Avast! + Log


(Kpr2877) #1

Witam,

mam problem z avastem, mianowicie AVAST! pokazuje wirusy (:?) przy plikach, które nie są zarażone.

Wykrywa nawet program "dzieńdobry!" i inne jako WIN32:Jeefo.

Pojawia się to w osłonie rezydenta (czy jakoś tam) te "wirusy".

pomiżej zamieszczam linki do screenów:

Bardzo proszę o odpowiedź.

Z góry dziękuję :slight_smile:


(Kabul91) #2

zdarza mu sie. nie przejmuj się ale jak wykryje jakiś nieznany plik to nie ignoruj go


(Asterisk) #3

A co to ma do rzeczy - jako OT ===::> Kosmos


(Kuz5) #4

Wklej loga HijackThis


(Kpr2877) #5

Proszę bardzo:

Logfile of HijackThis v1.99.1

Scan saved at 21:57:06, on 2003-12-22

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\cisvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\oodag.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe

C:\WINDOWS\svchost.exe

C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Nero\Nero 7\InCD\InCD.exe

C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\V-Stream Multimedia\PVR Plus\TVR\Scheduled.exe

C:\Program Files\SurfAccuracy\SAcc.exe

C:\WINDOWS\system32\usrbridg.exe

C:\Program Files\D-Tools\daemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Tlen.pl\tlen.exe

C:\program files\voipcheap\voipcheap.exe

C:\Program Files\NetPanel\NetPanel.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\PROGRA~1\GADU-G~1\gg.exe

C:\PROGRA~1\MICROS~4\rapimgr.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Google\Google Updater\1.0.384.22153\GoogleUpdater.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program Files\KWorld Multimedia\PVR-TV 713X Utilities\P3XRCtl.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\ScanPanel\ScnPanel.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe

H:\start.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\AntiVirenKit\AVKPOP.EXE

C:\Program Files\AntiVirenKit\AVKWCtl.exe

C:\Program Files\AntiVirenKit\AVKService.exe

C:\WINDOWS\SYSTEM32\cidaemon.exe

C:\Program Files\Outlook Express\msimn.exe

C:\PROGRA~1\FlashGet\flashget.exe

C:\hijackthis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = NOT USED (OK)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = NOT USED (OK)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = NOT USED (OK)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = NOT USED (OK)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = NOT USED (OK)

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = NOT USED (OK)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Witaj Krzysiu w Hil-Net

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\NetPanel\IEHelper.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [eDonkey2000] "C:\Program Files\eDonkey2000\edonkey2000_.EXE" -t

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe

O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause

O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s /r 

O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [PVR Agent] C:\Program Files\V-Stream Multimedia\PVR Plus\TVR\Scheduled.exe

O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe

O4 - HKLM\..\Run: [NetPanel] "C:\Program Files\NetPanel\Starter.exe" /path="C:\Program Files\NetPanel"

O4 - HKLM\..\Run: [Overnet] C:\Program Files\Overnets\Overnet.exe -t

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [AVK Mail Checker] "C:\Program Files\AntiVirenKit\AVKPOP.EXE"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU\..\Run: [VoipCheap] "C:\program files\voipcheap\voipcheap.exe" -nosplash -minimized

O4 - HKCU\..\Run: [Dzieńdobry!] C:\Program Files\VSD Software\Dzieńdobry!\dziendobry.exe /auto

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized

O4 - HKCU\..\Run: [Steam] "c:\progra~1\steam\steam.ex" -silent

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRA~1\GADU-G~1\gg.exe" /tray

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Gadu-Gadu.lnk = C:\Program Files\Gadu-Gadu\gg.exe

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\1.0.384.22153\GoogleUpdater.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Remote Control.lnk = C:\Program Files\KWorld Multimedia\PVR-TV 713X Utilities\P3XRCtl.exe

O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe

O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\V-Stream Multimedia\TV713X Utilities\P3XRCtl.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Add to &Teleport - C:\Program Files\Teleport Pro\teleport.htm

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm

O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra 'Tools' menuitem: Utwórz łącze Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab

O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab

O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) - http://poczta.wp.pl/d605/mailcfg.ocx

O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} (GWebInstallControl Object) - http://megapanel.gem.pl/WebInstaller.dll

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/180solutions/ie/bridge-c567.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB

O17 - HKLM\System\CCS\Services\Tcpip\..\{EB52A0DB-BC50-4C4C-A0C8-5584AD57F83E}: NameServer = 194.204.159.1,80.50.50.50

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Program Files\AntiVirenKit\AVKService.exe

O23 - Service: Strażnik AVK (AVKWCtl) - Unknown owner - C:\Program Files\AntiVirenKit\AVKWCtl.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: IrBridge User-Level Interface (USRBRIDG) - Extended Systems, Inc. - C:\WINDOWS\system32\usrbridg.exe

Tylko teraz mam jedna niewiadomą:

który wpis mam usunąć?


(Gutek) #6
  1. Wyłączyć Przywracanie systemu w XP TU

  2. Zastartować do trybu awaryjnego bez internetu(opis w linku wyżej).

  3. Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte.

  4. Skasować z dysku pliki i foldery, które podkreśliłem na czerwono

  5. Dokończyć skanerami online - Scanery do wyboru

  6. Pokazać nowy log :stuck_out_tongue:


(Kpr2877) #7

Zrobiłem dokładnie wszystko, poniżej zamieszczam loga hijacka po wykonaniu w/w czynnności:

Logfile of HijackThis v1.99.1

Scan saved at 07:54:43, on 2003-12-23

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AntiVirenKit\AVKService.exe

C:\Program Files\AntiVirenKit\AVKWCtl.exe

C:\WINDOWS\System32\cisvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\usrbridg.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\eDonkey2000\edonkey2000_.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe

C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Nero\Nero 7\InCD\InCD.exe

C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\V-Stream Multimedia\PVR Plus\TVR\Scheduled.exe

C:\Program Files\Overnets\Overnet.exe

C:\Program Files\D-Tools\daemon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\NetPanel\NetPanel.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program Files\AntiVirenKit\AVKPOP.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Tlen.pl\tlen.exe

C:\program files\voipcheap\voipcheap.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\PROGRA~1\GADU-G~1\gg.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Google\Google Updater\1.0.384.22153\GoogleUpdater.exe

C:\PROGRA~1\MICROS~4\rapimgr.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe

C:\Program Files\KWorld Multimedia\PVR-TV 713X Utilities\P3XRCtl.exe

C:\ScanPanel\ScnPanel.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Outlook Express\msimn.exe

C:\hijackthis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = NOT USED (OK)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = NOT USED (OK)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = NOT USED (OK)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = NOT USED (OK)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = NOT USED (OK)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = NOT USED (OK)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Witaj Krzysiu w Hil-Net

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\NetPanel\IEHelper.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [eDonkey2000] "C:\Program Files\eDonkey2000\edonkey2000_.EXE" -t

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe

O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause

O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [PVR Agent] C:\Program Files\V-Stream Multimedia\PVR Plus\TVR\Scheduled.exe

O4 - HKLM\..\Run: [NetPanel] "C:\Program Files\NetPanel\Starter.exe" /path="C:\Program Files\NetPanel"

O4 - HKLM\..\Run: [Overnet] C:\Program Files\Overnets\Overnet.exe -t

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [AVK Mail Checker] "C:\Program Files\AntiVirenKit\AVKPOP.EXE"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU\..\Run: [VoipCheap] "C:\program files\voipcheap\voipcheap.exe" -nosplash -minimized

O4 - HKCU\..\Run: [Dzieńdobry!] C:\Program Files\VSD Software\Dzieńdobry!\dziendobry.exe /auto

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized

O4 - HKCU\..\Run: [Steam] "c:\progra~1\steam\steam.ex" -silent

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRA~1\GADU-G~1\gg.exe" /tray

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Gadu-Gadu.lnk = C:\Program Files\Gadu-Gadu\gg.exe

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\1.0.384.22153\GoogleUpdater.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Remote Control.lnk = C:\Program Files\KWorld Multimedia\PVR-TV 713X Utilities\P3XRCtl.exe

O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe

O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\V-Stream Multimedia\TV713X Utilities\P3XRCtl.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Add to &Teleport - C:\Program Files\Teleport Pro\teleport.htm

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm

O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra 'Tools' menuitem: Utwórz łącze Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab

O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab

O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) - http://poczta.wp.pl/d605/mailcfg.ocx

O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} (GWebInstallControl Object) - http://megapanel.gem.pl/WebInstaller.dll

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/180solutions/ie/bridge-c567.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB

O17 - HKLM\System\CCS\Services\Tcpip\..\{EB52A0DB-BC50-4C4C-A0C8-5584AD57F83E}: NameServer = 194.204.159.1,80.50.50.50

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Program Files\AntiVirenKit\AVKService.exe

O23 - Service: Strażnik AVK (AVKWCtl) - Unknown owner - C:\Program Files\AntiVirenKit\AVKWCtl.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: IrBridge User-Level Interface (USRBRIDG) - Extended Systems, Inc. - C:\WINDOWS\system32\usrbridg.exe

(Jacolok) #8

Zostało jeszcze tego cała masa

A to instrukcja skasowania w/w wpisów

Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte oczywiście wszystko zrób w trybie awaryjnym.


A teraz instrukcja skasowania w/w wpisu

Start => Uruchom => wpisz services.msc => zatrzymaj i wyłącz proces Power Manager następnie odpalasz HijackThis Misc Tools => Delete NT service => wpisz PowerManager => Ok i zresetuj komputer.


Po zakończeniu powyższych dwóch działań

Po wszystkim nowy log


Uzupełniłem

Asterisk


(Kpr2877) #9

Ale dokładnie co mam usunąć ?? :frowning:


(Asterisk) #10

Wszystko co napisał jacolok

PS

Przeczytaj uważnie raz jeszcze - łącznie z moimi dopiskami


(Kuz5) #11

Dodatkowo usun jeszcze to:

Folder na czerwono usun ręcznie z dysku

Kosmetyka:

Start=>Uruchom=>Wpisz polecenie msconfig=>Zakładka Uruchamianie i odchacz:

Panel sterowania => Java Plug-in => Update => odptaszkuj Check for updates automatically


(Kpr2877) #12

W tym problem, że nie mogę usunąć tej usługi, gdyż hijackThis wskazuje, iż ten program to usługa systemowa i nie można jej usunąć. :frowning: :?


(Musg) #13

tak sobie wyłacz:

Start >>> Uruchom >>> cmd i wklep zestaw komend:

sc stop PowerManager

sc delete PowerManager


(Kpr2877) #14

dzięki pomogło z tym usuwaniem usługi, ale jednak i tak avast pokazuje te niby"wirusy" :frowning:

PS. NetPanel to nie jest wirus, to program który instaluje sie przy wypełnianiu ankiety firmy Genius.

Aha i jeszcze jedno

1.Bardzo często pojawia mi się o to taki komunikat:

avasta4hv.th.jpg

Nie wiem czy przypadkiem nie jest to związane z avastem?

  1. dostaję dziwne maile od nieznanych ludzi, a te maile są całkowicie puste. Jedynie w temcie pisze: hey ysiulec.

(Jacolok) #15

To daj jeszcze raz loga z HijacThis i daj log z Silent opis: http://www.searchengines.pl/phpbb203/in … opic=15989


(Kpr2877) #16

Proszę bardzo:

log z hijacka:

Logfile of HijackThis v1.99.1

Scan saved at 10:27:06, on 2006-02-01

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AntiVirenKit\AVKService.exe

C:\Program Files\AntiVirenKit\AVKWCtl.exe

C:\WINDOWS\System32\cisvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\oodag.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\usrbridg.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe

C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Nero\Nero 7\InCD\InCD.exe

C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\V-Stream Multimedia\PVR Plus\TVR\Scheduled.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\AntiVirenKit\AVKPOP.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\program files\voipcheap\voipcheap.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Google\Google Updater\1.0.384.22153\GoogleUpdater.exe

C:\PROGRA~1\MICROS~4\rapimgr.exe

C:\Program Files\KWorld Multimedia\PVR-TV 713X Utilities\P3XRCtl.exe

C:\ScanPanel\ScnPanel.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe

C:\WINDOWS\SYSTEM32\cidaemon.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\hijackthis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = NOT USED (OK)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = NOT USED (OK)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = NOT USED (OK)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = NOT USED (OK)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = NOT USED (OK)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = NOT USED (OK)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Witaj Krzysiu w Hil-Net

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [eDonkey2000] "C:\Program Files\eDonkey2000\edonkey2000_.EXE" -t

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe

O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause

O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [PVR Agent] C:\Program Files\V-Stream Multimedia\PVR Plus\TVR\Scheduled.exe

O4 - HKLM\..\Run: [Overnet] C:\Program Files\Overnets\Overnet.exe -t

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [AVK Mail Checker] "C:\Program Files\AntiVirenKit\AVKPOP.EXE"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU\..\Run: [VoipCheap] "C:\program files\voipcheap\voipcheap.exe" -nosplash -minimized

O4 - HKCU\..\Run: [Dzieńdobry!] C:\Program Files\VSD Software\Dzieńdobry!\dziendobry.exe /auto

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized

O4 - HKCU\..\Run: [Steam] "c:\progra~1\steam\steam.ex" -silent

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRA~1\GADU-G~1\gg.exe" /tray

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Gadu-Gadu.lnk = C:\Program Files\Gadu-Gadu\gg.exe

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\1.0.384.22153\GoogleUpdater.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Remote Control.lnk = C:\Program Files\KWorld Multimedia\PVR-TV 713X Utilities\P3XRCtl.exe

O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe

O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\V-Stream Multimedia\TV713X Utilities\P3XRCtl.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Add to &Teleport - C:\Program Files\Teleport Pro\teleport.htm

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm

O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra 'Tools' menuitem: Utwórz łącze Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab

O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab

O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) - http://poczta.wp.pl/d605/mailcfg.ocx

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} (GWebInstallControl Object) - http://megapanel.gem.pl/WebInstaller.dll

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{EB52A0DB-BC50-4C4C-A0C8-5584AD57F83E}: NameServer = 194.204.159.1,80.50.50.50

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Program Files\AntiVirenKit\AVKService.exe

O23 - Service: Strażnik AVK (AVKWCtl) - Unknown owner - C:\Program Files\AntiVirenKit\AVKWCtl.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: IrBridge User-Level Interface (USRBRIDG) - Extended Systems, Inc. - C:\WINDOWS\system32\usrbridg.exe

oraz z silenta:

"Silent Runners.vbs", revision 43, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

"Komunikator" = "C:\Program Files\Tlen.pl\tlen.exe" [null data]

"VoipCheap" = ""C:\program files\voipcheap\voipcheap.exe" -nosplash -minimized" ["VoipCheap"]

"Dzieńdobry!" = "C:\Program Files\VSD Software\Dzieńdobry!\dziendobry.exe /auto" ["VSD Software"]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"" ["Nero AG"]

"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]

"VoipStunt" = ""C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized" ["VoipStunt"]

"Steam" = ""c:\progra~1\steam\steam.ex" -silent" [file not found]

"H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\wcescomm.exe"" [MS]

"Gadu-Gadu" = ""C:\PROGRA~1\GADU-G~1\gg.exe" /tray" ["Gadu-Gadu Sp. z oo"]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]

"eDonkey2000" = ""C:\Program Files\eDonkey2000\edonkey2000_.EXE" -t" [null data]

"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]

"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe" ["HP"]

"BearShare" = ""C:\Program Files\BearShare\BearShare.exe" /pause" [file not found]

"Ulead AutoDetector v2" = "C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" ["Ulead Systems, Inc."]

"RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]

"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"InCD" = "C:\Program Files\Nero\Nero 7\InCD\InCD.exe" ["Nero AG"]

"WinDVR SchSvr" = ""C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"" ["InterVideo Inc."]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

"Google Desktop Search" = ""C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup" [null data]

"Picasa Media Detector" = "C:\Program Files\Picasa2\PicasaMediaDetector.exe" ["Google Inc."]

"PVR Agent" = "C:\Program Files\V-Stream Multimedia\PVR Plus\TVR\Scheduled.exe" [empty string]

"Overnet" = "C:\Program Files\Overnets\Overnet.exe -t" [empty string]

"DAEMON Tools-1033" = ""C:\Program Files\D-Tools\daemon.exe" -lang 1033" ["DAEMON'S HOME"]

"AVK Mail Checker" = ""C:\Program Files\AntiVirenKit\AVKPOP.EXE"" ["G DATA Software AG"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = "Yahoo! Companion BHO" [from CLSID]

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll" ["Yahoo! Inc."]

{A5366673-E8CA-11D3-9CD9-0090271D075B}\(Default) = "IeCatch2 Class" [from CLSID]

  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\jccatch.dll" ["Amaze Soft"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{ED65AC21-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens Device"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Mobile Phone Manager\DES\DESShellExt.dll" [null data]

"{ED65AC22-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens Device ContextMenuHandler"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Mobile Phone Manager\DES\DESShellExt.dll" [null data]

"{ED65AC23-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens SX1 PropertySheetHandler"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Mobile Phone Manager\DES\DESShellExt.dll" [null data]

"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{48EAD1E1-ECF2-4a85-AA09-1C44FBEED451}" = "OODefrag"

  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\OOSOFT~1\DEFRAG~1\oodsh.dll" ["O&O Software GmbH"]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]

"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]

"{E0F285E1-A9F2-4D36-8C30-B706D3FCCEE7}" = (no title provided)

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nkwrssk.dll" [null data]

"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Uniwersalne urządzenia Plug and Play"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]

"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]

"{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device"

  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Wcesview.dll" [MS]

"{FED7043D-346A-414D-ACD7-550D052499A7}" = "dBpowerAMP Music Converter 1"

  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ILLUST~1\DBPOWE~1\dBShell.dll" [empty string]

"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpowerAMP Music Converter"

  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ILLUST~1\DBPOWE~1\dMCShell.dll" [empty string]

"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"

  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]

"{EAE3D640-0259-11d1-9AE0-FB63935FB67D}" = "ZX Spectrum Emulator Shell Extension"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ZX Spectrum Emulator\zx32sx.dll" ["$"]


HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\

INFECTION WARNING! "AppInit_DLLs" = "C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL" [null data]


HKLM\System\CurrentControlSet\Control\Session Manager\

INFECTION WARNING! "BootExecute" = "autocheck autochk * OODBS" [file not found], [MS], [file not found], [file not found]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

AVK9CM\(Default) = "{CAF4C320-32F5-11D3-A222-004095200FF2}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AntiVirenKit\ShellExt.dll" [empty string]

OODefrag\(Default) = "{48EAD1E1-ECF2-4a85-AA09-1C44FBEED451}"

  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\OOSOFT~1\DEFRAG~1\oodsh.dll" ["O&O Software GmbH"]

UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

AVK9CM\(Default) = "{CAF4C320-32F5-11D3-A222-004095200FF2}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AntiVirenKit\ShellExt.dll" [empty string]

FineReader8\(Default) = "{F7091C74-EBB1-49D7-94C7-FE4886CCC18D}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ABBYY FineReader 8.0 Professional Edition\FECMenu.dll" ["ABBYY Software"]

OODefrag\(Default) = "{48EAD1E1-ECF2-4a85-AA09-1C44FBEED451}"

  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\OOSOFT~1\DEFRAG~1\oodsh.dll" ["O&O Software GmbH"]

UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



Group Policies [Description] {enabled Group Policy setting}:

------------------------------------------------------------


HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\

HIJACK WARNING! "HomePage"=dword:00000001 

[disables the Home page field in Internet Options|General (tab)]

{User Configuration|Administrative Templates|Windows Components|

Internet Explorer|Disable changing home page settings}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]



Startup items in "Administrator" & "All Users" startup folders:

---------------------------------------------------------------


C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart

"Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]

"Gadu-Gadu" -> shortcut to: "C:\Program Files\Gadu-Gadu\gg.exe" ["Gadu-Gadu Sp. z oo"]

"Google Updater" -> shortcut to: "C:\Program Files\Google\Google Updater\1.0.384.22153\GoogleUpdater.exe -systray -startup" [null data]

"InterVideo WinCinema Manager" -> shortcut to: "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" [empty string]

"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]

"Remote Control" -> shortcut to: "C:\Program Files\KWorld Multimedia\PVR-TV 713X Utilities\P3XRCtl.exe" [empty string]

"ScanPanel" -> shortcut to: "C:\ScanPanel\ScnPanel.exe" [empty string]

"TV Remote Control" -> shortcut to: "C:\Program Files\V-Stream Multimedia\TV713X Utilities\P3XRCtl.exe" ["Kworld Computer Co., Ltd."]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 14

%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]

  -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]


HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]

  -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]


"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "&Yahoo! Companion" [from CLSID]

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll" ["Yahoo! Inc."]


HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]

  -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]


"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "&Yahoo! Companion" [from CLSID]

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll" ["Yahoo! Inc."]


Explorer Bars


Dormant Explorer Bars in "View, Explorer Bar" menu


HKLM\Software\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\ = "SideFind"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\Program Files\SideFind\sidefind.dll" [file not found]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]


{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\

"ButtonText" = "Create Mobile Favorite"

"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"

  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\INetRepl.dll" [MS]


{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\

"MenuText" = "Utwórz łącze Ulubione dla urządzenia przenośnego..."

"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"

  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\INetRepl.dll" [MS]


{36ECAF82-3300-8F84-092E-AFF36D6C7040}\

"ButtonText" = "Run WinHTTrack"

"MenuText" = "Launch WinHTTrack"

"CLSIDExtension" = "{86529161-034E-4F8A-88D2-3C625E612E04}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll" [null data]


{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\

"ButtonText" = "FlashGet"

"MenuText" = "&FlashGet"

"Exec" = "C:\PROGRA~1\FlashGet\flashget.exe" ["Amaze Soft"]


{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


AVK Service, AVKService, "C:\Program Files\AntiVirenKit\AVKService.exe" [empty string]

InCD Helper, InCDsrv, "C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe" ["Nero AG"]

IrBridge User-Level Interface, USRBRIDG, "C:\WINDOWS\system32\usrbridg.exe" ["Extended Systems, Inc."]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

O&O Defrag, O&O Defrag, "C:\WINDOWS\system32\oodag.exe" ["O&O Software GmbH"]

Strażnik AVK, AVKWCtl, "C:\Program Files\AntiVirenKit\AVKWCtl.exe" [empty string]

Ulead Burning Helper, UleadBurningHelper, "C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe" ["Ulead Systems, Inc."]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

hpzlnt06\Driver = "hpzlnt06.dll" ["HP"]



----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 121 seconds.

+ The search for all Registry CLSIDs containing dormant Explorer Bars

  took 50 seconds.

---------- (total run time: 209 seconds)

(Gutek) #17

Ja nic nie widzę oprócz przeładowanego autostartu :mrgreen:

Tylko: Proszę otworzyć edytor rejestru Start >>> Uruchom >>> regedit i przejść do klucza HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager Tam kliknąć podwójnie na wartość BootExecute i z okienka usunąć wszystko z wyjątkiem autocheck autochk *.


(Kpr2877) #18

A jeżeli można spytać co daje to wykasowanie wszystkiego oprócz aut…?

bo tam było tylko “OO…” cos tam.


(Gutek) #19

Poprawi pracę - a tam ma nic nie być - na szybkiego odpowiadam :mrgreen:


(Musg) #20

Jeszcze to jest problem :smiley: :smiley: Na szybko odpowiadam :mrgreen: :mrgreen: