Witam,

Przed jak i po formatowaniu długo Mi się włącza system :?

Log z Hjack:

Logfile of HijackThis v1.99.1

Scan saved at 15:16:41, on 2007-03-05

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

C:\PROGRA~1\McAfee\MSC\mclogsrv.exe

C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VirusScan\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

C:\PROGRA~1\McAfee\VirusScan\mcshield.exe

C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe

C:\PROGRA~1\McAfee\MSC\mctskshd.exe

C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\PROGRA~1\McAfee\MPS\mps.exe

C:\Program Files\McAfee\MPS\mpsevh.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\McAfee\MSK\MskAgent.exe

C:\WINDOWS\system32\ctfmon.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Opera\Opera.exe

C:\WINDOWS\System32\CScript.exe

D:\Inne\Inne\Programy\Do windowsa xp\Inne\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: IDA Bar - {C70E30C7-140A-4166-A2E8-43557E62B41A} - C:\Program Files\IDA\idabar.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm

O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm

O8 - Extra context menu item: Dołącz do istniejącego pliku PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Konwertuj do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Konwertuj miejsce docelowe łącza do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Konwertuj miejsce docelowe łącza do istniejącego pliku PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Konwertuj wybrane łącza do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Konwertuj wybrane łącza do istniejącego pliku PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Konwertuj zaznaczenie do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Konwertuj zaznaczenie do istniejącego pliku PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe

O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [INTERNATIONAL] International*

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe

O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe

O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe

O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"MskAgentexe" = "C:\Program Files\McAfee\MSK\MskAgent.exe" ["McAfee Inc."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{2A646672-9C3A-4C28-9A7A-1FB0F63F28B6}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "IE 4.x-6.x BHO for Internet Download Accelerator"

                   \InProcServer32\(Default) = "C:\PROGRA~1\IDA\idaiehlp.dll" ["WestByte"]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\(Default) = "scriptproxy"

  -> {HKLM...CLSID} = "scriptproxy"

                   \InProcServer32\(Default) = "c:\program files\mcafee\virusscan\scriptcl.dll" ["McAfee, Inc."]

{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "Adobe PDF Conversion Toolbar Helper"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53}\(Default) = "McAfee Popup Blocker"

  -> {HKLM...CLSID} = "CPub Object"

                   \InProcServer32\(Default) = "c:\program files\mcafee\mps\mcpopup.dll" ["McAfee, Inc."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{CC1E0C36-712E-46CE-A390-1F66F5094335}" = "BurstCopy"

  -> {HKLM...CLSID} = "BurstCopy"

                   \InProcServer32\(Default) = "C:\Program Files\BurstCopy\bcsh.dll" ["BurstCopy Labs"]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

  -> {HKLM...CLSID} = "DesktopContext Class"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

  -> {HKLM...CLSID} = "Outlook File Icon Extension"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

  -> {HKLM...CLSID} = "Microsoft Office Outlook"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS]

"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"

  -> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]

"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"

  -> {HKLM...CLSID} = "Microsoft Office Metadata Handler"

                   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"

  -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"

                   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"

  -> {HKLM...CLSID} = "Acrobat Elements Context Menu"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

  -> {HKLM...CLSID} = "NVIDIA CPL Extension"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

  -> {HKLM...CLSID} = "Desktop Explorer"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

  -> {HKLM...CLSID} = "nView Desktop Context Menu"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.1.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.1.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.1.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.1.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]


HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

  -> {HKLM...CLSID} = "WPDShServiceObj Class"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]


HKLM\System\CurrentControlSet\Control\Session Manager\

<> "BootExecute" = "autocheck autochk *"|"smrgdf C:\Documents and Settings\Administrator\Dane aplikacji\iolo\" [null data]



HKLM\Software\Classes\PROTOCOLS\Filter\

<> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"

  -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"

                   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]


HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.1.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

  -> {HKLM...CLSID} = "PDF Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"

  -> {HKLM...CLSID} = "Acrobat Elements Context Menu"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]

MCVSRIGHTCLICKSCANNER\(Default) = "{162EFDC5-2957-465D-887B-590AF4A7E84D}"

  -> {HKLM...CLSID} = "McVSRightclickScanner Class"

                   \InProcServer32\(Default) = "C:\Program Files\McAfee\VirusScan\mcodsax.dll" ["McAfee, Inc."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"

  -> {HKLM...CLSID} = "Acrobat Elements Context Menu"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]

BurstCopy\(Default) = "{CC1E0C36-712E-46CE-A390-1F66F5094335}"

  -> {HKLM...CLSID} = "BurstCopy"

                   \InProcServer32\(Default) = "C:\Program Files\BurstCopy\bcsh.dll" ["BurstCopy Labs"]

MCVSRIGHTCLICKSCANNER\(Default) = "{162EFDC5-2957-465D-887B-590AF4A7E84D}"

  -> {HKLM...CLSID} = "McVSRightclickScanner Class"

                   \InProcServer32\(Default) = "C:\Program Files\McAfee\VirusScan\mcodsax.dll" ["McAfee, Inc."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



Default executables:

--------------------


<> HKLM\Software\Classes\htafile\shell\open\command\(Default) = "NOTEPAD.EXE %1" [MS]


<> HKLM\Software\Classes\scrfile\shell\open\command\(Default) = "NOTEPAD.EXE %1" [MS]



Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------


Note: detected settings may not have any effect.


HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\


"ForceClassicControlPanel" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"NoSMConfigurePrograms" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoLowDiskSpaceChecks" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoChangeKeyboardNavigationIndicators" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"ClassicShell" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Windows Components|Windows Explorer|

Enable Classic Shell / Turn on Classic Shell}


"NoSharedDocuments" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Windows Components|Windows Explorer|

Remove Shared Documents from My Computer}


"NoRecentDocsMenu" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"MemCheckBoxInRunDlg" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"NoStrCmpLogical" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"NoControlPanel" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoActiveDesktopChanges" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop|

Prohibit changes}


"NoRecentDocsHistory" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"ClearRecentDocsOnExit" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"NoSMHelp" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Start Menu and Taskbar|

Remove Help menu from Start Menu}


"NoInternetIcon" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoDesktop" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoFavoritesMenu" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Start Menu and Taskbar|

Remove Favorites menu from Start Menu}


"NoLogOff" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|System|Logon/Logoff|

Disable Logoff}


"NoInstrumentation" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoRun" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoStartBanner" = (REG_BINARY) hex:01 00 00 00

{Remove "Click here to begin" from Start button}


"NoFileUrl" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoSimpleStartMenu" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoStartMenuMFUprogramsList" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoStartMenuMorePrograms" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Start Menu and Taskbar|

Remove All Programs list from the Start menu}


"NoDFSTab" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoSecurityTab" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Windows Components|Windows Explorer|

Remove Security tab}


"NoHardwareTab" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoResolveSearch" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoTrayContextMenu" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"LockTaskbar" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoTrayItemsDisplay" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Start Menu and Taskbar|

Hide the notification area}


"NoToolbarsOnTaskbar" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoResolveTrack" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"NoWindowsUpdate" = (REG_DWORD) hex:0x00000001

{User Configuration|Administrative Templates|Start Menu and Taskbar|

Remove links and access to Windows Update}


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\


"NoRemoteRecursiveEvents" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"ClassicShell" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoChangeAnimation" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoStrCmpLogical" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"NoLowDiskSpaceChecks" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoChangeKeyboardNavigationIndicators" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoSMConfigurePrograms" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoSharedDocuments" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoTrayContextMenu" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"LockTaskbar" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoTrayItemsDisplay" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoUserNameInStartMenu" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoSetTaskbar" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoStartMenuEjectPC" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"StartMenuLogoff" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"ForceStartMenuLogoff" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoRecentDocsNetHood" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoStartMenuNetworkPlaces" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoNetworkConnections" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"DisablePersonalDirChange" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"DisableMyPicturesDirChange" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"DisableMyMusicDirChange" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"DisableFavoritesDirChange" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoSMMyDocs" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoWindowsUpdate" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"GreyMSIAds" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoStartMenuPinnedList" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoPropertiesRecycleBin" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoLowDiscSpaceChecks" = (REG_BINARY) hex:00 00 00 00 00 00 F0 3F

{unrecognized setting}


HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"NoVisualStyleChoice" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoColorChoice" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoSizeChoice" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"DisableRegistryTools" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|System|

Prevent access to registry editing tools}


"NoSecCPL" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoConfigPage" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoVirtMemPage" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoDevMgrPage" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"DisableLockWorkstation" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoCommonGroups" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


HKCU\Software\Policies\Microsoft\Windows\Task Scheduler5.0\


"Disable Advanced" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"Allow Browse" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


HKLM\Software\Policies\Microsoft\Windows\Task Scheduler5.0\


"DragAndDrop" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}


"NoInternetOpenWith" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"RunStartupScriptSync" = (REG_DWORD) hex:0x00000001

{unrecognized setting}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]



Enabled Scheduled Tasks:

------------------------


"McDefragTask" -> launches: "c:\program files\mcafee\mqc\QcConsol.exe "C:\WINDOWS\system32\defrag.exe" C: -f" ["McAfee, Inc."]

"McQcTask" -> launches: "c:\program files\mcafee\mqc\QcConsol.exe 14 0" ["McAfee, Inc."]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"

  -> {HKLM...CLSID} = "Adobe PDF"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

"{C70E30C7-140A-4166-A2E8-43557E62B41A}"

  -> {HKLM...CLSID} = "IDA Bar"

                   \InProcServer32\(Default) = "C:\Program Files\IDA\idabar.dll" ["2VG Group"]


HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)

  -> {HKLM...CLSID} = "Adobe PDF"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

"{C70E30C7-140A-4166-A2E8-43557E62B41A}" = "IDA Bar"

  -> {HKLM...CLSID} = "IDA Bar"

                   \InProcServer32\(Default) = "C:\Program Files\IDA\idabar.dll" ["2VG Group"]


Explorer Bars


HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "Adobe PDF"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]


HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{2670000A-7350-4F3C-8081-5663EE0C6C49}\

"ButtonText" = "Wyślij do programu OneNote"

"MenuText" = "Wyślij &do programu OneNote"

"CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"

  -> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll" [MS]


{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Research"


{9819CC0E-9669-4D01-9CD7-2C66DA43AC6C}\

"ButtonText" = "Internet Download Accelerator"

"MenuText" = "&Internet Download Accelerator"

"Exec" = "C:\Program Files\IDA\ida.exe" ["WestByte"]


{E2E2DD38-D088-4134-82B7-F2BA38496583}\

"MenuText" = "@xpsp3res.dll,-20001"

"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


McAfee HackerWatch Service, McAfee HackerWatch Service, ""C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe"" ["McAfee, Inc."]

McAfee Log Manager, McLogManagerService, "C:\PROGRA~1\McAfee\MSC\mclogsrv.exe" ["McAfee, Inc."]

McAfee Network Agent, McNASvc, ""c:\program files\common files\mcafee\mna\mcnasvc.exe"" ["McAfee, Inc."]

McAfee Personal Firewall Service, MpfService, ""C:\Program Files\McAfee\MPF\MPFSrv.exe"" ["McAfee, Inc."]

McAfee Privacy Service, MPS9, "C:\PROGRA~1\McAfee\MPS\mps.exe" ["McAfee, Inc."]

McAfee Protection Manager, mcpromgr, "C:\PROGRA~1\McAfee\MSC\mcpromgr.exe" ["McAfee, Inc."]

McAfee Proxy Service, McProxy, "c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe" ["McAfee, Inc."]

McAfee Real-time Scanner, McShield, "C:\PROGRA~1\McAfee\VirusScan\mcshield.exe" ["McAfee, Inc."]

McAfee Redirector Service, McRedirector, "c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe" ["McAfee, Inc."]

McAfee Scanner, McODS, "C:\PROGRA~1\McAfee\VirusScan\mcods.exe" ["McAfee, Inc."]

McAfee SpamKiller Service, MSK80Service, ""C:\Program Files\McAfee\MSK\MskSrver.exe"" ["McAfee Inc."]

McAfee SystemGuards, McSysmon, "C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe" ["McAfee, Inc."]

McAfee Task Scheduler, mctskshd.exe, "C:\PROGRA~1\McAfee\MSC\mctskshd.exe" ["McAfee, Inc."]

McAfee Update Manager, mcmispupdmgr, "C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe" ["McAfee, Inc."]

McAfee User Manager, mcusrmgr, "C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe" ["McAfee, Inc."]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."]

Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]



----------

<>: Suspicious data at a malware launch point.


+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points, use the -supp parameter or answer "No" at the

  first message box and "Yes" at the second message box.

---------- (total run time: 101 seconds)

usuń wpis HJT

Użyj UnHookExec.inf - który odblokuje uruchamianie exe. Po ściągnięciu pliku UnHookExec.inf na dysk należy kliknąć na niego prawym i wybrać opcję Instaluj. Nic się nie pokaże bo to nie jest żadna instalacja.

Optymalizacja XP: http://forum.dobreprogramy.pl/viewtopic.php?t=76580

Oki…

Wstawiam tylko log z Hjack, bo z siliena nie mogę zrobić(brak reakcji) i nie mogę usunąć pozostałości po McAfee:

Usuń wpis HJT.

Czy sam ustawiałeś te restrykcje? Jeśli nie to usuń te wpisy.

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.BAT i uruchom go w trybie awaryjnym.

Usuń wpisy HJT jeśli będą.

Co to znaczy ??

Zajrzyj tutaj.

Chciałem uruchomić system w trybie awaryjnym, ale nie mogę, bo czekam i czekam i nie mogę się doczekać(bo ciągle stoji w jednym miejscu-miganie białej kreski)

W takim razie uruchom plik FIX.BAT będąc w trybie normalnym.

Zrobiłem to co pisałeś, ale został jescze 1. wpis(zaznaczyłem go na czerwono)

Start => uruchom => wpisz cmd i kliknij OK => w konsoli, która się otworzy wpisz:

@adam9870: wyskakuje Mi ciągle odmowa dostępu :evil:

Start >>> Uruchom >>> services.msc >>> zatrzymaj i wyłącz McAfee Real-time Scanner

@Gutek2222: uruchamiam i wyskakuje mi komunikat, że nie może uruchomić usługi:

mmc.exe

Co mam zrobić ??

Widziałem podobny problem na forum SE.

1. Wyświetl konsolę MMC Zasady grupy domeny.

2. Otwórz folder Konfiguracja użytkownika, otwórz zasadę Ustawienia systemu Windows - konserwacja programu Internet Explorer, włącz tryb Preferencje, a następnie kliknij przycisk Zaawansowane.

3. Kliknij pozycję Ustawienia firmowe albo Ustawienia internetowe.

Jakie masz kodeki?

Możliwe, bo tam podobny topik założyłem :-o

Chyba przez Macio117

Gdzie ta konsola, bo jeszcze tego nie robiłem :oops:

PS.

Napotkałem kolejny problem…

Chodzi o to jak włączę IE7 i klikne w jakiś guzik to Mi on się wyłącza :evil:

Start -> uruchom -> wpisz polecenie mmc lub gpedit.msc i kliknij OK

Możesz zajrzeć tutaj:

http://wss.pl/Articles/79.aspx

Podczas wpisania mmc ukazuje się coś takiego:

Tworzę, ale Mi i tak się resetuje(wcześniej zapisywałem) :o