jest tak ze moj komputer czasami sie zacina wogole czest lapie jakies trojany i nie wiem co mam z tym zrobic czy pomoglibyscie co mam zrobic z tym logiem prosze o pomoc bardzo .
Złączono Posta : 24.08.2006 (Czw) 11:40
pomozcie 
Najpierw wklej tutaj loga, żebyśmy Ci mogli pomóc… a poza tym pisz troszeczke staranniej i używaj polskich znaków… 
Logfile of HijackThis v1.99.1
Scan saved at 13:27:58, on 2006-08-24
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\PROGRAMY\avast antivirus\aswUpdSv.exe
D:\PROGRAMY\avast antivirus\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\PROGRAMY\avast antivirus\ashWebSv.exe
D:\PROGRAMY\avast antivirus\ashMaiSv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\QuickTime\qttask.exe
D:\PROGRAMY\daemon tools\daemon.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
D:\PROGRAMY\AVASTA~1\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
D:\PROGRAMY\gadugadu\Gadu-Gadu\gg.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\PROGRAMY\nero\Nero StartSmart\NeroStartSmart.exe
D:\PROGRAMY\nero\nero\nero.exe
C:\WINDOWS\System32\imapi.exe
D:\PROGRAMY\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRAMY\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O4 - HKLM…\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM…\Run: [CloneCDTray] “D:\PROGRAMY\CloneCD\CloneCDTray.exe” /s
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [DAEMON Tools-1033] “D:\PROGRAMY\daemon tools\daemon.exe” -lang 1033
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [DAEMON Tools] “D:\PROGRAMY\daemon tools\daemon.exe” -lang 1033
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM…\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM…\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM…\Run: [avast!] D:\PROGRAMY\AVASTA~1\ashDisp.exe
O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU…\Run: [NBJ] “D:\PROGRAMY\NERO\Nero BackItUp\NBJ.exe”
O4 - HKCU…\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU…\Run: [skype] “D:\PROGRAMY\Phone\Skype.exe” /nosplash /minimized
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRAMY\MSOFFI~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRAMY\MSOFFI~1\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip…{F2400962-3C4A-47DC-9BE1-6120FF04E38B}: NameServer = 194.204.159.1
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\artm_new.dll
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - (no file)
O23 - Service: ArcaBit NetMonitor (ABNetMon) - Unknown owner - D:\Programy\antywirus\Bin\NetMonSv.exe (file missing)
O23 - Service: ArcaVir Monitor (ArcaMonSvc) - Unknown owner - D:\PROGRAMY\arcavir\Bin\avmonsv.exe (file missing)
O23 - Service: arcaserv - Unknown owner - D:\Programy\antywirus\bin\arcaserv.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\PROGRAMY\avast antivirus\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\PROGRAMY\avast antivirus\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\PROGRAMY\avast antivirus\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\PROGRAMY\avast antivirus\ashWebSv.exe" /service (file missing)
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\XXX~1.XXX\USTAWI~1\Temp\hpdj.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Złączono Posta : 24.08.2006 (Czw) 13:27
to jest chyba ten log ja tam za barzdo sie na tym nie znam
-
Startujesz do trybu awaryjnego i wyłączasz przywracanie systemu.
-
Pliki/foldery na czerwono skasuj z dysku.
-
Wpisy skasuj Hijackiem.
Użyj programu Killbox. Uruchamiasz zaznaczasz Delete on reboot, w polu full path of file wklej ścieżkę :
C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\artm_new.dll
Klikasz X i reset kompa.
Daj log z Silent Runners – tu masz opis.
tzn co mam najpierw zrobic najpierw do trybu awaryjnego ?
Złączono Posta : 24.08.2006 (Czw) 13:54
“Silent Runners.vbs”, revision 46, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
“MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS]
“NBJ” = ““D:\PROGRAMY\NERO\Nero BackItUp\NBJ.exe”” [“Ahead Software AG”]
“Windows update loader” = “C:\Windows\xpupdate.exe” [file not found]
“Skype” = ““D:\PROGRAMY\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
“PrinTray” = “C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe” [“Lexmark”]
“HPDJ Taskbar Utility” = “C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe” [“HP”]
“NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”]
“DAEMON Tools-1033” = ““D:\PROGRAMY\daemon tools\daemon.exe” -lang 1033” [“DT Soft Ltd.”]
“NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” [MS]
“nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”]
“QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”]
“DAEMON Tools” = ““D:\PROGRAMY\daemon tools\daemon.exe” -lang 1033” [“DT Soft Ltd.”]
“NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit” [MS]
“HP Software Update” = “C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe” [null data]
“DeviceDiscovery” = “C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe” [“Hewlett-Packard”]
“winupdates” = “C:\Program Files\winupdates\winupdates.exe /auto” [file not found]
“SunJavaUpdateSched” = “C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [“Sun Microsystems, Inc.”]
“avast!” = “D:\PROGRAMY\AVASTA~1\ashDisp.exe” [null data]
“CloneCDTray” = ““D:\PROGRAMY\clone cd\CloneCD\CloneCDTray.exe” /s” [“SlySoft, Inc.”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670}(Default) = (no title provided)
-> {HKLM…CLSID} = “Yahoo! Toolbar Helper”
\InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [file not found]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM…CLSID} = “AcroIEHlprObj Class”
\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx” [file not found]
{37B85A21-692B-4205-9CAD-2626E4993404}(Default) = “My Global Search Bar BHO”
-> {HKLM…CLSID} = “My Global Search Bar BHO”
\InProcServer32(Default) = “C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL” [“My Global Search”]
{53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided)
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “D:\PROGRAMY\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)
-> {HKLM…CLSID} = “SSVHelper Class”
\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”
-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”
\InProcServer32(Default) = “deskpan.dll” [file not found]
“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”
-> {HKLM…CLSID} = “HyperTerminal Icon Ext”
\InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”]
Log urwany. Czekaj na monit z programu. i wklj cały
ok
Złączono Posta : 24.08.2006 (Czw) 14:01
dobra czekam na ten log a tak nawiasem to do tego trybu awaryjnego jak sie startuje podczas stratu systemu trzeba caly czas f5 naciskac? bo nie jestem w tym za bardzo zorientowany 
Daj loga z SR - już widać że części plików nie ma.
“Silent Runners.vbs”, revision 46, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
“MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS]
“NBJ” = ““D:\PROGRAMY\NERO\Nero BackItUp\NBJ.exe”” [“Ahead Software AG”]
“Windows update loader” = “C:\Windows\xpupdate.exe” [file not found]
“Skype” = ““D:\PROGRAMY\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
“PrinTray” = “C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe” [“Lexmark”]
“HPDJ Taskbar Utility” = “C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe” [“HP”]
“NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”]
“DAEMON Tools-1033” = ““D:\PROGRAMY\daemon tools\daemon.exe” -lang 1033” [“DT Soft Ltd.”]
“NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” [MS]
“nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”]
“QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”]
“DAEMON Tools” = ““D:\PROGRAMY\daemon tools\daemon.exe” -lang 1033” [“DT Soft Ltd.”]
“NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit” [MS]
“HP Software Update” = “C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe” [null data]
“DeviceDiscovery” = “C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe” [“Hewlett-Packard”]
“winupdates” = “C:\Program Files\winupdates\winupdates.exe /auto” [file not found]
“SunJavaUpdateSched” = “C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [“Sun Microsystems, Inc.”]
“avast!” = “D:\PROGRAMY\AVASTA~1\ashDisp.exe” [null data]
“CloneCDTray” = ““D:\PROGRAMY\clone cd\CloneCD\CloneCDTray.exe” /s” [“SlySoft, Inc.”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670}(Default) = (no title provided)
-> {HKLM…CLSID} = “Yahoo! Toolbar Helper”
\InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [file not found]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM…CLSID} = “AcroIEHlprObj Class”
\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx” [file not found]
{37B85A21-692B-4205-9CAD-2626E4993404}(Default) = “My Global Search Bar BHO”
-> {HKLM…CLSID} = “My Global Search Bar BHO”
\InProcServer32(Default) = “C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL” [“My Global Search”]
{53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided)
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “D:\PROGRAMY\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)
-> {HKLM…CLSID} = “SSVHelper Class”
\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”
-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”
\InProcServer32(Default) = “deskpan.dll” [file not found]
“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”
-> {HKLM…CLSID} = “HyperTerminal Icon Ext”
\InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”]
“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “D:\PROGRAMY\winrar3.50\rarext.dll” [null data]
“{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer”
-> {HKLM…CLSID} = “Desktop Explorer”
\InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”]
“{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”]
“{640167b4-59b0-47a6-b335-a6b3c0695aea}” = “Portable Media Devices”
-> {HKLM…CLSID} = “Portable Media Devices”
\InProcServer32(Default) = “C:\WINDOWS\System32\Audiodev.dll” [MS]
“{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu”
-> {HKLM…CLSID} = “Portable Media Devices Menu”
\InProcServer32(Default) = “C:\WINDOWS\System32\Audiodev.dll” [MS]
“{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler”
-> {HKLM…CLSID} = “Microsoft Office Outlook”
\InProcServer32(Default) = “D:\PROGRAMY\MSOFFI~1\OFFICE11\MLSHEXT.DLL” [MS]
“{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler”
-> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook”
\InProcServer32(Default) = “D:\PROGRAMY\MSOFFI~1\OFFICE11\OLKFSTUB.DLL” [MS]
“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “D:\PROGRAMY\MS Office\OFFICE11\msohev.dll” [MS]
“{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class”
-> {HKLM…CLSID} = “DesktopContext Class”
\InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”]
“{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper”
-> {HKLM…CLSID} = “NVIDIA CPL Extension”
\InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”]
“{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu”
-> {HKLM…CLSID} = “nView Desktop Context Menu”
\InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”]
“{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player”
-> {HKLM…CLSID} = “RealOne Player Context Menu Class”
\InProcServer32(Default) = “D:\PROGRAMY\Real Alternative\rpshell.dll” [“RealNetworks, Inc.”]
“{472083B0-C522-11CF-8763-00608CC02F24}” = “avast”
-> {HKLM…CLSID} = “avast”
\InProcServer32(Default) = “D:\PROGRAMY\avast antivirus\ashShell.dll” [“ALWIL Software”]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! artm_newreg\DLLName = “C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\artm_new.dll” [null data]
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS]
HKLM\Software\Classes*\shellex\ContextMenuHandlers\
avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}”
-> {HKLM…CLSID} = “avast”
\InProcServer32(Default) = “D:\PROGRAMY\avast antivirus\ashShell.dll” [“ALWIL Software”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “D:\PROGRAMY\winrar3.50\rarext.dll” [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “D:\PROGRAMY\winrar3.50\rarext.dll” [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}”
-> {HKLM…CLSID} = “avast”
\InProcServer32(Default) = “D:\PROGRAMY\avast antivirus\ashShell.dll” [“ALWIL Software”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “D:\PROGRAMY\winrar3.50\rarext.dll” [null data]
Active Desktop and Wallpaper:
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
“Wallpaper” = “C:\WINDOWS\Web\Wallpaper\Idylla.bmp”
Enabled Screen Saver:
HKCU\Control Panel\Desktop\
“SCRNSAVE.EXE” = “C:\WINDOWS\System32\arctic.scr” [null data]
Startup items in “xxx” & “All Users” startup folders:
C:\Documents and Settings\xxx.XXX-XIM4COFCJ6X\Menu Start\Programy\Autostart
INFECTION WARNING! “PowerReg Scheduler.exe” [empty string]
Winsock2 Service Provider DLLs:
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]
000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
000000000004\LibraryPath = “%SystemRoot%\System32\nwprovau.dll” [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 24
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
“{EF99BD32-C1FB-11D2-892F-0090271D4F88}”
-> {HKLM…CLSID} = “&Yahoo! Toolbar”
\InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [file not found]
“{37B85A29-692B-4205-9CAD-2626E4993404}”
-> {HKLM…CLSID} = “My Global Search Bar”
\InProcServer32(Default) = “C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL” [“My Global Search”]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
“{EF99BD32-C1FB-11D2-892F-0090271D4F88}” = (no title provided)
-> {HKLM…CLSID} = “&Yahoo! Toolbar”
\InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [file not found]
“{37B85A29-692B-4205-9CAD-2626E4993404}” = (no title provided)
-> {HKLM…CLSID} = “My Global Search Bar”
\InProcServer32(Default) = “C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL” [“My Global Search”]
Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = (no title provided)
-> {HKLM…CLSID} = “&Badanie”
\InProcServer32(Default) = “D:\PROGRAMY\MSOFFI~1\OFFICE11\REFIEBAR.DLL” [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
“MenuText” = “Sun Java Console”
“CLSIDExtension” = “{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}”
-> {HKCU…CLSID} = “Java Plug-in”
\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”]
-> {HKLM…CLSID} = “Java Plug-in 1.5.0_06”
\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll” [“Sun Microsystems, Inc.”]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
“ButtonText” = “Badanie”
Running Services (Display Name, Service Name, Path {Service DLL}):
avast! Antivirus, avast! Antivirus, ““D:\PROGRAMY\avast antivirus\ashServ.exe”” [null data]
avast! iAVS4 Control Service, aswUpdSv, ““D:\PROGRAMY\avast antivirus\aswUpdSv.exe”” [null data]
avast! Mail Scanner, avast! Mail Scanner, ““D:\PROGRAMY\avast antivirus\ashMaiSv.exe” /service” [“ALWIL Software”]
avast! Web Scanner, avast! Web Scanner, ““D:\PROGRAMY\avast antivirus\ashWebSv.exe” /service” [“ALWIL Software”]
NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\System32\nvsvc32.exe” [“NVIDIA Corporation”]
Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\System32\wdfmgr.exe” [MS]
Print Monitors:
HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt08\Driver = “hpzsnt08.dll” [“HP”]
Lexmark InkJet Monitor\Driver = “LEXLELM.DLL” [null data]
Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS]
-
This report excludes default entries except where indicated.
-
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
- The search for DESKTOP.INI DLL launch points on all local fixed drives
took 245 seconds.
- The search for all Registry CLSIDs containing dormant Explorer Bars
took 376 seconds.
---------- (total run time: 1565 seconds)
Złączono Posta : 24.08.2006 (Czw) 14:23
to log z Silent Runnersa
Złączono Posta : 24.08.2006 (Czw) 14:40
hej to jak?
ja teraz restartuje do trybu awaryjnego i robie tak jak powyzej mowiles
Zrób tak (wszystko oczywiście robisz w trybie awaryjnym z wyłączonym przywracaniem systemu).
C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL - folder na czerwono kasujesz z dysku.
PowerReg Scheduler.exe - też wywal.
Użyj programu Killbox. Uruchamiasz zaznaczasz Delete on reboot, w polu full path of file wklej ścieżkę :
C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\artm_new.dll
Klikasz X i reset kompa.
Otwórz notatnik i wklej :
Plik --> Zapisz jako --> Zmień rozszerzenie z TXT na Wszystkie pliki --> Zapisz pod nazwą FIX.REG i uruchom w trybie awaryjnym.
Daj nowe logi z Hijacka + Silent.
O4 - HKLM…\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
kazales mi to usunac ale nie moglem znalesc w hijacku i nie wiem mam recznie normalnie z dysku usunac?
Złączono Posta : 24.08.2006 (Czw) 16:14
nowe logi :
Logfile of HijackThis v1.99.1
Scan saved at 15:41:37, on 2006-08-24
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
D:\PROGRAMY\daemon tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\PROGRAMY\AVASTA~1\ashDisp.exe
D:\PROGRAMY\clone cd\CloneCD\CloneCDTray.exe
C:\Program Files\Messenger\msmsgs.exe
D:\PROGRAMY\avast antivirus\aswUpdSv.exe
D:\PROGRAMY\avast antivirus\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\PROGRAMY\avast antivirus\ashMaiSv.exe
D:\PROGRAMY\avast antivirus\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
D:\PROGRAMY\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRAMY\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O4 - HKLM…\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [DAEMON Tools-1033] “D:\PROGRAMY\daemon tools\daemon.exe” -lang 1033
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [DAEMON Tools] “D:\PROGRAMY\daemon tools\daemon.exe” -lang 1033
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM…\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM…\Run: [avast!] D:\PROGRAMY\AVASTA~1\ashDisp.exe
O4 - HKLM…\Run: [CloneCDTray] “D:\PROGRAMY\clone cd\CloneCD\CloneCDTray.exe” /s
O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU…\Run: [NBJ] “D:\PROGRAMY\NERO\Nero BackItUp\NBJ.exe”
O4 - HKCU…\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU…\Run: [skype] “D:\PROGRAMY\Phone\Skype.exe” /nosplash /minimized
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRAMY\MSOFFI~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRAMY\MSOFFI~1\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip…{F2400962-3C4A-47DC-9BE1-6120FF04E38B}: NameServer = 194.204.159.1
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\artm_new.dll (file missing)
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - (no file)
O23 - Service: ArcaBit NetMonitor (ABNetMon) - Unknown owner - D:\Programy\antywirus\Bin\NetMonSv.exe (file missing)
O23 - Service: ArcaVir Monitor (ArcaMonSvc) - Unknown owner - D:\PROGRAMY\arcavir\Bin\avmonsv.exe (file missing)
O23 - Service: arcaserv - Unknown owner - D:\Programy\antywirus\bin\arcaserv.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\PROGRAMY\avast antivirus\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\PROGRAMY\avast antivirus\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\PROGRAMY\avast antivirus\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\PROGRAMY\avast antivirus\ashWebSv.exe" /service (file missing)
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\XXX~1.XXX\USTAWI~1\Temp\hpdj.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Złączono Posta : 24.08.2006 (Czw) 16:15
“Silent Runners.vbs”, revision 46, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
“MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS]
“NBJ” = ““D:\PROGRAMY\NERO\Nero BackItUp\NBJ.exe”” [“Ahead Software AG”]
“Windows update loader” = “C:\Windows\xpupdate.exe” [file not found]
“Skype” = ““D:\PROGRAMY\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
“PrinTray” = “C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe” [“Lexmark”]
“HPDJ Taskbar Utility” = “C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe” [“HP”]
“NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”]
“DAEMON Tools-1033” = ““D:\PROGRAMY\daemon tools\daemon.exe” -lang 1033” [“DT Soft Ltd.”]
“NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” [MS]
“nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”]
“QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”]
“DAEMON Tools” = ““D:\PROGRAMY\daemon tools\daemon.exe” -lang 1033” [“DT Soft Ltd.”]
“NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit” [MS]
“HP Software Update” = “C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe” [null data]
“DeviceDiscovery” = “C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe” [“Hewlett-Packard”]
“SunJavaUpdateSched” = “C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [“Sun Microsystems, Inc.”]
“avast!” = “D:\PROGRAMY\AVASTA~1\ashDisp.exe” [null data]
“CloneCDTray” = ““D:\PROGRAMY\clone cd\CloneCD\CloneCDTray.exe” /s” [“SlySoft, Inc.”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670}(Default) = (no title provided)
-> {HKLM…CLSID} = “Yahoo! Toolbar Helper”
\InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [file not found]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM…CLSID} = “AcroIEHlprObj Class”
\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx” [file not found]
{37B85A21-692B-4205-9CAD-2626E4993404}(Default) = “My Global Search Bar BHO”
-> {HKLM…CLSID} = “My Global Search Bar BHO”
\InProcServer32(Default) = “C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL” [file not found]
{53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided)
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “D:\PROGRAMY\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)
-> {HKLM…CLSID} = “SSVHelper Class”
\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”
-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”
\InProcServer32(Default) = “deskpan.dll” [file not found]
“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”
-> {HKLM…CLSID} = “HyperTerminal Icon Ext”
\InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”]
“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “D:\PROGRAMY\winrar3.50\rarext.dll” [null data]
“{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer”
-> {HKLM…CLSID} = “Desktop Explorer”
\InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”]
“{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”]
“{640167b4-59b0-47a6-b335-a6b3c0695aea}” = “Portable Media Devices”
-> {HKLM…CLSID} = “Portable Media Devices”
\InProcServer32(Default) = “C:\WINDOWS\System32\Audiodev.dll” [MS]
“{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu”
-> {HKLM…CLSID} = “Portable Media Devices Menu”
\InProcServer32(Default) = “C:\WINDOWS\System32\Audiodev.dll” [MS]
“{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler”
-> {HKLM…CLSID} = “Microsoft Office Outlook”
\InProcServer32(Default) = “D:\PROGRAMY\MSOFFI~1\OFFICE11\MLSHEXT.DLL” [MS]
“{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler”
-> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook”
\InProcServer32(Default) = “D:\PROGRAMY\MSOFFI~1\OFFICE11\OLKFSTUB.DLL” [MS]
“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “D:\PROGRAMY\MS Office\OFFICE11\msohev.dll” [MS]
“{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class”
-> {HKLM…CLSID} = “DesktopContext Class”
\InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”]
“{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper”
-> {HKLM…CLSID} = “NVIDIA CPL Extension”
\InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”]
“{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu”
-> {HKLM…CLSID} = “nView Desktop Context Menu”
\InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”]
“{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player”
-> {HKLM…CLSID} = “RealOne Player Context Menu Class”
\InProcServer32(Default) = “D:\PROGRAMY\Real Alternative\rpshell.dll” [“RealNetworks, Inc.”]
“{472083B0-C522-11CF-8763-00608CC02F24}” = “avast”
-> {HKLM…CLSID} = “avast”
\InProcServer32(Default) = “D:\PROGRAMY\avast antivirus\ashShell.dll” [“ALWIL Software”]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! artm_newreg\DLLName = “C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\artm_new.dll” [file not found]
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS]
HKLM\Software\Classes*\shellex\ContextMenuHandlers\
avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}”
-> {HKLM…CLSID} = “avast”
\InProcServer32(Default) = “D:\PROGRAMY\avast antivirus\ashShell.dll” [“ALWIL Software”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “D:\PROGRAMY\winrar3.50\rarext.dll” [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “D:\PROGRAMY\winrar3.50\rarext.dll” [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}”
-> {HKLM…CLSID} = “avast”
\InProcServer32(Default) = “D:\PROGRAMY\avast antivirus\ashShell.dll” [“ALWIL Software”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “D:\PROGRAMY\winrar3.50\rarext.dll” [null data]
Active Desktop and Wallpaper:
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
“Wallpaper” = “C:\WINDOWS\Web\Wallpaper\Idylla.bmp”
Enabled Screen Saver:
HKCU\Control Panel\Desktop\
“SCRNSAVE.EXE” = “C:\WINDOWS\System32\arctic.scr” [null data]
Winsock2 Service Provider DLLs:
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]
000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
000000000004\LibraryPath = “%SystemRoot%\System32\nwprovau.dll” [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 24
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
“{EF99BD32-C1FB-11D2-892F-0090271D4F88}”
-> {HKLM…CLSID} = “&Yahoo! Toolbar”
\InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [file not found]
“{37B85A29-692B-4205-9CAD-2626E4993404}”
-> {HKLM…CLSID} = “My Global Search Bar”
\InProcServer32(Default) = “C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL” [file not found]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
“{EF99BD32-C1FB-11D2-892F-0090271D4F88}” = (no title provided)
-> {HKLM…CLSID} = “&Yahoo! Toolbar”
\InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [file not found]
“{37B85A29-692B-4205-9CAD-2626E4993404}” = (no title provided)
-> {HKLM…CLSID} = “My Global Search Bar”
\InProcServer32(Default) = “C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL” [file not found]
Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = (no title provided)
-> {HKLM…CLSID} = “&Badanie”
\InProcServer32(Default) = “D:\PROGRAMY\MSOFFI~1\OFFICE11\REFIEBAR.DLL” [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
“MenuText” = “Sun Java Console”
“CLSIDExtension” = “{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}”
-> {HKCU…CLSID} = “Java Plug-in”
\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”]
-> {HKLM…CLSID} = “Java Plug-in 1.5.0_06”
\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll” [“Sun Microsystems, Inc.”]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
“ButtonText” = “Badanie”
Running Services (Display Name, Service Name, Path {Service DLL}):
avast! Antivirus, avast! Antivirus, ““D:\PROGRAMY\avast antivirus\ashServ.exe”” [null data]
avast! iAVS4 Control Service, aswUpdSv, ““D:\PROGRAMY\avast antivirus\aswUpdSv.exe”” [null data]
avast! Mail Scanner, avast! Mail Scanner, ““D:\PROGRAMY\avast antivirus\ashMaiSv.exe” /service” [“ALWIL Software”]
avast! Web Scanner, avast! Web Scanner, ““D:\PROGRAMY\avast antivirus\ashWebSv.exe” /service” [“ALWIL Software”]
NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\System32\nvsvc32.exe” [“NVIDIA Corporation”]
Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\System32\wdfmgr.exe” [MS]
Print Monitors:
HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt08\Driver = “hpzsnt08.dll” [“HP”]
Lexmark InkJet Monitor\Driver = “LEXLELM.DLL” [null data]
Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS]
-
This report excludes default entries except where indicated.
-
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
- The search for DESKTOP.INI DLL launch points on all local fixed drives
took 324 seconds.
- The search for all Registry CLSIDs containing dormant Explorer Bars
took 419 seconds.
---------- (total run time: 1699 seconds)
Kasujesz Hijackiem :
Otwórz notatnik i wklej :
Plik --> Zapisz jako --> Zmień rozszerzenie z TXT na Wszystkie pliki --> Zapisz pod nazwą FIX.REG i uruchom w trybie awaryjnym.