2006 12:22

Plik na czerowno z dysku wywalasz. Oczywiście w awaryjnym i z wyłączonym przywracaniem. Wpisy kasujesz Hijackiem.

matio · 25 Sierpień 2006 12:23

przydałby sie log z silentrunners. jeżeli nie masz miejsca, to może wywal jakąś gre, opróżnij kosz… itp.

Myszak · 25 Sierpień 2006 12:25

no i ? ten skrypt ma 292 Kb :?

michal.uszynski · 25 Sierpień 2006 12:26

już instaluje jak wejść do awaryjnego , wiem ze głupie pytanie

matio · 25 Sierpień 2006 12:29

podczas uruchamiania kompa naciskaj F8

michal.uszynski · 25 Sierpień 2006 12:32

“Silent Runners.vbs”, revision 46, http://www.silentrunners.org/ Operating System: Windows Me (Millennium Edition) Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “Zegarynka” = “C:\WINDOWS\PROFILES\KRZYSIEK\PULPIT\ZEGARYNKA.EXE” [file not found] “Zinio DLM” = “C:\PROGRAM FILES\ZINIO\ZINIODELIVERYMANAGER.EXE /autostart” [file not found] “SpybotSD TeaTimer” = “C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” [“Safer Networking Limited”] “Malware Sweeper” = “C:\PROGRAM FILES\MALWARESWEEPER.COM\MALWARE SWEEPER\MALSWEP.exe /STARTUP” [file not found] “Dzieñdobry!” = “C:\PROGRAM FILES\VSD SOFTWARE\DZIEñDOBRY!\DZIENDOBRY.EXE /auto” [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “internat.exe” = “internat.exe” [MS] “Windows Millennium Edition Intro Video” = “C:\WINDOWS\Applic~1\Micros~1\Intro\content.hta” [file not found] “SelfHostUtil” = “C:\WINDOWS\selfhost.exe /L” [MS] “ScanRegistry” = “C:\WINDOWS\scanregw.exe /autorun” [MS] “TaskMonitor” = “C:\WINDOWS\taskmon.exe” [MS] “PCHealth” = “C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s” [MS] “SystemTray” = “SysTray.Exe” [MS] “LoadPowerProfile” = “Rundll32.exe powrprof.dll,LoadCurrentPwrScheme” [MS] “WheelMouse” = “C:\PROGRA~1\A4TECH\MOUSE\AMOUMAIN.EXE” [“A4Tech Co.,Ltd.”] “WinampAgent” = ““C:\PROGRAM FILES\WINAMP\WINAMPa.exe”” [null data] “HPDJ Taskbar Utility” = “C:\WINDOWS\SYSTEM\hpztsb03.exe” [“HP”] “QuickTime Task” = ““C:\WINDOWS\SYSTEM\QTTASK.EXE” -atboottime” [“Apple Computer, Inc.”] “RemoteControl” = ““C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”” [“Cyberlink Corp.”] “LWBMOUSE” = “C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe” [empty string] “ISUSPM Startup” = “C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.EXE -startup” [“InstallShield Software Corporation”] “ISUSScheduler” = ““C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\issch.exe” -start” [“InstallShield Software Corporation”] “Ulead Memory Card Detector” = “C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe” [“Ulead Systems, Inc.”] “MMTray” = ““C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe”” [“Musicmatch, Inc.”] “MULTIMEDIA KEYBOARD” = “C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe” [“Netropa Corp.”] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit” [MS] “WooCnxMon” = “C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [","] “SpeedTouch USB Diagnostics” = ““C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon” [“THOMSON Telecom Belgium”] “WOOWATCH” = “C:\PROGRA~1\NEOSTR~1\Watch.exe” [“France Télécom R&D”] “WOOTASKBARICON” = “C:\PROGRAM FILES\NEOSTRADA TP\taskbaricon.exe” [“France Télécom R&D”] “Outpost Firewall” = “C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\outpost.exe /waitservice” [“Agnitum”] “avast! Web Scanner” = “C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE” [“ALWIL Software”] “ashMaiSv” = “C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe” [“ALWIL Software”] “WinPatrol” = “C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\winpatrol.exe” [file not found] “KonektorTP” = ““c:\program files\konektortp\konektortp.exe” tray” [file not found] “BearShare” = ““C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE” /pause” [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ {++} “HiberMonitor” = “HCount.exe” [null data] “LoadPowerProfile” = “Rundll32.exe powrprof.dll,LoadCurrentPwrScheme” [MS] “SchedulingAgent” = “mstask.exe” [MS] “*StateMgr” = “C:\WINDOWS\System\Restore\StateMgr.exe” [MS] “LicCtrl” = “runservice.exe” [null data] “Outpost Firewall” = “C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\outpost.exe /service” [“Agnitum”] “avast!” = “C:\Program Files\Alwil Software\Avast4\ashServ.exe” [null data] HKLM\Software\Microsoft\Active Setup\Installed Components\ PerUser_CVT_Inis(Default) = “Instalator systemu Windows — Konwerter FAT32” \StubPath = “rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX” ["("] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL” [“Safer Networking Limited”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{63542C48-9552-494A-84F7-73AA6A7C99C1}” = “OpenOffice Property Sheet Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\PROGRAM FILES\OPENOFFICE.ORG1.1.0\PROGRAM\SHLXTHDL.DLL” [“Sun Microsystems, Inc.”] “{d0e04dfd-9185-49bd-b3a8-cdefa63f810a}” = “Philips RUSH Audio Player (128 MB)Shell Hook” -> {HKLM…CLSID} = “Philips RUSH Audio Player (128 MB)Shell Hook” \InProcServer32(Default) = “PHIL16Ah.dll” [“Copyright © 2003, Koninklijke Philips”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\SYSTEM\NVCPL.DLL” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\SYSTEM\NVSHELL.DLL” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\SYSTEM\NVSHELL.DLL” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\SYSTEM\NVSHELL.DLL” [“NVIDIA Corporation”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\PROGRAM FILES\WINRAR\rarext.dll” [null data] “{D3796116-94D3-4009-96D7-51578411CC7D}” = “Outpost Shell Extension” -> {HKLM…CLSID} = “oshdlr.ShellHandler” \InProcServer32(Default) = “C:\PROGRA~1\AGNITUM\OUTPOS~1.0\OSHDLR.DLL” [“Agnitum Ltd.”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\PROGRAM FILES\WINRAR\rarext.dll” [null data] avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\PROGRAM FILES\WINRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\PROGRAM FILES\WINRAR\rarext.dll” [null data] avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Startup items in “Startup” & “All Users…Startup” folders: ----------------------------------------------------------- C:\WINDOWS\Profiles\krzysiek\Menu Start\Programy\Autostart “Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS] “WinZip Quick Pick” -> shortcut to: “C:\Program Files\WinZip\WZQKPICK.EXE” [“WinZip Computing, Inc.”] “OpenOffice.org 1.1.0” -> shortcut to: “C:\Program Files\OpenOffice.org1.1.0\program\quickstart.exe” [null data] INFECTION WARNING! “PowerReg Scheduler.exe” [“4”] Enabled Scheduled Tasks: ------------------------ “Rozpoczêcie aplikacji dostrajania” -> launches: “walign” [MS] “Harmonogram programu PCHealth dla zbierania danych” -> launches: “C:\WINDOWS\PCHEALTH\SUPPORT\PCHSCHD.EXE -c” [MS] “Konserwacja — programy Defragmentacji” -> launches: “C:\WINDOWS\DEFRAG.EXE /SAGERUN:0” [MS] “Konserwacja — Scandisk” -> launches: “C:\WINDOWS\SCANDSKW.EXE /SAGERUN:0 /ALL /N” [MS] “Konserwacja — Porz¹dkowanie dysku” -> launches: “C:\WINDOWS\CLEANMGR.EXE /SAGERUN:0” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “C:\WINDOWS\SYSTEM\rnr20.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range: C:\WINDOWS\SYSTEM\mswsosp.dll [MS], 1 C:\WINDOWS\SYSTEM\msafd.dll [MS], 2 - 4 C:\WINDOWS\SYSTEM\rsvpsp.dll [MS], 5 - 6 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars Dormant Explorer Bars in “View, Explorer Bar” menu HKLM\Software\Classes\CLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRAM FILES\NEOSTRADA TP\AUDIENCE\AUDIENCE.DLL” ["$"] HKLM\Software\Classes\CLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRAM FILES\NEOSTRADA TP\AUDIENCE\AUDIENCE.DLL” ["$"] HKLM\Software\Classes\CLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = “ToolBand Class” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRAM FILES\NEOSTRADA TP\AUDIENCE\AUDIENCE.DLL” ["$"] Miscellaneous IE Hijack Points ------------------------------ HKLM\Software\Microsoft\Internet Explorer\Version = (invalid data) The Internet Explorer version cannot be found! C:\WINDOWS\INF\IERESET.INF (used to “Reset Web Settings”) The contents of IERESET.INF cannot be reliably checked! Added lines (compared with English-language version): [strings]: START_PAGE_URL=“http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome” [strings]: MS_START_PAGE_URL=“http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome” Missing lines (compared with English-language version): [strings]: 2 lines HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ “{08C06D61-F1F3-4799-86F8-BE1A89362C85}” = (no title provided) -> {HKLM…CLSID} = “Search Class” \InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL” [","] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ PostScript Language Monitor\Driver = “PSMON.DLL” [MS] CN16Q6B0JHBH\Driver = “hpzpom03.dll” [“Hewlett-Packard Company”] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 18 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 9 seconds. ---------- (total run time: 55 seconds)

Złączono Posta : 25.08.2006 (Pią) 14:34

nie jestem pewien czy go nie obciełem bo pierwszy raz tego używam a tak to co to jest ten PowerReg Scheduler.exe i skąd sie u mnie wziął

Złączono Posta : 25.08.2006 (Pią) 14:36

myszak a te wpisy to mam oba skasować Hijackiem

matio · 25 Sierpień 2006 12:39

wpisy - i.mnoga = 2 wpisy

qiko · 25 Sierpień 2006 12:46

matio91 ,ja nie jestem moderatorem itd,ale przestan gadac takie bzdury z tym liczba mnoga itd!!Albo odinstaluj gre zeby zainstalowac silent runners…bo to jest lekko zenujace…

matio · 25 Sierpień 2006 12:50

pytał sie czy oba wpisy wywalić hijackiem to mu odpowiedziałem

co do wywalenia gry: musiał zwolnić miejsce to mógł wywalić gre, lepiej jak by wywalił c:\windows? :evil:

Myszak · 25 Sierpień 2006 12:57

wpisy Hijackiem. Natomiast plik masz odszkujać i ręcznie wywalić z dysku. Wtedy daj nowe logi.

przestań pociskać farmazony. Napisał, że ma 192 Mb wolnego a SR wymaga 192 Kb. :twisted:

matio · 25 Sierpień 2006 13:27

:mrgreen:

qiko · 25 Sierpień 2006 13:43

matio91 on sie pytal co to jest i skad sie wzial,a nie czy wywalic…bo to czy wywalic to mu myszak napisal.

Interpretacja słów…(trudne zagadnienie)

michal.uszynski · 25 Sierpień 2006 13:50

wklejamloga po usunięciu bo za cholere teraz tych wpisów w logu nie moge znależć - usunąć

Złączono Posta : 25.08.2006 (Pią) 15:51

Logfile of HijackThis v1.99.1 Scan saved at 15:40:59, on 2006-08-25 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\HCOUNT.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\RUNSERVICE.EXE C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\OUTPOST.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\SYSTEM\INTERNAT.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\A4TECH\MOUSE\AMOUMAIN.EXE C:\PROGRAM FILES\WINAMP\WINAMPA.EXE C:\WINDOWS\SYSTEM\HPZTSB03.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\PROGRAM FILES\CYBERLINK\POWERDVD\PDVDSERV.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\PROGRAM FILES\BROWSER MOUSE\BROWSER MOUSE\1.0\LWBWHEEL.EXE C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISSCH.EXE C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPLORER 7.0\MONITOR.EXE C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE C:\PROGRAM FILES\NEOSTRADA TP\CNXMON.EXE C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE C:\PROGRAM FILES\NEOSTRADA TP\TASKBARICON.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE C:\PROGRAM FILES\OPENOFFICE.ORG1.1.0\PROGRAM\SOFFICE.EXE C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE C:\WINDOWS\EXPLORER.EXE C:\PROGRAM FILES\NEOSTRADA TP\NEOSTRADATP.EXE C:\PROGRAM FILES\NEOSTRADA TP\COMCOMP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\PROGRAM FILES\NEOSTRADA TP\WATCH.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = £¹cza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM…\Run: [internat.exe] internat.exe O4 - HKLM…\Run: [Windows Millennium Edition Intro Video] C:\WINDOWS\Applic~1\Micros~1\Intro\content.hta O4 - HKLM…\Run: [selfHostUtil] C:\WINDOWS\selfhost.exe /L O4 - HKLM…\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM…\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM…\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM…\Run: [systemTray] SysTray.Exe O4 - HKLM…\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM…\Run: [WheelMouse] C:\PROGRA~1\A4TECH\MOUSE\AMOUMAIN.EXE O4 - HKLM…\Run: [WinampAgent] “C:\PROGRAM FILES\WINAMP\WINAMPa.exe” O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb03.exe O4 - HKLM…\Run: [QuickTime Task] “C:\WINDOWS\SYSTEM\QTTASK.EXE” -atboottime O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe O4 - HKLM…\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.EXE -startup O4 - HKLM…\Run: [iSUSScheduler] “C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\issch.exe” -start O4 - HKLM…\Run: [ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe O4 - HKLM…\Run: [MMTray] “C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe” O4 - HKLM…\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRAM FILES\NEOSTRADA TP\taskbaricon.exe O4 - HKLM…\Run: [Outpost Firewall] C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\outpost.exe /waitservice O4 - HKLM…\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE O4 - HKLM…\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe O4 - HKLM…\Run: [WinPatrol] C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\winpatrol.exe O4 - HKLM…\Run: [KonektorTP] “c:\program files\konektortp\konektortp.exe” tray O4 - HKLM…\Run: [bearShare] “C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE” /pause O4 - HKLM…\RunServices: [HiberMonitor] HCount.exe O4 - HKLM…\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM…\RunServices: [schedulingAgent] mstask.exe O4 - HKLM…\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM…\RunServices: [LicCtrl] runservice.exe O4 - HKLM…\RunServices: [Outpost Firewall] C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\outpost.exe /service O4 - HKLM…\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe O4 - HKCU…\Run: [Zegarynka] C:\WINDOWS\PROFILES\KRZYSIEK\PULPIT\ZEGARYNKA.EXE O4 - HKCU…\Run: [Zinio DLM] C:\PROGRAM FILES\ZINIO\ZINIODELIVERYMANAGER.EXE /autostart O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU…\Run: [Malware Sweeper] C:\PROGRAM FILES\MALWARESWEEPER.COM\MALWARE SWEEPER\MALSWEP.exe /STARTUP O4 - HKCU…\Run: [Dzieñdobry!] C:\PROGRAM FILES\VSD SOFTWARE\DZIEñDOBRY!\DZIENDOBRY.EXE /auto O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Startup: OpenOffice.org 1.1.0.lnk = C:\Program Files\OpenOffice.org1.1.0\program\quickstart.exe O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - User Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - User Startup: OpenOffice.org 1.1.0.lnk = C:\Program Files\OpenOffice.org1.1.0\program\quickstart.exe O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l … cfscan.cab O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab

Złączono Posta : 25.08.2006 (Pią) 15:52

daje też to drugie i zaraz jeszcze raz przeskanuje ad-adware

Złączono Posta : 25.08.2006 (Pią) 15:53

“Silent Runners.vbs”, revision 46, http://www.silentrunners.org/ Operating System: Windows Me (Millennium Edition) Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “Zegarynka” = “C:\WINDOWS\PROFILES\KRZYSIEK\PULPIT\ZEGARYNKA.EXE” [file not found] “Zinio DLM” = “C:\PROGRAM FILES\ZINIO\ZINIODELIVERYMANAGER.EXE /autostart” [file not found] “SpybotSD TeaTimer” = “C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” [“Safer Networking Limited”] “Malware Sweeper” = “C:\PROGRAM FILES\MALWARESWEEPER.COM\MALWARE SWEEPER\MALSWEP.exe /STARTUP” [file not found] “Dzieñdobry!” = “C:\PROGRAM FILES\VSD SOFTWARE\DZIEñDOBRY!\DZIENDOBRY.EXE /auto” [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “internat.exe” = “internat.exe” [MS] “Windows Millennium Edition Intro Video” = “C:\WINDOWS\Applic~1\Micros~1\Intro\content.hta” [file not found] “SelfHostUtil” = “C:\WINDOWS\selfhost.exe /L” [MS] “ScanRegistry” = “C:\WINDOWS\scanregw.exe /autorun” [MS] “TaskMonitor” = “C:\WINDOWS\taskmon.exe” [MS] “PCHealth” = “C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s” [MS] “SystemTray” = “SysTray.Exe” [MS] “LoadPowerProfile” = “Rundll32.exe powrprof.dll,LoadCurrentPwrScheme” [MS] “WheelMouse” = “C:\PROGRA~1\A4TECH\MOUSE\AMOUMAIN.EXE” [“A4Tech Co.,Ltd.”] “WinampAgent” = ““C:\PROGRAM FILES\WINAMP\WINAMPa.exe”” [null data] “HPDJ Taskbar Utility” = “C:\WINDOWS\SYSTEM\hpztsb03.exe” [“HP”] “QuickTime Task” = ““C:\WINDOWS\SYSTEM\QTTASK.EXE” -atboottime” [“Apple Computer, Inc.”] “RemoteControl” = ““C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”” [“Cyberlink Corp.”] “LWBMOUSE” = “C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe” [empty string] “ISUSPM Startup” = “C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.EXE -startup” [“InstallShield Software Corporation”] “ISUSScheduler” = ““C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\issch.exe” -start” [“InstallShield Software Corporation”] “Ulead Memory Card Detector” = “C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe” [“Ulead Systems, Inc.”] “MMTray” = ““C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe”” [“Musicmatch, Inc.”] “MULTIMEDIA KEYBOARD” = “C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe” [“Netropa Corp.”] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit” [MS] “WooCnxMon” = “C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [","] “SpeedTouch USB Diagnostics” = ““C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon” [“THOMSON Telecom Belgium”] “WOOWATCH” = “C:\PROGRA~1\NEOSTR~1\Watch.exe” [“France Télécom R&D”] “WOOTASKBARICON” = “C:\PROGRAM FILES\NEOSTRADA TP\taskbaricon.exe” [“France Télécom R&D”] “Outpost Firewall” = “C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\outpost.exe /waitservice” [“Agnitum”] “avast! Web Scanner” = “C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE” [“ALWIL Software”] “ashMaiSv” = “C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe” [“ALWIL Software”] “WinPatrol” = “C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\winpatrol.exe” [file not found] “KonektorTP” = ““c:\program files\konektortp\konektortp.exe” tray” [file not found] “BearShare” = ““C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE” /pause” [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ {++} “HiberMonitor” = “HCount.exe” [null data] “LoadPowerProfile” = “Rundll32.exe powrprof.dll,LoadCurrentPwrScheme” [MS] “SchedulingAgent” = “mstask.exe” [MS] “*StateMgr” = “C:\WINDOWS\System\Restore\StateMgr.exe” [MS] “LicCtrl” = “runservice.exe” [null data] “Outpost Firewall” = “C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\outpost.exe /service” [“Agnitum”] “avast!” = “C:\Program Files\Alwil Software\Avast4\ashServ.exe” [null data] HKLM\Software\Microsoft\Active Setup\Installed Components\ PerUser_CVT_Inis(Default) = “Instalator systemu Windows — Konwerter FAT32” \StubPath = “rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX” ["("] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL” [“Safer Networking Limited”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{63542C48-9552-494A-84F7-73AA6A7C99C1}” = “OpenOffice Property Sheet Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\PROGRAM FILES\OPENOFFICE.ORG1.1.0\PROGRAM\SHLXTHDL.DLL” [“Sun Microsystems, Inc.”] “{d0e04dfd-9185-49bd-b3a8-cdefa63f810a}” = “Philips RUSH Audio Player (128 MB)Shell Hook” -> {HKLM…CLSID} = “Philips RUSH Audio Player (128 MB)Shell Hook” \InProcServer32(Default) = “PHIL16Ah.dll” [“Copyright © 2003, Koninklijke Philips”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\SYSTEM\NVCPL.DLL” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\SYSTEM\NVSHELL.DLL” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\SYSTEM\NVSHELL.DLL” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\SYSTEM\NVSHELL.DLL” [“NVIDIA Corporation”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\PROGRAM FILES\WINRAR\rarext.dll” [null data] “{D3796116-94D3-4009-96D7-51578411CC7D}” = “Outpost Shell Extension” -> {HKLM…CLSID} = “oshdlr.ShellHandler” \InProcServer32(Default) = “C:\PROGRA~1\AGNITUM\OUTPOS~1.0\OSHDLR.DLL” [“Agnitum Ltd.”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\PROGRAM FILES\WINRAR\rarext.dll” [null data] avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\PROGRAM FILES\WINRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\PROGRAM FILES\WINRAR\rarext.dll” [null data] avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Startup items in “Startup” & “All Users…Startup” folders: ----------------------------------------------------------- C:\WINDOWS\Profiles\krzysiek\Menu Start\Programy\Autostart “Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS] “WinZip Quick Pick” -> shortcut to: “C:\Program Files\WinZip\WZQKPICK.EXE” [“WinZip Computing, Inc.”] “OpenOffice.org 1.1.0” -> shortcut to: “C:\Program Files\OpenOffice.org1.1.0\program\quickstart.exe” [null data] Enabled Scheduled Tasks: ------------------------ “Rozpoczêcie aplikacji dostrajania” -> launches: “walign” [MS] “Harmonogram programu PCHealth dla zbierania danych” -> launches: “C:\WINDOWS\PCHEALTH\SUPPORT\PCHSCHD.EXE -c” [MS] “Konserwacja — programy Defragmentacji” -> launches: “C:\WINDOWS\DEFRAG.EXE /SAGERUN:0” [MS] “Konserwacja — Scandisk” -> launches: “C:\WINDOWS\SCANDSKW.EXE /SAGERUN:0 /ALL /N” [MS] “Konserwacja — Porz¹dkowanie dysku” -> launches: “C:\WINDOWS\CLEANMGR.EXE /SAGERUN:0” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “C:\WINDOWS\SYSTEM\rnr20.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range: C:\WINDOWS\SYSTEM\mswsosp.dll [MS], 1 C:\WINDOWS\SYSTEM\msafd.dll [MS], 2 - 4 C:\WINDOWS\SYSTEM\rsvpsp.dll [MS], 5 - 6 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars Dormant Explorer Bars in “View, Explorer Bar” menu HKLM\Software\Classes\CLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRAM FILES\NEOSTRADA TP\AUDIENCE\AUDIENCE.DLL” ["$"] HKLM\Software\Classes\CLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRAM FILES\NEOSTRADA TP\AUDIENCE\AUDIENCE.DLL” ["$"] HKLM\Software\Classes\CLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = “ToolBand Class” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRAM FILES\NEOSTRADA TP\AUDIENCE\AUDIENCE.DLL” ["$"] Miscellaneous IE Hijack Points ------------------------------ HKLM\Software\Microsoft\Internet Explorer\Version = (invalid data) The Internet Explorer version cannot be found! C:\WINDOWS\INF\IERESET.INF (used to “Reset Web Settings”) The contents of IERESET.INF cannot be reliably checked! Added lines (compared with English-language version): [strings]: START_PAGE_URL=“http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome” [strings]: MS_START_PAGE_URL=“http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome” Missing lines (compared with English-language version): [strings]: 2 lines HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ “{08C06D61-F1F3-4799-86F8-BE1A89362C85}” = (no title provided) -> {HKLM…CLSID} = “Search Class” \InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL” [","] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ PostScript Language Monitor\Driver = “PSMON.DLL” [MS] CN16Q6B0JHBH\Driver = “hpzpom03.dll” [“Hewlett-Packard Company”] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 18 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 9 seconds. ---------- (total run time: 44 seconds)

Złączono Posta : 25.08.2006 (Pią) 15:58

i jak

Myszak · 25 Sierpień 2006 14:04

Ja tu już nic nie widzę

Możesz jeszcze zrobić sobie skany ad-awerem, spybotem lub pestpatrolem.

Ale w logach nic nie widać.

michal.uszynski · 25 Sierpień 2006 14:06

ad-adware nadal to wykrywa: BPS SpywareRemover(Indeks TAC:3):92 łącznie referencji mam to teraz za jego pomocą usunąć

takie coś mi ad-adware pokazuje i tego jest ponad 90 jak narazie mam to w kwarantanie

kuz5 · 25 Sierpień 2006 19:09

Chłopie jeszcze raz zobacze bzdurne posty w twoim wykonaniu, od razu informuje cię że to bedzie ostatni post napisany na tym forum :evil:

A jak narazie otrzymujesz ostrzeżenie za otowanie w działach technicznych :evil: :evil:

michal.uszynski · 25 Sierpień 2006 19:34

kuz 5 ten post to do mnie czy do matio91