Czesc mam problem mam hijackthisa i czy sprawdzilibyscie log


(Lukaszek661) #1

jest tak ze moj komputer czasami sie zacina wogole czest lapie jakies trojany i nie wiem co mam z tym zrobic czy pomoglibyscie co mam zrobic z tym logiem prosze o pomoc bardzo .

Złączono Posta : 24.08.2006 (Czw) 11:40

pomozcie :frowning:


#2

Najpierw wklej tutaj loga, żebyśmy Ci mogli pomóc... a poza tym pisz troszeczke staranniej i używaj polskich znaków... :wink:


(Lukaszek661) #3

Logfile of HijackThis v1.99.1

Scan saved at 13:27:58, on 2006-08-24

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

D:\PROGRAMY\avast antivirus\aswUpdSv.exe

D:\PROGRAMY\avast antivirus\ashServ.exe

C:\WINDOWS\System32\nvsvc32.exe

D:\PROGRAMY\avast antivirus\ashWebSv.exe

D:\PROGRAMY\avast antivirus\ashMaiSv.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

C:\Program Files\QuickTime\qttask.exe

D:\PROGRAMY\daemon tools\daemon.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

D:\PROGRAMY\AVASTA~1\ashDisp.exe

C:\Program Files\Messenger\msmsgs.exe

D:\PROGRAMY\gadugadu\Gadu-Gadu\gg.exe

C:\Program Files\Internet Explorer\iexplore.exe

D:\PROGRAMY\nero\Nero StartSmart\NeroStartSmart.exe

D:\PROGRAMY\nero\nero\nero.exe

C:\WINDOWS\System32\imapi.exe

D:\PROGRAMY\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRAMY\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

O4 - HKLM..\Run: [CloneCDTray] "D:\PROGRAMY\CloneCD\CloneCDTray.exe" /s

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [DAEMON Tools-1033] "D:\PROGRAMY\daemon tools\daemon.exe" -lang 1033

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM..\Run: [DAEMON Tools] "D:\PROGRAMY\daemon tools\daemon.exe" -lang 1033

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

O4 - HKLM..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM..\Run: [avast!] D:\PROGRAMY\AVASTA~1\ashDisp.exe

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU..\Run: [NBJ] "D:\PROGRAMY\NERO\Nero BackItUp\NBJ.exe"

O4 - HKCU..\Run: [Windows update loader] C:\Windows\xpupdate.exe

O4 - HKCU..\Run: [skype] "D:\PROGRAMY\Phone\Skype.exe" /nosplash /minimized

O4 - Startup: PowerReg Scheduler.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRAMY\MSOFFI~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRAMY\MSOFFI~1\OFFICE11\REFIEBAR.DLL

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O17 - HKLM\System\CCS\Services\Tcpip..{F2400962-3C4A-47DC-9BE1-6120FF04E38B}: NameServer = 194.204.159.1

O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\artm_new.dll

O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - (no file)

O23 - Service: ArcaBit NetMonitor (ABNetMon) - Unknown owner - D:\Programy\antywirus\Bin\NetMonSv.exe (file missing)

O23 - Service: ArcaVir Monitor (ArcaMonSvc) - Unknown owner - D:\PROGRAMY\arcavir\Bin\avmonsv.exe (file missing)

O23 - Service: arcaserv - Unknown owner - D:\Programy\antywirus\bin\arcaserv.exe (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\PROGRAMY\avast antivirus\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - D:\PROGRAMY\avast antivirus\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - D:\PROGRAMY\avast antivirus\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - D:\PROGRAMY\avast antivirus\ashWebSv.exe" /service (file missing)

O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\XXX~1.XXX\USTAWI~1\Temp\hpdj.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Złączono Posta : 24.08.2006 (Czw) 13:27

to jest chyba ten log ja tam za barzdo sie na tym nie znam


(Myszonus) #4

  1. Startujesz do trybu awaryjnego i wyłączasz przywracanie systemu.

  2. Pliki/foldery na czerwono skasuj z dysku.

  3. Wpisy skasuj Hijackiem.

Użyj programu Killbox. Uruchamiasz zaznaczasz Delete on reboot, w polu full path of file wklej ścieżkę :

C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\artm_new.dll

Klikasz X i reset kompa.

Daj log z Silent Runners – tu masz opis.


(Lukaszek661) #5

tzn co mam najpierw zrobic najpierw do trybu awaryjnego ?

Złączono Posta : 24.08.2006 (Czw) 13:54

"Silent Runners.vbs", revision 46, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

"NBJ" = ""D:\PROGRAMY\NERO\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"]

"Windows update loader" = "C:\Windows\xpupdate.exe" [file not found]

"Skype" = ""D:\PROGRAMY\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"PrinTray" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe" ["Lexmark"]

"HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" ["HP"]

"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"DAEMON Tools-1033" = ""D:\PROGRAMY\daemon tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

"DAEMON Tools" = ""D:\PROGRAMY\daemon tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]

"HP Software Update" = "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [null data]

"DeviceDiscovery" = "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" ["Hewlett-Packard"]

"winupdates" = "C:\Program Files\winupdates\winupdates.exe /auto" [file not found]

"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]

"avast!" = "D:\PROGRAMY\AVASTA~1\ashDisp.exe" [null data]

"CloneCDTray" = ""D:\PROGRAMY\clone cd\CloneCD\CloneCDTray.exe" /s" ["SlySoft, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{02478D38-C3F9-4EFB-9B51-7695ECA05670}(Default) = (no title provided)

-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"

\InProcServer32(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" [file not found]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM...CLSID} = "AcroIEHlprObj Class"

\InProcServer32(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [file not found]

{37B85A21-692B-4205-9CAD-2626E4993404}(Default) = "My Global Search Bar BHO"

-> {HKLM...CLSID} = "My Global Search Bar BHO"

\InProcServer32(Default) = "C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" ["My Global Search"]

{53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "D:\PROGRAMY\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

\InProcServer32(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]


(Myszonus) #6

Log urwany. Czekaj na monit z programu. i wklj cały :wink:


(Lukaszek661) #7

ok

Złączono Posta : 24.08.2006 (Czw) 14:01

dobra czekam na ten log a tak nawiasem to do tego trybu awaryjnego jak sie startuje podczas stratu systemu trzeba caly czas f5 naciskac? bo nie jestem w tym za bardzo zorientowany :slight_smile:


(Myszonus) #8

Daj loga z SR - już widać że części plików nie ma.


(Lukaszek661) #9

"Silent Runners.vbs", revision 46, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

"NBJ" = ""D:\PROGRAMY\NERO\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"]

"Windows update loader" = "C:\Windows\xpupdate.exe" [file not found]

"Skype" = ""D:\PROGRAMY\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"PrinTray" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe" ["Lexmark"]

"HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" ["HP"]

"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"DAEMON Tools-1033" = ""D:\PROGRAMY\daemon tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

"DAEMON Tools" = ""D:\PROGRAMY\daemon tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]

"HP Software Update" = "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [null data]

"DeviceDiscovery" = "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" ["Hewlett-Packard"]

"winupdates" = "C:\Program Files\winupdates\winupdates.exe /auto" [file not found]

"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]

"avast!" = "D:\PROGRAMY\AVASTA~1\ashDisp.exe" [null data]

"CloneCDTray" = ""D:\PROGRAMY\clone cd\CloneCD\CloneCDTray.exe" /s" ["SlySoft, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{02478D38-C3F9-4EFB-9B51-7695ECA05670}(Default) = (no title provided)

-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"

\InProcServer32(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" [file not found]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM...CLSID} = "AcroIEHlprObj Class"

\InProcServer32(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [file not found]

{37B85A21-692B-4205-9CAD-2626E4993404}(Default) = "My Global Search Bar BHO"

-> {HKLM...CLSID} = "My Global Search Bar BHO"

\InProcServer32(Default) = "C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" ["My Global Search"]

{53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "D:\PROGRAMY\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

\InProcServer32(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "D:\PROGRAMY\winrar3.50\rarext.dll" [null data]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

-> {HKLM...CLSID} = "Desktop Explorer"

\InProcServer32(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

-> {HKLM...CLSID} = "Portable Media Devices"

\InProcServer32(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

-> {HKLM...CLSID} = "Portable Media Devices Menu"

\InProcServer32(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

-> {HKLM...CLSID} = "Microsoft Office Outlook"

\InProcServer32(Default) = "D:\PROGRAMY\MSOFFI~1\OFFICE11\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

\InProcServer32(Default) = "D:\PROGRAMY\MSOFFI~1\OFFICE11\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "D:\PROGRAMY\MS Office\OFFICE11\msohev.dll" [MS]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

\InProcServer32(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

\InProcServer32(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

\InProcServer32(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

-> {HKLM...CLSID} = "RealOne Player Context Menu Class"

\InProcServer32(Default) = "D:\PROGRAMY\Real Alternative\rpshell.dll" ["RealNetworks, Inc."]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

-> {HKLM...CLSID} = "avast"

\InProcServer32(Default) = "D:\PROGRAMY\avast antivirus\ashShell.dll" ["ALWIL Software"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! artm_newreg\DLLName = "C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\artm_new.dll" [null data]

HKLM\Software\Classes\PROTOCOLS\Filter\

INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

\InProcServer32(Default) = "D:\PROGRAMY\avast antivirus\ashShell.dll" ["ALWIL Software"]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "D:\PROGRAMY\winrar3.50\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "D:\PROGRAMY\winrar3.50\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

\InProcServer32(Default) = "D:\PROGRAMY\avast antivirus\ashShell.dll" ["ALWIL Software"]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "D:\PROGRAMY\winrar3.50\rarext.dll" [null data]

Active Desktop and Wallpaper:


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Idylla.bmp"

Enabled Screen Saver:


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\arctic.scr" [null data]

Startup items in "xxx" & "All Users" startup folders:


C:\Documents and Settings\xxx.XXX-XIM4COFCJ6X\Menu Start\Programy\Autostart

INFECTION WARNING! "PowerReg Scheduler.exe" [empty string]

Winsock2 Service Provider DLLs:


Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 24

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:


Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"

-> {HKLM...CLSID} = "&Yahoo! Toolbar"

\InProcServer32(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" [file not found]

"{37B85A29-692B-4205-9CAD-2626E4993404}"

-> {HKLM...CLSID} = "My Global Search Bar"

\InProcServer32(Default) = "C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" ["My Global Search"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)

-> {HKLM...CLSID} = "&Yahoo! Toolbar"

\InProcServer32(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" [file not found]

"{37B85A29-692B-4205-9CAD-2626E4993404}" = (no title provided)

-> {HKLM...CLSID} = "My Global Search Bar"

\InProcServer32(Default) = "C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" ["My Global Search"]

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\

{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = (no title provided)

-> {HKLM...CLSID} = "&Badanie"

\InProcServer32(Default) = "D:\PROGRAMY\MSOFFI~1\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"

-> {HKCU...CLSID} = "Java Plug-in"

\InProcServer32(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"

\InProcServer32(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Badanie"

Running Services (Display Name, Service Name, Path {Service DLL}):


avast! Antivirus, avast! Antivirus, ""D:\PROGRAMY\avast antivirus\ashServ.exe"" [null data]

avast! iAVS4 Control Service, aswUpdSv, ""D:\PROGRAMY\avast antivirus\aswUpdSv.exe"" [null data]

avast! Mail Scanner, avast! Mail Scanner, ""D:\PROGRAMY\avast antivirus\ashMaiSv.exe" /service" ["ALWIL Software"]

avast! Web Scanner, avast! Web Scanner, ""D:\PROGRAMY\avast antivirus\ashWebSv.exe" /service" ["ALWIL Software"]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]

Print Monitors:


HKLM\System\CurrentControlSet\Control\Print\Monitors\

hpzsnt08\Driver = "hpzsnt08.dll" ["HP"]

Lexmark InkJet Monitor\Driver = "LEXLELM.DLL" [null data]

Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


  • This report excludes default entries except where indicated.

  • To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

  • The search for DESKTOP.INI DLL launch points on all local fixed drives

took 245 seconds.

  • The search for all Registry CLSIDs containing dormant Explorer Bars

took 376 seconds.

---------- (total run time: 1565 seconds)

Złączono Posta : 24.08.2006 (Czw) 14:23

to log z Silent Runnersa

Złączono Posta : 24.08.2006 (Czw) 14:40

hej to jak?

ja teraz restartuje do trybu awaryjnego i robie tak jak powyzej mowiles


(Myszonus) #10

Zrób tak (wszystko oczywiście robisz w trybie awaryjnym z wyłączonym przywracaniem systemu).

C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL - folder na czerwono kasujesz z dysku.

PowerReg Scheduler.exe - też wywal.

Użyj programu Killbox. Uruchamiasz zaznaczasz Delete on reboot, w polu full path of file wklej ścieżkę :

C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\artm_new.dll

Klikasz X i reset kompa.

Otwórz notatnik i wklej :

Plik --> Zapisz jako --> Zmień rozszerzenie z TXT na Wszystkie pliki --> Zapisz pod nazwą FIX.REG i uruchom w trybie awaryjnym.

Daj nowe logi z Hijacka + Silent.


(Lukaszek661) #11

O4 - HKLM..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto

kazales mi to usunac ale nie moglem znalesc w hijacku i nie wiem mam recznie normalnie z dysku usunac?

Złączono Posta : 24.08.2006 (Czw) 16:14

nowe logi :

Logfile of HijackThis v1.99.1

Scan saved at 15:41:37, on 2006-08-24

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

D:\PROGRAMY\daemon tools\daemon.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

D:\PROGRAMY\AVASTA~1\ashDisp.exe

D:\PROGRAMY\clone cd\CloneCD\CloneCDTray.exe

C:\Program Files\Messenger\msmsgs.exe

D:\PROGRAMY\avast antivirus\aswUpdSv.exe

D:\PROGRAMY\avast antivirus\ashServ.exe

C:\WINDOWS\System32\nvsvc32.exe

D:\PROGRAMY\avast antivirus\ashMaiSv.exe

D:\PROGRAMY\avast antivirus\ashWebSv.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\wuauclt.exe

D:\PROGRAMY\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRAMY\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)

O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [DAEMON Tools-1033] "D:\PROGRAMY\daemon tools\daemon.exe" -lang 1033

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM..\Run: [DAEMON Tools] "D:\PROGRAMY\daemon tools\daemon.exe" -lang 1033

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

O4 - HKLM..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM..\Run: [avast!] D:\PROGRAMY\AVASTA~1\ashDisp.exe

O4 - HKLM..\Run: [CloneCDTray] "D:\PROGRAMY\clone cd\CloneCD\CloneCDTray.exe" /s

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU..\Run: [NBJ] "D:\PROGRAMY\NERO\Nero BackItUp\NBJ.exe"

O4 - HKCU..\Run: [Windows update loader] C:\Windows\xpupdate.exe

O4 - HKCU..\Run: [skype] "D:\PROGRAMY\Phone\Skype.exe" /nosplash /minimized

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRAMY\MSOFFI~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRAMY\MSOFFI~1\OFFICE11\REFIEBAR.DLL

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O17 - HKLM\System\CCS\Services\Tcpip..{F2400962-3C4A-47DC-9BE1-6120FF04E38B}: NameServer = 194.204.159.1

O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\artm_new.dll (file missing)

O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - (no file)

O23 - Service: ArcaBit NetMonitor (ABNetMon) - Unknown owner - D:\Programy\antywirus\Bin\NetMonSv.exe (file missing)

O23 - Service: ArcaVir Monitor (ArcaMonSvc) - Unknown owner - D:\PROGRAMY\arcavir\Bin\avmonsv.exe (file missing)

O23 - Service: arcaserv - Unknown owner - D:\Programy\antywirus\bin\arcaserv.exe (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\PROGRAMY\avast antivirus\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - D:\PROGRAMY\avast antivirus\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - D:\PROGRAMY\avast antivirus\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - D:\PROGRAMY\avast antivirus\ashWebSv.exe" /service (file missing)

O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\XXX~1.XXX\USTAWI~1\Temp\hpdj.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Złączono Posta : 24.08.2006 (Czw) 16:15

"Silent Runners.vbs", revision 46, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

"NBJ" = ""D:\PROGRAMY\NERO\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"]

"Windows update loader" = "C:\Windows\xpupdate.exe" [file not found]

"Skype" = ""D:\PROGRAMY\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"PrinTray" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe" ["Lexmark"]

"HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" ["HP"]

"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"DAEMON Tools-1033" = ""D:\PROGRAMY\daemon tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

"DAEMON Tools" = ""D:\PROGRAMY\daemon tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]

"HP Software Update" = "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [null data]

"DeviceDiscovery" = "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" ["Hewlett-Packard"]

"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]

"avast!" = "D:\PROGRAMY\AVASTA~1\ashDisp.exe" [null data]

"CloneCDTray" = ""D:\PROGRAMY\clone cd\CloneCD\CloneCDTray.exe" /s" ["SlySoft, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{02478D38-C3F9-4EFB-9B51-7695ECA05670}(Default) = (no title provided)

-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"

\InProcServer32(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" [file not found]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM...CLSID} = "AcroIEHlprObj Class"

\InProcServer32(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [file not found]

{37B85A21-692B-4205-9CAD-2626E4993404}(Default) = "My Global Search Bar BHO"

-> {HKLM...CLSID} = "My Global Search Bar BHO"

\InProcServer32(Default) = "C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" [file not found]

{53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "D:\PROGRAMY\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

\InProcServer32(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "D:\PROGRAMY\winrar3.50\rarext.dll" [null data]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

-> {HKLM...CLSID} = "Desktop Explorer"

\InProcServer32(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

-> {HKLM...CLSID} = "Portable Media Devices"

\InProcServer32(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

-> {HKLM...CLSID} = "Portable Media Devices Menu"

\InProcServer32(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

-> {HKLM...CLSID} = "Microsoft Office Outlook"

\InProcServer32(Default) = "D:\PROGRAMY\MSOFFI~1\OFFICE11\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

\InProcServer32(Default) = "D:\PROGRAMY\MSOFFI~1\OFFICE11\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "D:\PROGRAMY\MS Office\OFFICE11\msohev.dll" [MS]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

\InProcServer32(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

\InProcServer32(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

\InProcServer32(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

-> {HKLM...CLSID} = "RealOne Player Context Menu Class"

\InProcServer32(Default) = "D:\PROGRAMY\Real Alternative\rpshell.dll" ["RealNetworks, Inc."]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

-> {HKLM...CLSID} = "avast"

\InProcServer32(Default) = "D:\PROGRAMY\avast antivirus\ashShell.dll" ["ALWIL Software"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! artm_newreg\DLLName = "C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\artm_new.dll" [file not found]

HKLM\Software\Classes\PROTOCOLS\Filter\

INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

\InProcServer32(Default) = "D:\PROGRAMY\avast antivirus\ashShell.dll" ["ALWIL Software"]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "D:\PROGRAMY\winrar3.50\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "D:\PROGRAMY\winrar3.50\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

\InProcServer32(Default) = "D:\PROGRAMY\avast antivirus\ashShell.dll" ["ALWIL Software"]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "D:\PROGRAMY\winrar3.50\rarext.dll" [null data]

Active Desktop and Wallpaper:


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Idylla.bmp"

Enabled Screen Saver:


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\arctic.scr" [null data]

Winsock2 Service Provider DLLs:


Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 24

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:


Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"

-> {HKLM...CLSID} = "&Yahoo! Toolbar"

\InProcServer32(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" [file not found]

"{37B85A29-692B-4205-9CAD-2626E4993404}"

-> {HKLM...CLSID} = "My Global Search Bar"

\InProcServer32(Default) = "C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" [file not found]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)

-> {HKLM...CLSID} = "&Yahoo! Toolbar"

\InProcServer32(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" [file not found]

"{37B85A29-692B-4205-9CAD-2626E4993404}" = (no title provided)

-> {HKLM...CLSID} = "My Global Search Bar"

\InProcServer32(Default) = "C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" [file not found]

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\

{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = (no title provided)

-> {HKLM...CLSID} = "&Badanie"

\InProcServer32(Default) = "D:\PROGRAMY\MSOFFI~1\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"

-> {HKCU...CLSID} = "Java Plug-in"

\InProcServer32(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"

\InProcServer32(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Badanie"

Running Services (Display Name, Service Name, Path {Service DLL}):


avast! Antivirus, avast! Antivirus, ""D:\PROGRAMY\avast antivirus\ashServ.exe"" [null data]

avast! iAVS4 Control Service, aswUpdSv, ""D:\PROGRAMY\avast antivirus\aswUpdSv.exe"" [null data]

avast! Mail Scanner, avast! Mail Scanner, ""D:\PROGRAMY\avast antivirus\ashMaiSv.exe" /service" ["ALWIL Software"]

avast! Web Scanner, avast! Web Scanner, ""D:\PROGRAMY\avast antivirus\ashWebSv.exe" /service" ["ALWIL Software"]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]

Print Monitors:


HKLM\System\CurrentControlSet\Control\Print\Monitors\

hpzsnt08\Driver = "hpzsnt08.dll" ["HP"]

Lexmark InkJet Monitor\Driver = "LEXLELM.DLL" [null data]

Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


  • This report excludes default entries except where indicated.

  • To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

  • The search for DESKTOP.INI DLL launch points on all local fixed drives

took 324 seconds.

  • The search for all Registry CLSIDs containing dormant Explorer Bars

took 419 seconds.

---------- (total run time: 1699 seconds)


(Myszonus) #12

Kasujesz Hijackiem :

Otwórz notatnik i wklej :

Plik --> Zapisz jako --> Zmień rozszerzenie z TXT na Wszystkie pliki --> Zapisz pod nazwą FIX.REG i uruchom w trybie awaryjnym.