caesarpl
(Caesarpl)
29 Sierpień 2007 15:08
#1
Podczas skanowania dysku Avast Pro wykrył kilka trojanów i adware. Będę wdzięczny za sprawdzenie loga.
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:52:51, on 2007-08-29 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\SiteAdvisor\6066\SAService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Netia\Net\netianet.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\SiteAdvisor\6066\SiteAdv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [Windows Defender] “C:\Program Files\Windows Defender\MSASCui.exe” -hide O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” O4 - HKLM…\Run: [NETIANET] C:\Program Files\Netia\Net\netianet.exe -auto O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKLM…\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe O4 - HKLM…\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” O4 - HKCU…\Run: [EVEREST AutoStart] C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-19…\Run: [NETIANET] C:\Program Files\Netia\Net\netianet.exe (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll ,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab O17 - HKLM\System\CCS\Services\Tcpip…{5F8C4884-35D7-4024-9A48-7BADA990D633}: NameServer = 213.241.79.37 83.238.255.76 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe – End of file - 7395 bytes
Gutek
(Gutek)
29 Sierpień 2007 16:25
#2
możesz podać lokalizację?
Pobierz program SDFix
caesarpl
(Caesarpl)
29 Sierpień 2007 17:25
#3
“Win32:Adware-gen. [Adw]” has been found in “C:\DOCUME~1\Czarek\USTAWI~1\Temp\is-OC6MB.tmp\VVSNInst.exe” file.
“Win32:Adware-gen. [Adw]” has been found in “D:\System Volume Information_restore{224C1C11-5054-47AF-B336-038697661BCC}\RP31\A0003824.exe$INSTDIR\SetupDTSB.exe\VVSN.exe” file.
“Win32:Spyware-gen. [Trj]” has been found in “D:\System Volume Information_restore{224C1C11-5054-47AF-B336-038697661BCC}\RP31\A0003824.exe$INSTDIR\SetupDTSB.exe” file.
“Win32:Delf-FPB [Trj]” has been found in “D:\System Volume Information_restore{2DD5C9CA-F7A1-49D1-A403-88DB68F3100A}\RP136\A0024306.exe” file.
“Win32:Agent-AWB [Adw]” has been found in “D:\System Volume Information_restore{643C7979-3806-4E64-9284-EB6766F2F4AC}\RP78\A0010098.exe$INSTDIR\SetupDTSB.exe\DaemonTools_WhenUSave_Installer.exe” file.
“Win32:Trojan-gen. {VC}” has been found in “D:\System Volume Information_restore{B1633F4E-BB3E-4595-960D-630006BF56CD}\RP78\A0009178.exe” file.
“Win32:Agent-AWB [Adw]” has been found in “D:\System Volume Information_restore{F7B9112B-F65C-4481-8956-4F3531BC6BE7}\RP35\A0002759.exe$INSTDIR\SetupDTSB.exe\DaemonTools_WhenUSaveNow_Installer.exe” file.
“Win32:Adware-gen. [Adw]” has been found in “D:\System Volume Information_restore{F7B9112B-F65C-4481-8956-4F3531BC6BE7}\RP35\A0002759.exe$INSTDIR\SetupDTSB.exe” file.
“Win32:Agent-AWB [Adw]” has been found in “D:\System Volume Information_restore{F7B9112B-F65C-4481-8956-4F3531BC6BE7}\RP38\A0003292.exe$INSTDIR\SetupDTSB.exe\DaemonTools_WhenUSave_Installer.exe” file.
Log z SDFix:
SDFix: Version 1.100 Run by Czarek on 2007-08-29 at 19:07 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting… Normal Mode: Checking Files: No Trojan Files Found Removing Temp Files… ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll ,-22019" “C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook” “C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=“C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote” “D:\GRY\LP EC\LostPlanetDx9.exe”=“D:\GRY\LP EC\LostPlanetDx9.exe:*:Enabled:LostPlanetDx9” “C:\Program Files\Bit Lord 1.1\BitLord.exe”=“C:\Program Files\Bit Lord 1.1\BitLord.exe:*:Enabled:BitLord” “C:\Program Files\Gadu-Gadu\gg.exe”=“C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program g˘wny” “C:\Program Files\Tlen.pl\tlen.exe”=“C:\Program Files\Tlen.pl\tlen.exe:*:Enabled:Komunikator Tlen.pl” “%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll ,-20000" “C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe”=“C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup” “C:\Documents and Settings\Czarek\Ustawienia lokalne\Temp\Nero Web\SetupXu.exe”=“C:\Documents and Settings\Czarek\Ustawienia lokalne\Temp\Nero Web\SetupXu.exe:*:Enabled:Nero ProductSetup” “D:\GRY\Steam\Steam.exe”=“D:\GRY\Steam\Steam.exe:*:Enabled:Steam Client” “C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe”=“C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:PowerDVD” “D:\GRY\CM DIRT\DiRT.exe”=“D:\GRY\CM DIRT\DiRT.exe:*:Enabled:DiRT Executable” “D:\GRY\GRAW2\Ghost Recon Advanced Warfighter 2\graw2.exe”=“D:\GRY\GRAW2\Ghost Recon Advanced Warfighter 2\graw2.exe:*:Enabled:Ghost Recon Advanced WarfighterR 2” “D:\GRY\GRAW2\Ghost Recon Advanced Warfighter 2\graw2_dedicated.exe”=“D:\GRY\GRAW2\Ghost Recon Advanced Warfighter 2\graw2_dedicated.exe:*:Enabled:Ghost Recon Advanced WarfighterR 2 Dedicated Server” “D:\GRY\Steam\steamapps\szpakiewicz\counter-strike\hl.exe”=“D:\GRY\Steam\steamapps\szpakiewicz\counter-strike\hl.exe:*:Enabled:Half-Life Launcher” “D:\GRY\R6 VEGAS\Binaries\R6Vegas_Game.exe”=“D:\GRY\R6 VEGAS\Binaries\R6Vegas_Game.exe:*:Enabled:R6Vegas_Game” “D:\GRY\Instinct\instinct.exe”=“D:\GRY\Instinct\instinct.exe:*:Enabled:ds2main” “D:\GRY\Rainbow Six Vegas\Binaries\R6Vegas_Game.exe”=“D:\GRY\Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:*:Enabled:R6Vegas_Game” “D:\GRY\Steam\steamapps\szpakiewicz\counter-strike source\hl2.exe”=“D:\GRY\Steam\steamapps\szpakiewicz\counter-strike source\hl2.exe:*:Enabled:hl2” “C:\Program Files\Skype\Phone\Skype.exe”=“C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath " “D:\GRY\Test Drive Unlimited\TestDriveUnlimited.exe”=“D:\GRY\Test Drive Unlimited\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited” [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] “%windir%\system32\sessmgr.exe”=”%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll ,-22019" “%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll ,-20000" Remaining Files: --------------- Files with Hidden Attributes: C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp Finished
Log DSS:
Deckard’s System Scanner v20070826.66 Run by Czarek on 2007-08-29 19:12:53 Computer is in Normal Mode. -------------------------------------------------------------------------------- – HijackThis (run as Czarek.exe) ---------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:12:56, on 2007-08-29 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\SiteAdvisor\6066\SAService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Netia\Net\netianet.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\SiteAdvisor\6066\SiteAdv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Documents and Settings\Czarek\Pulpit\Firefox Download\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Czarek.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [Windows Defender] “C:\Program Files\Windows Defender\MSASCui.exe” -hide O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” O4 - HKLM…\Run: [NETIANET] C:\Program Files\Netia\Net\netianet.exe -auto O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKLM…\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe O4 - HKLM…\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” O4 - HKCU…\Run: [EVEREST AutoStart] C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-19…\Run: [NETIANET] C:\Program Files\Netia\Net\netianet.exe (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll ,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe – End of file - 7182 bytes – Files created between 2007-07-29 and 2007-08-29 ----------------------------- 2007-08-29 19:06:48 0 d-------- C:\WINDOWS\ERUNT 2007-08-29 16:41:59 0 d-------- C:\Program Files\Trend Micro 2007-08-29 11:54:49 163840 --a------ C:\WINDOWS\system32\unrar.dll 2007-08-29 11:54:47 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll http://www.helixcommunity.org ; Helix YV12 YUV Codec> 2007-08-29 11:54:47 282624 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-08-29 11:54:47 1559040 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-08-29 11:54:46 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-08-29 11:54:46 73728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-08-29 11:54:45 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-08-29 11:54:45 740442 --a------ C:\WINDOWS\system32\divx.dll 2007-08-29 11:54:43 0 d-------- C:\Program Files\K-Lite Codec Pack 2007-08-27 08:19:31 0 d-------- C:\WINDOWS\pss 2007-08-24 08:31:23 0 d-------- C:\Program Files\SiteAdvisor 2007-08-24 08:24:58 162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll 2007-08-24 08:24:58 77312 --a------ C:\WINDOWS\system32\ztvunace26.dll 2007-08-24 08:24:58 69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll 2007-08-24 08:24:58 153088 --a------ C:\WINDOWS\system32\UNRAR3.dll 2007-08-24 08:24:58 75264 --a------ C:\WINDOWS\system32\unacev2.dll 2007-08-24 08:24:55 0 d-------- C:\Program Files\Trojan Remover – Find3M Report --------------------------------------------------------------- 2007-08-29 16:41:16 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-29 11:56:14 0 d-------- C:\Documents and Settings\Czarek\Dane aplikacji\Media Player Classic 2007-08-29 11:54:43 0 d-------- C:\Documents and Settings\Czarek\Dane aplikacji\Real 2007-08-26 15:29:54 0 dr-h----- C:\Documents and Settings\Czarek\Dane aplikacji\SecuROM 2007-08-26 15:17:40 0 d-------- C:\Program Files\Common Files\InstallShield 2007-08-26 01:13:22 0 d-------- C:\Program Files\SpeedFan 2007-08-25 20:20:09 0 d-------- C:\Documents and Settings\Czarek\Dane aplikacji\InstallShield 2007-08-25 10:18:14 0 d-------- C:\Documents and Settings\Czarek\Dane aplikacji\Skype 2007-08-24 16:03:01 0 d–h----- C:\Program Files\InstallShield Installation Information 2007-08-24 08:56:36 0 d-------- C:\Program Files\AGEIA Technologies 2007-08-24 08:31:36 0 d-------- C:\Documents and Settings\Czarek\Dane aplikacji\SiteAdvisor 2007-08-24 08:24:55 0 d-------- C:\Documents and Settings\Czarek\Dane aplikacji\Simply Super Software 2007-08-24 08:21:14 0 d-------- C:\Program Files\Java 2007-07-14 20:27:29 0 d-------- C:\Program Files\Lavalys 2007-07-11 11:01:05 448004 --a------ C:\WINDOWS\system32\perfh015.dat 2007-07-11 11:01:05 74230 --a------ C:\WINDOWS\system32\perfc015.dat 2007-07-10 23:45:55 0 d-------- C:\Program Files\Winamp 2007-07-10 16:51:14 413696 --a------ C:\WINDOWS\system32\wrap_oal.dll 2007-07-10 16:51:14 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll 2007-07-10 16:51:14 0 d-------- C:\Program Files\OpenAL 2007-07-10 01:21:27 0 d-------- C:\Program Files\MarBit 2007-07-09 17:22:02 0 d-------- C:\Documents and Settings\Czarek\Dane aplikacji\Ace 2007-07-09 00:59:17 0 d-------- C:\Program Files\WinAVI Video Converter 2007-07-08 23:28:11 53248 --a------ C:\WINDOWS\system32\apache.dll 2007-07-07 12:48:21 0 d-------- C:\Program Files\Common Files 2007-07-06 19:33:32 0 d-------- C:\Documents and Settings\Czarek\Dane aplikacji\CyberLink 2007-07-05 17:55:08 0 d-------- C:\Program Files\Common Files\Logitech 2007-07-05 17:55:07 0 d-------- C:\Program Files\Logitech 2007-07-05 14:46:50 0 d-------- C:\Program Files\Common Files\Ahead 2007-07-04 20:08:26 0 d-------- C:\Documents and Settings\Czarek\Dane aplikacji\Apple Computer 2007-07-04 20:05:43 0 d-------- C:\Program Files\QuickTime 2007-07-04 18:04:12 0 d-------- C:\Program Files\Skype 2007-07-04 18:00:11 0 d-------- C:\Program Files\Common Files\Skype 2007-07-04 16:43:47 0 d-------- C:\Documents and Settings\Czarek\Dane aplikacji\Sun 2007-07-04 16:43:04 1277 --a------ C:\WINDOWS\mozver.dat 2007-07-04 16:40:49 0 d-------- C:\Program Files\Common Files\Java 2007-07-03 15:14:20 0 d-------- C:\Program Files\Windows Defender 2007-07-03 15:08:48 0 d-------- C:\Program Files\Windows Media Connect 2 2007-07-03 14:13:40 0 d-------- C:\Program Files\MSXML 4.0 2007-07-02 22:23:14 0 d-------- C:\Documents and Settings\Czarek\Dane aplikacji\Ahead 2007-07-02 19:56:29 0 d-------- C:\Program Files\CyberLink 2007-07-02 19:47:51 0 d-------- C:\Program Files\Nero 2007-07-02 19:41:33 0 d-------- C:\Documents and Settings\Czarek\Dane aplikacji\Tlen.pl 2007-07-02 19:40:51 0 d-------- C:\Program Files\Tlen.pl 2007-07-02 19:35:14 0 d-------- C:\Program Files\Common Files\DirectX 2007-07-02 19:27:53 0 d-------- C:\Documents and Settings\Czarek\Dane aplikacji\Gadu-Gadu 2007-07-02 19:27:02 0 d-------- C:\Program Files\Gadu-Gadu 2007-07-02 18:53:07 0 d-------- C:\Program Files\Common Files\ODBC 2007-07-02 18:53:04 0 d-------- C:\Program Files\Common Files\SpeechEngines 2007-07-02 18:52:38 62 --ahs---- C:\Documents and Settings\Czarek\Dane aplikacji\desktop.ini 2007-07-02 18:43:46 0 d-------- C:\Program Files\Bit Lord 1.1 2007-07-02 18:38:59 0 d-------- C:\Documents and Settings\Czarek\Dane aplikacji\Macromedia 2007-07-02 18:30:43 0 d-------- C:\Program Files\Messenger 2007-07-02 17:45:00 0 d-------- C:\Documents and Settings\Czarek\Dane aplikacji\Adobe 2007-07-02 17:44:17 0 d-------- C:\Program Files\Common Files\Adobe 2007-07-02 17:35:57 0 d-------- C:\Program Files\Alwil Software 2007-07-02 17:30:22 0 d-------- C:\Documents and Settings\Czarek\Dane aplikacji\Talkback 2007-07-02 17:30:18 0 --a------ C:\WINDOWS\nsreg.dat 2007-07-02 17:30:17 0 d-------- C:\Documents and Settings\Czarek\Dane aplikacji\Mozilla 2007-07-02 17:28:44 0 d-------- C:\Program Files\Netia 2007-07-02 17:26:30 0 d-------- C:\Program Files\Microsoft Works 2007-07-02 17:26:26 0 d-------- C:\Program Files\MSBuild 2007-07-02 17:22:41 0 d-------- C:\Program Files\DAEMON Tools 2007-07-02 17:17:02 0 d-------- C:\Program Files\SAGEM 2007-07-02 17:10:07 0 d-------- C:\Program Files\Realtek AC97 2007-07-02 17:06:05 0 d-------- C:\Documents and Settings\Czarek\Dane aplikacji\Identities 2007-07-02 17:01:54 0 d-------- C:\Program Files\microsoft frontpage 2007-07-02 17:01:49 0 -rahs---- C:\MSDOS.SYS 2007-07-02 17:01:49 0 -rahs---- C:\IO.SYS 2007-07-02 17:01:49 0 --a------ C:\CONFIG.SYS 2007-07-02 17:01:49 0 --a------ C:\AUTOEXEC.BAT 2007-07-02 17:00:53 0 d–h----- C:\Program Files\WindowsUpdate 2007-07-02 17:00:50 0 d-------- C:\Program Files\Usługi online 2007-07-02 16:59:54 0 d-------- C:\Program Files\Common Files\MSSoap 2007-07-02 16:59:44 0 d-------- C:\Program Files\Movie Maker 2007-07-02 16:59:14 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat 2007-07-02 16:58:35 0 d-------- C:\Program Files\MSN Gaming Zone 2007-07-02 16:58:24 0 d-------- C:\Program Files\Windows NT – Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SoundMan”=“SOUNDMAN.EXE” [2007-04-16 15:28 C:\WINDOWS\soundman.exe] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-04-19 13:26] “nwiz”=“nwiz.exe” [2007-04-19 13:26 C:\WINDOWS\system32\nwiz.exe] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-07-28 00:03] “Windows Defender”=“C:\Program Files\Windows Defender\MSASCui.exe” [2006-11-03 19:20] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [2007-07-12 04:00] “NETIANET”=“C:\Program Files\Netia\Net\netianet.exe” [2007-07-09 16:37] “NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2007-04-19 13:26] “TrojanScanner”=“C:\Program Files\Trojan Remover\Trjscan.exe” [2007-08-07 13:02] “SiteAdvisor”=“C:\Program Files\SiteAdvisor\6066\SiteAdv.exe” [2007-03-30 17:42] “Ad-Watch”=“C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe” [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 14:00] “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2007-06-27 19:03] “Steam”="" [] “EVEREST AutoStart”=“C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe” [2007-04-05 00:00] [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “NETIANET”=C:\Program Files\Netia\Net\netianet.exe “DWQueuedReporting”=“C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” -t C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-07-02 17:17:06] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] “C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] AutoRun\command- E:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{4e4df153-28ba-11dc-8a48-806d6172696f}] AutoRun\command- E:\Autorun.exe *Newly Created Service* - EVERESTDRIVER – End of Deckard’s System Scanner: finished at 2007-08-29 19:13:16 ------------
Gutek
(Gutek)
29 Sierpień 2007 17:48
#4
Otwórz Notatnik i wklej w nim to:
Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.
Optymalizacja XP: http://forum.dobreprogramy.pl/viewtopic.php?t=76580 + optymalizacja Autostartu
Czyszczenie rejestru:
RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177
możesz rejestr przelecieć albo
jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509
Opis RegCleaner - http://www.agavk.p9.pl/strony/progra_regcleaner.php
Zobacz - Obsługa jv16 PowerTools