Avast wykrywa wirusy ale ich nie usuwa


(matiit) #1

Jak w temacie

(Log i problem kumpla kumpla)

# Logfile of HijackThis v1.99.1

# Scan saved at 19:22:36, on 2007-04-05

# Platform: Windows XP (WinNT 5.01.2600)

# MSIE: Internet Explorer v6.00 (6.00.2600.0000)

#  

# Running processes:

# C:\WINDOWS\System32\smss.exe

# C:\WINDOWS\system32\winlogon.exe

# C:\WINDOWS\system32\services.exe

# C:\WINDOWS\system32\lsass.exe

# C:\WINDOWS\system32\svchost.exe

# C:\WINDOWS\System32\svchost.exe

# C:\WINDOWS\system32\spoolsv.exe

# C:\WINDOWS\Explorer.EXE

# C:\WINDOWS\System32\svchost.exe

# C:\WINDOWS\soundman.exe

# C:\WINDOWS\System32\RUNDLL32.EXE

# C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

# C:\PROGRA~1\NEOSTR~1\CnxMon.exe

# C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

# C:\windows\system32\uvnx.exe

# C:\WINDOWS\System32\ctfmon.exe

# C:\PROGRA~1\WapSter\AQQ\AQQ.exe

# C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

# C:\FRAPS\FRAPS.EXE

# C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

# C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

# C:\WINDOWS\ATKKBService.exe

# C:\Program Files\Alwil Software\Avast4\ashServ.exe

# C:\PROGRA~1\CACHEM~1\CachemanXP.exe

# C:\WINDOWS\System32\nvsvc32.exe

# C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

# C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe

# C:\PROGRA~1\NEOSTR~1\ComComp.exe

# C:\PROGRA~1\NEOSTR~1\Watch.exe

# C:\Documents and Settings\Admin.KACZMARE-VUAW0L\Pulpit\HijackThis.exe

#  

# R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

# R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

# R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

# R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

# O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

# O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

# O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

# O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

# O4 - HKLM\..\Run: [SoundMan] soundman.exe

# O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

# O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

# O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

# O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP

# O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

# O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

# O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

# O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

# O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

# O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

# O4 - HKLM\..\Run: [uvnx] c:\windows\system32\uvnx.exe

# O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

# O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

# O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\WapSter\AQQ\AQQ.exe

# O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

# O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE

# O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

# O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

# O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

# O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

# O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

# O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

# O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

# O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

# O17 - HKLM\System\CCS\Services\Tcpip\..\{ED1847A0-A773-4D42-9026-ED489558CFF7}: NameServer = 194.204.159.1 217.98.63.164

# O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll

# O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

# O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

# O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

# O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

# O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe

# O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

# O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

# O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

(adam9870) #2

Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (wszystkie znaczki maja być na zielono, jeżeli któryś z nich będzie na żółto to go zostaw). Po użyciu narzędzia wymagany jest restart.

Ściągasz program KillBox, zaznaczasz Delete on reboot , w polu full path of file wklej ścieżki:

c:\windows\system32\uvnx.exe

C:\WINDOWS\System32\rpcc.dll

Po wklejeniu każdej ścieżki z osobna klikasz na czerwonego iksa, ale dopiero po wklejeniu ostatniej zgadzasz się na restart.

Usuń wpisy HJT.

Po wykonaniu proszę pokazać nowy log z HijackThis plus z SilentRunners.


(matiit) #3
# Logfile of HijackThis v1.99.1

# Scan saved at 20:37:47, on 2007-04-05

# Platform: Windows XP (WinNT 5.01.2600)

# MSIE: Internet Explorer v6.00 (6.00.2600.0000)

#  

# Running processes:

# C:\WINDOWS\System32\smss.exe

# C:\WINDOWS\system32\winlogon.exe

# C:\WINDOWS\system32\services.exe

# C:\WINDOWS\system32\lsass.exe

# C:\WINDOWS\system32\svchost.exe

# C:\WINDOWS\System32\svchost.exe

# C:\WINDOWS\system32\spoolsv.exe

# C:\WINDOWS\Explorer.EXE

# C:\WINDOWS\soundman.exe

# C:\WINDOWS\System32\RUNDLL32.EXE

# C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

# C:\PROGRA~1\NEOSTR~1\CnxMon.exe

# C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

# C:\WINDOWS\System32\ctfmon.exe

# C:\PROGRA~1\WapSter\AQQ\AQQ.exe

# C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

# C:\FRAPS\FRAPS.EXE

# C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

# C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

# C:\WINDOWS\ATKKBService.exe

# C:\Program Files\Alwil Software\Avast4\ashServ.exe

# C:\PROGRA~1\CACHEM~1\CachemanXP.exe

# C:\WINDOWS\System32\nvsvc32.exe

# C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

# C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe

# C:\PROGRA~1\NEOSTR~1\ComComp.exe

# C:\PROGRA~1\NEOSTR~1\Watch.exe

# C:\Documents and Settings\Admin.KACZMARE-VUAW0L\Pulpit\HijackThis.exe

#  

# R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

# R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

# R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

# R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

# O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

# O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

# O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

# O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

# O4 - HKLM\..\Run: [SoundMan] soundman.exe

# O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

# O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

# O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

# O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP

# O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

# O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

# O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

# O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

# O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

# O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

# O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

# O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\WapSter\AQQ\AQQ.exe

# O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

# O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE

# O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

# O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

# O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

# O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

# O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

# O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

# O17 - HKLM\System\CCS\Services\Tcpip\..\{ED1847A0-A773-4D42-9026-ED489558CFF7}: NameServer = 194.204.159.1 217.98.63.164

# O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

# O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

# O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

# O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

# O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe

# O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

# O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

# O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

#

# "Silent Runners.vbs", revision R50, http://www.silentrunners.org/

# Operating System: Windows XP

# Output limited to non-default values, except where indicated by "{++}"

#  

#  

# Startup items buried in registry:

# ---------------------------------

#  

# HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

# "CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]

# "AQQ" = "C:\PROGRA~1\WapSter\AQQ\AQQ.exe" ["AQQ Sp. z o.o."]

# "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"]

# "Fraps" = "C:\FRAPS\FRAPS.EXE" ["Beepa P/L"]

#  

# HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

# "SoundMan" = "soundman.exe" ["Avance Logic, Inc."]

# "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]

# "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

# "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]

# "DownloadAccelerator" = ""C:\Program Files\DAP\DAP.EXE" /STARTUP" ["Speedbit Ltd."]

# "DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]

# "avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]

# "NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"]

# "WooCnxMon" = "C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [empty string]

# "WOOWATCH" = "C:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"]

# "WOOTASKBARICON" = "C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" ["France Télécom R&D"]

#  

# HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

# {02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)

# -> {HKLM...CLSID} = "Yahoo! Toolbar Helper"

# \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

# {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

# -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

# \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

#  

# HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

# "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

# -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

# \InProcServer32\(Default) = "deskpan.dll" [file not found]

# "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

# -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

# \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

# "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

# -> {HKLM...CLSID} = "DesktopContext Class"

# \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]

# "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

# -> {HKLM...CLSID} = "NVIDIA CPL Extension"

# \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]

# "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

# -> {HKLM...CLSID} = "Desktop Explorer"

# \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

# "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

# -> {HKLM...CLSID} = (no title provided)

# \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

# "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

# -> {HKLM...CLSID} = "nView Desktop Context Menu"

# \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

# "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

# -> {HKLM...CLSID} = "WinRAR"

# \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

# "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

# -> {HKLM...CLSID} = "avast"

# \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

# "{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"

# -> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"

# \InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]

# "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"

# -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"

# \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

# "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"

# -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"

# \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

#  

# HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

# {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"

# -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"

# \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

# {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

# -> {HKLM...CLSID} = "PDF Shell Extension"

# \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

#  

# HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

# avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

# -> {HKLM...CLSID} = "avast"

# \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

# Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"

# -> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"

# \InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]

# DAP_ShredMenu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"

# -> {HKLM...CLSID} = "DAPMenuShellExt Class"

# \InProcServer32\(Default) = "C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL" ["Speedbit Ltd."]

# WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

# -> {HKLM...CLSID} = "WinRAR"

# \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

#  

# HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

# DAP_ShredMenu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"

# -> {HKLM...CLSID} = "DAPMenuShellExt Class"

# \InProcServer32\(Default) = "C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL" ["Speedbit Ltd."]

# WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

# -> {HKLM...CLSID} = "WinRAR"

# \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

#  

# HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

# avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

# -> {HKLM...CLSID} = "avast"

# \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

# WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

# -> {HKLM...CLSID} = "WinRAR"

# \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

#  

#  

# Group Policies {GPedit.msc branch and setting}:

# -----------------------------------------------

#  

# Note: detected settings may not have any effect.

#  

# HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

#  

# "NoLowDiskSpaceChecks" = (REG_DWORD) hex:0x00000001

# {unrecognized setting}

#  

# HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

#  

# "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

# {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

# Shutdown: Allow system to be shut down without having to log on}

#  

# "undockwithoutlogon" = (REG_DWORD) hex:0x00000001

# {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

# Devices: Allow undock without having to log on}

#  

#  

# Active Desktop and Wallpaper:

# -----------------------------

#  

# Active Desktop may be disabled at this entry:

# HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

#  

# Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

# HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

# "Wallpaper" = "C:\Documents and Settings\Admin.KACZMARE-VUAW0L\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

#  

# Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

# HKCU\Control Panel\Desktop\

# "Wallpaper" = "C:\Documents and Settings\Admin.KACZMARE-VUAW0L\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

#  

#  

# Enabled Screen Saver:

# ---------------------

#  

# HKCU\Control Panel\Desktop\

# "SCRNSAVE.EXE" = "C:\WINDOWS\SQUAD1~1.SCR" (Squad 1024x768.scr) [empty string]

#  

#  

# Startup items in "Admin" & "All Users" startup folders:

# -------------------------------------------------------

#  

# C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart

# "Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]

# "Adobe Reader Synchronizer" -> shortcut to: "C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe" [null data]

# "DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W" [empty string]

#  

#  

# Winsock2 Service Provider DLLs:

# -------------------------------

#  

# Namespace Service Providers

#  

# HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

# 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

# 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

# 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

#  

# Transport Service Providers

#  

# HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

# 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

# %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15

# %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

#  

#  

# Toolbars, Explorer Bars, Extensions:

# ------------------------------------

#  

# Toolbars

#  

# HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

# "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"

# -> {HKLM...CLSID} = "Yahoo! Toolbar"

# \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

#  

# HKLM\Software\Microsoft\Internet Explorer\Toolbar\

# "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)

# -> {HKLM...CLSID} = "Yahoo! Toolbar"

# \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

#  

# Explorer Bars

#  

# HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

#  

# HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\(Default) = "Volet Wanadoo"

# Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

# InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]

#  

# HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\(Default) = "ToolBand Class"

# Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

# InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]

#  

# HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\(Default) = "Volet Wanadoo"

# Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

# InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]

#  

#  

# Miscellaneous IE Hijack Points

# ------------------------------

#  

# HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

# <> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "*d" (unwritable string)

# -> {HKLM...CLSID} = "Yahoo! Toolbar"

# \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

# <> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)

# -> {HKLM...CLSID} = "Search Class"

# \InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string]

#  

#  

# Running Services (Display Name, Service Name, Path {Service DLL}):

# ------------------------------------------------------------------

#  

# ATK Keyboard Service, ATKKeyboardService, "C:\WINDOWS\ATKKBService.exe" ["ASUSTeK COMPUTER INC."]

# avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]

# avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]

# avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]

# CachemanXP, CachemanXPService, "C:\PROGRA~1\CACHEM~1\CachemanXP.exe" ["OuterTechnologies"]

# NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]

# Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]

#  

#  

# ----------

# <>: Suspicious data at a browser hijack point.

#  

# + This report excludes default entries except where indicated.

# + To see *everywhere* the script checks and *everything* it finds,

# launch it from a command prompt or a shortcut with the -all parameter.

# + To search all directories of local fixed drives for DESKTOP.INI

# DLL launch points, use the -supp parameter or answer "No" at the

# first message box and "Yes" at the second message box.

# ---------- (total run time: 109 seconds, including 17 seconds for message boxes)

Złączono Posta : 05.04.2007 (Czw) 22:05

# Logfile of HijackThis v1.99.1

# Scan saved at 20:37:47, on 2007-04-05

# Platform: Windows XP (WinNT 5.01.2600)

# MSIE: Internet Explorer v6.00 (6.00.2600.0000)

#  

# Running processes:

# C:\WINDOWS\System32\smss.exe

# C:\WINDOWS\system32\winlogon.exe

# C:\WINDOWS\system32\services.exe

# C:\WINDOWS\system32\lsass.exe

# C:\WINDOWS\system32\svchost.exe

# C:\WINDOWS\System32\svchost.exe

# C:\WINDOWS\system32\spoolsv.exe

# C:\WINDOWS\Explorer.EXE

# C:\WINDOWS\soundman.exe

# C:\WINDOWS\System32\RUNDLL32.EXE

# C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

# C:\PROGRA~1\NEOSTR~1\CnxMon.exe

# C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

# C:\WINDOWS\System32\ctfmon.exe

# C:\PROGRA~1\WapSter\AQQ\AQQ.exe

# C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

# C:\FRAPS\FRAPS.EXE

# C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

# C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

# C:\WINDOWS\ATKKBService.exe

# C:\Program Files\Alwil Software\Avast4\ashServ.exe

# C:\PROGRA~1\CACHEM~1\CachemanXP.exe

# C:\WINDOWS\System32\nvsvc32.exe

# C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

# C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe

# C:\PROGRA~1\NEOSTR~1\ComComp.exe

# C:\PROGRA~1\NEOSTR~1\Watch.exe

# C:\Documents and Settings\Admin.KACZMARE-VUAW0L\Pulpit\HijackThis.exe

#  

# R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

# R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

# R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

# R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

# O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

# O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

# O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

# O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

# O4 - HKLM\..\Run: [SoundMan] soundman.exe

# O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

# O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

# O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

# O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP

# O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

# O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

# O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

# O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

# O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

# O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

# O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

# O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\WapSter\AQQ\AQQ.exe

# O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

# O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE

# O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

# O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

# O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

# O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

# O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

# O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

# O17 - HKLM\System\CCS\Services\Tcpip\..\{ED1847A0-A773-4D42-9026-ED489558CFF7}: NameServer = 194.204.159.1 217.98.63.164

# O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

# O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

# O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

# O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

# O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe

# O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

# O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

# O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

#

# "Silent Runners.vbs", revision R50, http://www.silentrunners.org/

# Operating System: Windows XP

# Output limited to non-default values, except where indicated by "{++}"

#  

#  

# Startup items buried in registry:

# ---------------------------------

#  

# HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

# "CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]

# "AQQ" = "C:\PROGRA~1\WapSter\AQQ\AQQ.exe" ["AQQ Sp. z o.o."]

# "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"]

# "Fraps" = "C:\FRAPS\FRAPS.EXE" ["Beepa P/L"]

#  

# HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

# "SoundMan" = "soundman.exe" ["Avance Logic, Inc."]

# "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]

# "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

# "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]

# "DownloadAccelerator" = ""C:\Program Files\DAP\DAP.EXE" /STARTUP" ["Speedbit Ltd."]

# "DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]

# "avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]

# "NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"]

# "WooCnxMon" = "C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [empty string]

# "WOOWATCH" = "C:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"]

# "WOOTASKBARICON" = "C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" ["France Télécom R&D"]

#  

# HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

# {02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)

# -> {HKLM...CLSID} = "Yahoo! Toolbar Helper"

# \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

# {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

# -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

# \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

#  

# HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

# "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

# -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

# \InProcServer32\(Default) = "deskpan.dll" [file not found]

# "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

# -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

# \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

# "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

# -> {HKLM...CLSID} = "DesktopContext Class"

# \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]

# "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

# -> {HKLM...CLSID} = "NVIDIA CPL Extension"

# \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]

# "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

# -> {HKLM...CLSID} = "Desktop Explorer"

# \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

# "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

# -> {HKLM...CLSID} = (no title provided)

# \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

# "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

# -> {HKLM...CLSID} = "nView Desktop Context Menu"

# \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

# "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

# -> {HKLM...CLSID} = "WinRAR"

# \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

# "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

# -> {HKLM...CLSID} = "avast"

# \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

# "{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"

# -> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"

# \InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]

# "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"

# -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"

# \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

# "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"

# -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"

# \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

#  

# HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

# {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"

# -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"

# \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

# {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

# -> {HKLM...CLSID} = "PDF Shell Extension"

# \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

#  

# HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

# avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

# -> {HKLM...CLSID} = "avast"

# \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

# Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"

# -> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"

# \InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]

# DAP_ShredMenu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"

# -> {HKLM...CLSID} = "DAPMenuShellExt Class"

# \InProcServer32\(Default) = "C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL" ["Speedbit Ltd."]

# WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

# -> {HKLM...CLSID} = "WinRAR"

# \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

#  

# HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

# DAP_ShredMenu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"

# -> {HKLM...CLSID} = "DAPMenuShellExt Class"

# \InProcServer32\(Default) = "C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL" ["Speedbit Ltd."]

# WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

# -> {HKLM...CLSID} = "WinRAR"

# \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

#  

# HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

# avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

# -> {HKLM...CLSID} = "avast"

# \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

# WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

# -> {HKLM...CLSID} = "WinRAR"

# \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

#  

#  

# Group Policies {GPedit.msc branch and setting}:

# -----------------------------------------------

#  

# Note: detected settings may not have any effect.

#  

# HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

#  

# "NoLowDiskSpaceChecks" = (REG_DWORD) hex:0x00000001

# {unrecognized setting}

#  

# HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

#  

# "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

# {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

# Shutdown: Allow system to be shut down without having to log on}

#  

# "undockwithoutlogon" = (REG_DWORD) hex:0x00000001

# {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

# Devices: Allow undock without having to log on}

#  

#  

# Active Desktop and Wallpaper:

# -----------------------------

#  

# Active Desktop may be disabled at this entry:

# HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

#  

# Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

# HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

# "Wallpaper" = "C:\Documents and Settings\Admin.KACZMARE-VUAW0L\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

#  

# Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

# HKCU\Control Panel\Desktop\

# "Wallpaper" = "C:\Documents and Settings\Admin.KACZMARE-VUAW0L\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

#  

#  

# Enabled Screen Saver:

# ---------------------

#  

# HKCU\Control Panel\Desktop\

# "SCRNSAVE.EXE" = "C:\WINDOWS\SQUAD1~1.SCR" (Squad 1024x768.scr) [empty string]

#  

#  

# Startup items in "Admin" & "All Users" startup folders:

# -------------------------------------------------------

#  

# C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart

# "Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]

# "Adobe Reader Synchronizer" -> shortcut to: "C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe" [null data]

# "DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W" [empty string]

#  

#  

# Winsock2 Service Provider DLLs:

# -------------------------------

#  

# Namespace Service Providers

#  

# HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

# 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

# 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

# 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

#  

# Transport Service Providers

#  

# HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

# 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

# %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15

# %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

#  

#  

# Toolbars, Explorer Bars, Extensions:

# ------------------------------------

#  

# Toolbars

#  

# HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

# "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"

# -> {HKLM...CLSID} = "Yahoo! Toolbar"

# \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

#  

# HKLM\Software\Microsoft\Internet Explorer\Toolbar\

# "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)

# -> {HKLM...CLSID} = "Yahoo! Toolbar"

# \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

#  

# Explorer Bars

#  

# HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

#  

# HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\(Default) = "Volet Wanadoo"

# Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

# InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]

#  

# HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\(Default) = "ToolBand Class"

# Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

# InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]

#  

# HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\(Default) = "Volet Wanadoo"

# Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

# InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]

#  

#  

# Miscellaneous IE Hijack Points

# ------------------------------

#  

# HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

# <> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "*d" (unwritable string)

# -> {HKLM...CLSID} = "Yahoo! Toolbar"

# \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

# <> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)

# -> {HKLM...CLSID} = "Search Class"

# \InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string]

#  

#  

# Running Services (Display Name, Service Name, Path {Service DLL}):

# ------------------------------------------------------------------

#  

# ATK Keyboard Service, ATKKeyboardService, "C:\WINDOWS\ATKKBService.exe" ["ASUSTeK COMPUTER INC."]

# avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]

# avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]

# avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]

# CachemanXP, CachemanXPService, "C:\PROGRA~1\CACHEM~1\CachemanXP.exe" ["OuterTechnologies"]

# NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]

# Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]

#  

#  

# ----------

# <>: Suspicious data at a browser hijack point.

#  

# + This report excludes default entries except where indicated.

# + To see *everywhere* the script checks and *everything* it finds,

# launch it from a command prompt or a shortcut with the -all parameter.

# + To search all directories of local fixed drives for DESKTOP.INI

# DLL launch points, use the -supp parameter or answer "No" at the

# first message box and "Yes" at the second message box.

# ---------- (total run time: 109 seconds, including 17 seconds for message boxes)

(adam9870) #4

Już jest Ok.

Proponuję zainstalować dodatek Service Pack 2. Poprawia on bezpieczeństwo w systemie, dodaje nową funkcjonalność etc. Możesz go pobrać stąd:

Kosmetyka:

Start => uruchom => msconfig => zakładka Uruchamianie => możesz odznaczyć w/w.

Jeśli nie korzystasz z zaawansowanych usług tekstowych to je wyłącz: Panel sterowania => Opcje regionalne => Języki => Szczegóły => Zaawansowane => zaznacz wyłącz zaawansowane usługi tekstowe.

W opcjach komunikatora możesz wyłączyć uruchamianie przy starcie systemu jeśli nie jest Ci potrzebne.

Start => programy => autostart => kasacja z prawokliku.

Proponuję usunąć aplikację dostępową neostrady, a połączenie skonfigurować ręcznie.

http://forum.dobreprogramy.pl/viewtopic.php?t=91864