platek91
(Platek91)
22 Wrzesień 2006 17:20
#1
witam.
dzis sciagnelem cos przez emule i wlaczylem, wszystko bylo w porzadku. potem najechalem myszką na ikonke Avasta, komp nagle sie zresetował, a z avasta usunelo jakies pliki i wogle nie chodzil. sprobowalem go ponownie zainstalowac, ale po ponownej instalacji bylo dokladnie to samo (!). po ktorejs tam probie instalacji, wlaczylem folder gdzie instalowalem avasta, i zobaczylem, ze odrazu po instalacji usuwają sie niektore pliki m.in.ashAvast.exe . probowalem instalowac inne antywiry np. kaspersky ale efekt ten sam.
hijackThis takie cuś mi pokazał:
Logfile of HijackThis v1.99.1 Scan saved at 19:10:10, on 2006-09-22 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\Explorer.EXE C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe C:\PROGRA~1\NEOSTR~1\ComComp.exe C:\PROGRA~1\NEOSTR~1\Watch.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\regedit.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\ZBIGNI~1\USTAWI~1\Temp\Rar$EX05.563\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sunmoviespage.com/%20to%20ve … %20age,%20 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL F2 - REG:system.ini: Shell=explorer.exe ,svchost.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Zango Search Assistant Helper /fleok=1D8A83A5C3E0127998AF75760EA83FA5EF80752B94E3D6785A7A412D3CC7 - {56F1D444-11BF-4879-A12B-79CF0177F038} - c:\program files\zango\zangohook.dll O2 - BHO: Mario Forever Toolbar Helper - {8036D4D7-AAD3-4793-AB49-329E437155A8} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll O2 - BHO: żĄĆÄ˝ş ĹřąŮ(&E) - {EE1CA629-7527-4DB3-B9AD-CEF19CDA122B} - C:\Program Files\Empas\Empas Toolbar\empastool1.dll O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: żĄĆÄ˝ş ĹřąŮ(&E) - {EE1CA629-7527-4DB3-B9AD-CEF19CDA122B} - C:\Program Files\Empas\Empas Toolbar\empastool1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Ściągnij przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Wyslij SMS’a - {215940F1-E7E0-4801-BEE3-44D045534106} - C:\Program Files\Common Files\moje.js O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} - http://www.clickteam.com/vitalize3/vitalize.cab O17 - HKLM\System\CCS\Services\Tcpip…{30B5F85A-7D73-48BC-BDE2-77187F878AE8}: NameServer = 194.204.152.34 217.98.63.164 O17 - HKLM\System\CS3\Services\Tcpip…{30B5F85A-7D73-48BC-BDE2-77187F878AE8}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe
Bardzo prosze o szybką pomoc, bo korzystanie z netu bez antywira to samobójstwo . Pozdrawiam.
Bieniol
(Bbieniol)
22 Wrzesień 2006 18:16
#2
Start --> uruchom --> services.msc --> zatrzymaj i wyłącz usługe Windows Log
W trybie awaryjnym z wyłączonym przywracaniem systemu usuwasz (wpisy Hijackiem, pliki/foldery na czerwono ręcznie z dysku):
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sunmoviespage.com/%20to%20ve … your%20age,%2 F2 - REG:system.ini: Shell=explorer.exe ,svchost.exe O2 - BHO: Zango Search Assistant Helper /fleok=1D8A83A5C3E0127998AF75760EA83FA5EF80752B94E3D6785A7A412D3CC7 - {56F1D444-11BF-4879-A12B-79CF0177F038} - c:\program files\zango\zangohook.dll O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe
Po zabiegach nowy log z Hijacka + log z Silent Runners
platek91
(Platek91)
22 Wrzesień 2006 19:34
#3
zrobilem podane czynnosci ale bez wlaczania trybu awaryjnege, bo nei chodzi (przy wlaczaniu kompa, f8 wciskalem, i wybralem tryb awaryjny, potem chwile cos ladowal i resetowal sie). mozesz mi napisac, w jaki inny sposob mozna wlaczyc tryb awaryjny z wyłączonym przywracaniem systemu?
Po usunieciu podanych wpisow i plików sytuacja jest taka sama, antywiry nie chodzą dalej
logi:
Logfile of HijackThis v1.99.1 Scan saved at 21:30:07, on 2006-09-22 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\ZBIGNI~1\USTAWI~1\Temp\Rar$EX00.078\HijackThis.exe C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe C:\PROGRA~1\NEOSTR~1\ComComp.exe C:\PROGRA~1\NEOSTR~1\Watch.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\ZBIGNI~1\USTAWI~1\Temp\Rar$EX00.953\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Mario Forever Toolbar Helper - {8036D4D7-AAD3-4793-AB49-329E437155A8} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll O2 - BHO: żĄĆÄ˝ş ĹřąŮ(&E) - {EE1CA629-7527-4DB3-B9AD-CEF19CDA122B} - C:\Program Files\Empas\Empas Toolbar\empastool1.dll O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: żĄĆÄ˝ş ĹřąŮ(&E) - {EE1CA629-7527-4DB3-B9AD-CEF19CDA122B} - C:\Program Files\Empas\Empas Toolbar\empastool1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Ściągnij przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Wyslij SMS’a - {215940F1-E7E0-4801-BEE3-44D045534106} - C:\Program Files\Common Files\moje.js O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} - http://www.clickteam.com/vitalize3/vitalize.cab O17 - HKLM\System\CCS\Services\Tcpip…{30B5F85A-7D73-48BC-BDE2-77187F878AE8}: NameServer = 194.204.152.34 217.98.63.164 O17 - HKLM\System\CS3\Services\Tcpip…{30B5F85A-7D73-48BC-BDE2-77187F878AE8}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing) O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
“Silent Runners.vbs”, revision 48, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “ctfmon.exe” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “Steam” = (empty string) “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu Sp. z oo”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “WOOWATCH” = “C:\PROGRA~1\NEOSTR~1\Watch.exe” [“France Télécom R&D”] “WOOTASKBARICON” = “C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [“France Télécom R&D”] “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {02478D38-C3F9-4EFB-9B51-7695ECA05670}(Default) = (no title provided) -> {HKLM…CLSID} = “Yahoo! Toolbar Helper” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {8036D4D7-AAD3-4793-AB49-329E437155A8}(Default) = (no title provided) -> {HKLM…CLSID} = “Mario Forever Toolbar Helper” \InProcServer32(Default) = “C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll” [null data] {EE1CA629-7527-4DB3-B9AD-CEF19CDA122B}(Default) = (no title provided) -> {HKLM…CLSID} = “żĄĆÄ˝ş ĹřąŮ(&E)” \InProcServer32(Default) = “C:\Program Files\Empas\Empas Toolbar\empastool1.dll” ["(*)***" (unwritable string)] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{70B28949-EC23-4D00-A411-AD8A1B3A8A5A}” = “awxDTools - ShellExtension” -> {HKLM…CLSID} = “awxDTShlExt Class” \InProcServer32(Default) = “C:\Program Files\arniWORX\awxDTools\awxDTools.dll” [“arniWORX”] “{7A5117B0-B594-4DA8-829D-D15BF11996F2}” = “awxDTools - ColumnHandler” -> {HKLM…CLSID} = “awxDTColumnHandler Class” \InProcServer32(Default) = “C:\Program Files\arniWORX\awxDTools\awxDTools.dll” [“arniWORX”] “{640167b4-59b0-47a6-b335-a6b3c0695aea}” = “Portable Media Devices” -> {HKLM…CLSID} = “Portable Media Devices” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “F:\PROGRA~2\OFFICE11\MLSHEXT.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “F:\PROGRA~2\OFFICE11\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “F:\Program Ofica\OFFICE11\msohev.dll” [MS] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] “{21569614-B795-46b1-85F4-E737A8DC09AD}” = “Shell Search Band” -> {HKLM…CLSID} = “Shell Search Band” \InProcServer32(Default) = “C:\WINDOWS\system32\browseui.dll” [MS] “{2F860D81-AF3C-11D4-BDB3-00E0987D8540}” = “UltimateZip Shell Extension” -> {HKLM…CLSID} = “UltimateZip Shell Extension 1” \InProcServer32(Default) = “C:\PROGRA~1\ULTIMA~1.7\uzshlex.dll” [null data] “{2F860D82-AF3C-11D4-BDB3-00E0987D8540}” = “UltimateZip Drag Drop Handler” -> {HKLM…CLSID} = “UltimateZip Drag Drop Handler” \InProcServer32(Default) = “C:\PROGRA~1\ULTIMA~1.7\uzshldr.dll” [null data] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” -> {HKLM…CLSID} = “RealOne Player Context Menu Class” \InProcServer32(Default) = “C:\Program Files\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”] “{5E2121EE-0300-11D4-8D3B-444553540000}” = “Catalyst Context Menu extension” -> {HKLM…CLSID} = “SimpleShlExt Class” \InProcServer32(Default) = “C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll” [empty string] “{e82a2d71-5b2f-43a0-97b8-81be15854de8}” = “ShellLink for Application References” -> {HKLM…CLSID} = “ShellLink for Application References” \InProcServer32(Default) = “C:\WINDOWS\system32\dfshim.dll” [MS] “{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}” = “Shell Icon Handler for Application References” -> {HKLM…CLSID} = “Shell Icon Handler for Application References” \InProcServer32(Default) = “C:\WINDOWS\system32\dfshim.dll” [MS] HKLM\System\CurrentControlSet\Control\Session Manager\ INFECTION WARNING! “BootExecute” = “PDBoot.exe autocheck autochk *” [file not found], [file not found], [MS], [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7A5117B0-B594-4DA8-829D-D15BF11996F2}(Default) = “awxDTools - ColumnHandler” -> {HKLM…CLSID} = “awxDTColumnHandler Class” \InProcServer32(Default) = “C:\Program Files\arniWORX\awxDTools\awxDTools.dll” [“arniWORX”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Home Edition\shellex.dll” [“Kaspersky Lab”] UltimateZip(Default) = “{2F860D81-AF3C-11D4-BDB3-00E0987D8540}” -> {HKLM…CLSID} = “UltimateZip Shell Extension 1” \InProcServer32(Default) = “C:\PROGRA~1\ULTIMA~1.7\uzshlex.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Home Edition\shellex.dll” [“Kaspersky Lab”] UltimateZip(Default) = “{2F860D81-AF3C-11D4-BDB3-00E0987D8540}” -> {HKLM…CLSID} = “UltimateZip Shell Extension 1” \InProcServer32(Default) = “C:\PROGRA~1\ULTIMA~1.7\uzshlex.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Zbigniew Kujawiak\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\system32\logon.scr” [MS] Startup items in “Zbigniew Kujawiak” & “All Users” startup folders: ------------------------------------------------------------------- C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart “DSLMON” -> shortcut to: “C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W” [empty string] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 14 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ “{463DF6D5-BEC1-4D67-B217-59DB692DFC53}” -> {HKLM…CLSID} = “Mario Forever Toolbar” \InProcServer32(Default) = “C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll” [null data] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{463DF6D5-BEC1-4D67-B217-59DB692DFC53}” -> {HKLM…CLSID} = “Mario Forever Toolbar” \InProcServer32(Default) = “C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll” [null data] “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] “{EF99BD32-C1FB-11D2-892F-0090271D4F88}” -> {HKLM…CLSID} = “Yahoo! Toolbar” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”] “{EE1CA629-7527-4DB3-B9AD-CEF19CDA122B}” -> {HKLM…CLSID} = “żĄĆÄ˝ş ĹřąŮ(&E)” \InProcServer32(Default) = “C:\Program Files\Empas\Empas Toolbar\empastool1.dll” ["(*)***" (unwritable string)] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{463DF6D5-BEC1-4D67-B217-59DB692DFC53}” = “Mario Forever Toolbar” -> {HKLM…CLSID} = “Mario Forever Toolbar” \InProcServer32(Default) = “C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll” [null data] “{EF99BD32-C1FB-11D2-892F-0090271D4F88}” = (no title provided) -> {HKLM…CLSID} = “Yahoo! Toolbar” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”] “{EE1CA629-7527-4DB3-B9AD-CEF19CDA122B}” = (no title provided) -> {HKLM…CLSID} = “żĄĆÄ˝ş ĹřąŮ(&E)” \InProcServer32(Default) = “C:\Program Files\Empas\Empas Toolbar\empastool1.dll” ["(*)***" (unwritable string)] “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided) -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] “{E0E899AB-F487-11D5-8D29-0050BA6940E3}” = “FlashGet Bar” -> {HKLM…CLSID} = “FlashGet Bar” \InProcServer32(Default) = “C:\PROGRA~1\FlashGet\fgiebar.dll” [“Amaze Soft”] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {39C8D5A1-0DE2-476F-9254-998AE490F32F}(Default) = (no title provided) -> {HKLM…CLSID} = “żĄĆÄ˝ş ´ş˝ş ĽÓş¸” \InProcServer32(Default) = “C:\Program Files\Empas\Empas Toolbar\empastool1.dll” ["(*)***" (unwritable string)] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {215940F1-E7E0-4801-BEE3-44D045534106}\ “ButtonText” = “Wyslij SMS’a” “Script” = “C:\Program Files\Common Files\moje.js” [null data] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” {D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\ “ButtonText” = “FlashGet” “MenuText” = “&FlashGet” “Exec” = “C:\Program Files\FlashGet\flashget.exe” [“FlashGet.com ”] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ Missing lines (compared with English-language version): “{08C06D61-F1F3-4799-86F8-BE1A89362C85}” = (no title provided) -> {HKLM…CLSID} = “Search Class” \InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL” [empty string] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer “No” at the first message box. ---------- (total run time: 35 seconds, including 7 seconds for message boxes)
tą usługe co tam na poczatku wyłaczyc mialem, to ona juz byla wylaczona.
Bieniol
(Bbieniol)
22 Wrzesień 2006 19:38
#4
Kosmetycznie: Otwórz edytor rejestru Start >>> Uruchom >>> regedit i przejdź do klucza HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager
Tam kliknij podwójnie na wartość BootExecute i z okienka usuń wszystko z wyjątkiem autocheck autochk *
Odinstaluj avasta!, przeczyść rejestr (polecam do tego jv16 PowerTools 1.3.0.195 ), a następnie zainstaluj ponownie
platek91
(Platek91)
22 Wrzesień 2006 20:24
#5
niestety dalej jest tak jak było, nie ma zadnej zmiany . avast! dalej nie dziala.
znowu wrzuce logi, moze sie cuś zmieniło xD
Logfile of HijackThis v1.99.1 Scan saved at 22:20:01, on 2006-09-22 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\Explorer.EXE C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe C:\PROGRA~1\NEOSTR~1\ComComp.exe C:\PROGRA~1\NEOSTR~1\Watch.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\ZBIGNI~1\USTAWI~1\Temp\Rar$EX00.063\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Mario Forever Toolbar Helper - {8036D4D7-AAD3-4793-AB49-329E437155A8} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll O2 - BHO: żĄĆÄ˝ş ĹřąŮ(&E) - {EE1CA629-7527-4DB3-B9AD-CEF19CDA122B} - C:\Program Files\Empas\Empas Toolbar\empastool1.dll O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: żĄĆÄ˝ş ĹřąŮ(&E) - {EE1CA629-7527-4DB3-B9AD-CEF19CDA122B} - C:\Program Files\Empas\Empas Toolbar\empastool1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Ściągnij przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Wyslij SMS’a - {215940F1-E7E0-4801-BEE3-44D045534106} - C:\Program Files\Common Files\moje.js O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} - http://www.clickteam.com/vitalize3/vitalize.cab O17 - HKLM\System\CCS\Services\Tcpip…{30B5F85A-7D73-48BC-BDE2-77187F878AE8}: NameServer = 194.204.152.34 217.98.63.164 O17 - HKLM\System\CS3\Services\Tcpip…{30B5F85A-7D73-48BC-BDE2-77187F878AE8}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
“Silent Runners.vbs”, revision 48, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “ctfmon.exe” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “Steam” = (empty string) “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu Sp. z oo”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “WOOWATCH” = “C:\PROGRA~1\NEOSTR~1\Watch.exe” [“France Télécom R&D”] “WOOTASKBARICON” = “C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [“France Télécom R&D”] “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {02478D38-C3F9-4EFB-9B51-7695ECA05670}(Default) = (no title provided) -> {HKLM…CLSID} = “Yahoo! Toolbar Helper” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {8036D4D7-AAD3-4793-AB49-329E437155A8}(Default) = (no title provided) -> {HKLM…CLSID} = “Mario Forever Toolbar Helper” \InProcServer32(Default) = “C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll” [null data] {EE1CA629-7527-4DB3-B9AD-CEF19CDA122B}(Default) = (no title provided) -> {HKLM…CLSID} = “żĄĆÄ˝ş ĹřąŮ(&E)” \InProcServer32(Default) = “C:\Program Files\Empas\Empas Toolbar\empastool1.dll” ["(*)***" (unwritable string)] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{70B28949-EC23-4D00-A411-AD8A1B3A8A5A}” = “awxDTools - ShellExtension” -> {HKLM…CLSID} = “awxDTShlExt Class” \InProcServer32(Default) = “C:\Program Files\arniWORX\awxDTools\awxDTools.dll” [“arniWORX”] “{7A5117B0-B594-4DA8-829D-D15BF11996F2}” = “awxDTools - ColumnHandler” -> {HKLM…CLSID} = “awxDTColumnHandler Class” \InProcServer32(Default) = “C:\Program Files\arniWORX\awxDTools\awxDTools.dll” [“arniWORX”] “{640167b4-59b0-47a6-b335-a6b3c0695aea}” = “Portable Media Devices” -> {HKLM…CLSID} = “Portable Media Devices” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “F:\PROGRA~2\OFFICE11\MLSHEXT.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “F:\PROGRA~2\OFFICE11\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “F:\Program Ofica\OFFICE11\msohev.dll” [MS] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] “{21569614-B795-46b1-85F4-E737A8DC09AD}” = “Shell Search Band” -> {HKLM…CLSID} = “Shell Search Band” \InProcServer32(Default) = “C:\WINDOWS\system32\browseui.dll” [MS] “{2F860D81-AF3C-11D4-BDB3-00E0987D8540}” = “UltimateZip Shell Extension” -> {HKLM…CLSID} = “UltimateZip Shell Extension 1” \InProcServer32(Default) = “C:\PROGRA~1\ULTIMA~1.7\uzshlex.dll” [null data] “{2F860D82-AF3C-11D4-BDB3-00E0987D8540}” = “UltimateZip Drag Drop Handler” -> {HKLM…CLSID} = “UltimateZip Drag Drop Handler” \InProcServer32(Default) = “C:\PROGRA~1\ULTIMA~1.7\uzshldr.dll” [null data] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” -> {HKLM…CLSID} = “RealOne Player Context Menu Class” \InProcServer32(Default) = “C:\Program Files\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”] “{5E2121EE-0300-11D4-8D3B-444553540000}” = “Catalyst Context Menu extension” -> {HKLM…CLSID} = “SimpleShlExt Class” \InProcServer32(Default) = “C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll” [empty string] “{e82a2d71-5b2f-43a0-97b8-81be15854de8}” = “ShellLink for Application References” -> {HKLM…CLSID} = “ShellLink for Application References” \InProcServer32(Default) = “C:\WINDOWS\system32\dfshim.dll” [MS] “{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}” = “Shell Icon Handler for Application References” -> {HKLM…CLSID} = “Shell Icon Handler for Application References” \InProcServer32(Default) = “C:\WINDOWS\system32\dfshim.dll” [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7A5117B0-B594-4DA8-829D-D15BF11996F2}(Default) = “awxDTools - ColumnHandler” -> {HKLM…CLSID} = “awxDTColumnHandler Class” \InProcServer32(Default) = “C:\Program Files\arniWORX\awxDTools\awxDTools.dll” [“arniWORX”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Home Edition\shellex.dll” [“Kaspersky Lab”] UltimateZip(Default) = “{2F860D81-AF3C-11D4-BDB3-00E0987D8540}” -> {HKLM…CLSID} = “UltimateZip Shell Extension 1” \InProcServer32(Default) = “C:\PROGRA~1\ULTIMA~1.7\uzshlex.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Home Edition\shellex.dll” [“Kaspersky Lab”] UltimateZip(Default) = “{2F860D81-AF3C-11D4-BDB3-00E0987D8540}” -> {HKLM…CLSID} = “UltimateZip Shell Extension 1” \InProcServer32(Default) = “C:\PROGRA~1\ULTIMA~1.7\uzshlex.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Zbigniew Kujawiak\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\system32\logon.scr” [MS] Startup items in “Zbigniew Kujawiak” & “All Users” startup folders: ------------------------------------------------------------------- C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart “DSLMON” -> shortcut to: “C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W” [empty string] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 14 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ “{463DF6D5-BEC1-4D67-B217-59DB692DFC53}” -> {HKLM…CLSID} = “Mario Forever Toolbar” \InProcServer32(Default) = “C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll” [null data] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{463DF6D5-BEC1-4D67-B217-59DB692DFC53}” -> {HKLM…CLSID} = “Mario Forever Toolbar” \InProcServer32(Default) = “C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll” [null data] “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] “{EF99BD32-C1FB-11D2-892F-0090271D4F88}” -> {HKLM…CLSID} = “Yahoo! Toolbar” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”] “{EE1CA629-7527-4DB3-B9AD-CEF19CDA122B}” -> {HKLM…CLSID} = “żĄĆÄ˝ş ĹřąŮ(&E)” \InProcServer32(Default) = “C:\Program Files\Empas\Empas Toolbar\empastool1.dll” ["(*)***" (unwritable string)] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{463DF6D5-BEC1-4D67-B217-59DB692DFC53}” = “Mario Forever Toolbar” -> {HKLM…CLSID} = “Mario Forever Toolbar” \InProcServer32(Default) = “C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll” [null data] “{EF99BD32-C1FB-11D2-892F-0090271D4F88}” = (no title provided) -> {HKLM…CLSID} = “Yahoo! Toolbar” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”] “{EE1CA629-7527-4DB3-B9AD-CEF19CDA122B}” = (no title provided) -> {HKLM…CLSID} = “żĄĆÄ˝ş ĹřąŮ(&E)” \InProcServer32(Default) = “C:\Program Files\Empas\Empas Toolbar\empastool1.dll” ["(*)***" (unwritable string)] “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided) -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] “{E0E899AB-F487-11D5-8D29-0050BA6940E3}” = “FlashGet Bar” -> {HKLM…CLSID} = “FlashGet Bar” \InProcServer32(Default) = “C:\PROGRA~1\FlashGet\fgiebar.dll” [“Amaze Soft”] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {39C8D5A1-0DE2-476F-9254-998AE490F32F}(Default) = (no title provided) -> {HKLM…CLSID} = “żĄĆÄ˝ş ´ş˝ş ĽÓş¸” \InProcServer32(Default) = “C:\Program Files\Empas\Empas Toolbar\empastool1.dll” ["(*)***" (unwritable string)] Dormant Explorer Bars in “View, Explorer Bar” menu HKLM\Software\Classes\CLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = “ToolBand Class” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “F:\PROGRA~2\OFFICE11\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {215940F1-E7E0-4801-BEE3-44D045534106}\ “ButtonText” = “Wyslij SMS’a” “Script” = “C:\Program Files\Common Files\moje.js” [null data] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” {D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\ “ButtonText” = “FlashGet” “MenuText” = “&FlashGet” “Exec” = “C:\Program Files\FlashGet\flashget.exe” [“FlashGet.com ”] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ Missing lines (compared with English-language version): “{08C06D61-F1F3-4799-86F8-BE1A89362C85}” = (no title provided) -> {HKLM…CLSID} = “Search Class” \InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL” [empty string] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 219 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 21 seconds. ---------- (total run time: 270 seconds)
a więc, czy zostaje mi tylko ostatnie koło ratunkowe format c: ? ja bardzo tego nie chce bo mam wazne rzeczy na tym dysku itd. ale i tak mam nadzieje ze jeszcze cos mi doradzisz. pozdrawiam.
Bieniol
(Bbieniol)
22 Wrzesień 2006 20:27
#6
Znasz to?
Bo google nic na ten temat nie mówią :?
bodek32
(bodek32)
22 Wrzesień 2006 20:33
#7
Bieniol
(Bbieniol)
22 Wrzesień 2006 20:38
#8
W takim razie usuń hijackiem jeszcze ten wpis:
Czy dzieje się tak również z innymi antywirami?
platek91
(Platek91)
22 Wrzesień 2006 22:00
#9
probowalem tez kasperky i bylo tak, ze nie chcialy sie zainstalowac niektóre pliki.
co do empas, to mozliwe ze to jest wlasnie na te komary xD
usuniecie tego wpisu nic nie dało
wpisalem w google ashAvast.exe i kilka pierwszych wyników:
http://wirusy.antivirenkit.pl/pl/opis/T … le.er.html
http://wirusy.antivirenkit.pl/pl/opis/E … le.eh.html
mysle ze to wlasnie cos tego typu jest
http://www.wirusy.4un.pl/opis/?rec_limi … us_id=1251
o a to juz cos bardziej mi przypomina moją sytuacje, bo widzialem proces o podobnej nazwie (HLD costam costam chyba)
Bieniol
(Bbieniol)
22 Wrzesień 2006 22:04
#10
Wedle zaleceń na ostatniej stronie - użyj skanera ActiveScan
Przeskanuj również Kaspersky Online --> http://www.kaspersky.pl/virusscanner.html
platek91
(Platek91)
23 Wrzesień 2006 12:59
#11
przez noc skanowalem ActiveScanem, i wyszlo ze mam 12 wirusów, 100ileśtam (
teraz spróbuje kasperskym. pozdrawiam.
sciagam tez jakis antywirus o nazwie Comodo. moze nie bedzie blokowany przez tego zaje@@@ego wriusa.
Złączono Posta : 23.09.2006 (Sob) 16:55
niestety comodo tez nie dziala tzn. On-acess scaner nie trybi
i teraz to juz wogle dupa, bo znowu mi jakies spyware weszly i jakies okna co 5 minut sie otwierają.
scanowaelm kasperskym online, i jak byly juz 3 procent to mi sie komp zawiesił.
pozdrawiam
platek91
(Platek91)
24 Wrzesień 2006 01:32
#13
witam, ewido da sie uruchomic ale aktywny skaner nie dziala, nie da sie tez uptadeowac. ale odkrylem wazną zecz. wirus nie usuwa tych plików od antywirusów itp., tylko przenosi je do takiego foldera (znalazlem go dzieki kasperskyemu, ktory wykryl tam kilka wirusów, ale ich usuniecie nic nie dalo, co ciekawe, ten folder nie jest widoczny na dysku c: i nie da sie otworzyc samego folderu system volume information )
tam są rózne foldery o nazwach typu " RP250 " , i w nich są pliki z antywirusów, rozne exe. dll. txt. itd., o zmnienionych nazwach na A0278835, A0234172 itp.(czyli od A0000001 w górę) w folderze C:\System Volume Information_restore{9EF1A1E4-A07E-44F7-B0A1-7D758F3E836B}\RP250\snapshot są pliki takie jak:
_REGISTRY_USER_NTUSER_S-1-5-21-1801674531-616249376-839522115-1004 _REGISTRY_USER_USRCLASS_S-1-5-21-1801674531-616249376-839522115-1004 _REGISTRY_MACHINE_SECURITY i z 20 innych podobnych. jest tez tam taki .txt o nazwie change, który jest uzywany przez windows, i na bierząco jest tam cos nowego dopisywane. wg. mnie zapisywane sa tam wszystkie informacje, co jest usuwane, a takze gdzie jest lista z ktorej wirus czerpie wiedze, “co mam schowac zeby mnie nie zabilo” xD.
to mnie zainteresowalo szczególnie: \ D o c u m e n t s a n d S e t t i n g s \ Z b i g n i e w K u j a w i a k \ D a n e a p l i k a c j i \ h i d i r e s \ a s p r _ k e y s . i n i
i to
H \ W I N D O W S \ s y s t e m 3 2 \ a s p r _ k e y s . i n i
co moge zrobic w takiej sytuacj? pozdrawiam.
Bieniol
(Bbieniol)
24 Wrzesień 2006 07:15
#14
Pobierz GMERa i wklej loga:
Rootkit -> zaznaczone Pokaż wszystko -> wskazane tylko Usługi -> Szukaj -> Kopiuj -> CTRL+V do posta
Gutek
(Gutek)
24 Wrzesień 2006 08:23
#15
wyłącz przywracanie systemu i Ok
Jak uzyskać dostęp do folderu System Volume Information
http://support.microsoft.com/kb/309531/PL/
platek91
(Platek91)
24 Wrzesień 2006 16:11
#16
gmer nie dziala, to pewnie sprawka tego wirusa, jest tylko raport o błedzie i “nie wysyłaj”
a jak wyłączyc przywracanie systemu???
platek91
(Platek91)
24 Wrzesień 2006 16:26
#18
oki, wylaczylem przywracanie systemu, czekam na dalsze instrukcyje.
wszystko to samo jak wczesniej, udostepnic nie moge jakos tego System Volume Information, mam typ plików ntfs i przez ten poradnik probowalem ale nie dalo sie ( nie mam tam takiej opcji jak DODAJ)
8. Kliknij przycisk Dodaj, a następnie wpisz nazwę użytkownika, któremu chcesz udostępnić ten folder. Jeśli trzeba, wybierz lokalizację konta (lokalną lub z domeny). Najczęściej będzie to konto użyte do zalogowania się. Kliknij przycisk OK, a następnie ponownie kliknij przycisk OK. [
antywirusy nie dzialają dalej.
a jest jakis inny sposob na wlaczenie gmer’a?
pozdrawiam.
Złączono Posta : 24.09.2006 (Nie) 19:41
a czy byl juz jakis inny podobny przypadek na tym forum, gdzie tez nie szlo zainstalowac antywira? jezeli tak, to bardzo prosilbym o link.
jezeli dzis sie nie uporam z tym zaje***ym wirusem to jutro format c: .
pozdrawiam.
Złączono Posta : 24.09.2006 (Nie) 20:28
wrzucam jeszcze logi, moze sie cus zmienilo:
Logfile of HijackThis v1.99.1 Scan saved at 20:29:35, on 2006-09-24 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\Explorer.EXE C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe C:\PROGRA~1\NEOSTR~1\ComComp.exe C:\PROGRA~1\NEOSTR~1\Watch.exe C:\Program Files\Internet Explorer\iexplore.exe F:\Program Files\Xfire\Xfire.exe C:\WINDOWS\System32\WScript.exe C:\DOCUME~1\ZBIGNI~1\USTAWI~1\Temp\Rar$EX00.188\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Mario Forever Toolbar Helper - {8036D4D7-AAD3-4793-AB49-329E437155A8} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: (no name) - {EE1CA629-7527-4DB3-B9AD-CEF19CDA122B} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [cnfgCav] “C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe” " /login" O4 - HKLM…\Run: [Comodo Launch Pad Tray] C:\Program Files\Comodo\LaunchPad\CLPTray.exe O4 - HKLM…\Run: [!ewido] “C:\Program Files\ewido anti-spyware 4.0\ewido.exe” /minimized O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Ściągnij przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: Wyslij SMS’a - {215940F1-E7E0-4801-BEE3-44D045534106} - C:\Program Files\Common Files\moje.js O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab O17 - HKLM\System\CCS\Services\Tcpip…{30B5F85A-7D73-48BC-BDE2-77187F878AE8}: NameServer = 194.204.152.34 217.98.63.164 O17 - HKLM\System\CS3\Services\Tcpip…{30B5F85A-7D73-48BC-BDE2-77187F878AE8}: NameServer = 194.204.152.34 217.98.63.164 O17 - HKLM\System\CS4\Services\Tcpip…{30B5F85A-7D73-48BC-BDE2-77187F878AE8}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
“Silent Runners.vbs”, revision 48, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “ctfmon.exe” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “Steam” = (empty string) “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu Sp. z oo”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “WOOWATCH” = “C:\PROGRA~1\NEOSTR~1\Watch.exe” [“France Télécom R&D”] “WOOTASKBARICON” = “C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [“France Télécom R&D”] “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [null data] “cnfgCav” = ““C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe” " /login”" [“COMODO”] “Comodo Launch Pad Tray” = “C:\Program Files\Comodo\LaunchPad\CLPTray.exe” [“COMODO”] “!ewido” = ““C:\Program Files\ewido anti-spyware 4.0\ewido.exe” /minimized” [“Anti-Malware Development a.s.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {02478D38-C3F9-4EFB-9B51-7695ECA05670}(Default) = (no title provided) -> {HKLM…CLSID} = “Yahoo! Toolbar Helper” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {8036D4D7-AAD3-4793-AB49-329E437155A8}(Default) = (no title provided) -> {HKLM…CLSID} = “Mario Forever Toolbar Helper” \InProcServer32(Default) = “C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{70B28949-EC23-4D00-A411-AD8A1B3A8A5A}” = “awxDTools - ShellExtension” -> {HKLM…CLSID} = “awxDTShlExt Class” \InProcServer32(Default) = “C:\Program Files\arniWORX\awxDTools\awxDTools.dll” [“arniWORX”] “{7A5117B0-B594-4DA8-829D-D15BF11996F2}” = “awxDTools - ColumnHandler” -> {HKLM…CLSID} = “awxDTColumnHandler Class” \InProcServer32(Default) = “C:\Program Files\arniWORX\awxDTools\awxDTools.dll” [“arniWORX”] “{640167b4-59b0-47a6-b335-a6b3c0695aea}” = “Portable Media Devices” -> {HKLM…CLSID} = “Portable Media Devices” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “F:\PROGRA~2\OFFICE11\MLSHEXT.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “F:\PROGRA~2\OFFICE11\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “F:\Program Ofica\OFFICE11\msohev.dll” [MS] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] “{21569614-B795-46b1-85F4-E737A8DC09AD}” = “Shell Search Band” -> {HKLM…CLSID} = “Shell Search Band” \InProcServer32(Default) = “C:\WINDOWS\system32\browseui.dll” [MS] “{2F860D81-AF3C-11D4-BDB3-00E0987D8540}” = “UltimateZip Shell Extension” -> {HKLM…CLSID} = “UltimateZip Shell Extension 1” \InProcServer32(Default) = “C:\PROGRA~1\ULTIMA~1.7\uzshlex.dll” [null data] “{2F860D82-AF3C-11D4-BDB3-00E0987D8540}” = “UltimateZip Drag Drop Handler” -> {HKLM…CLSID} = “UltimateZip Drag Drop Handler” \InProcServer32(Default) = “C:\PROGRA~1\ULTIMA~1.7\uzshldr.dll” [null data] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” -> {HKLM…CLSID} = “RealOne Player Context Menu Class” \InProcServer32(Default) = “C:\Program Files\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”] “{5E2121EE-0300-11D4-8D3B-444553540000}” = “Catalyst Context Menu extension” -> {HKLM…CLSID} = “SimpleShlExt Class” \InProcServer32(Default) = “C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll” [empty string] “{e82a2d71-5b2f-43a0-97b8-81be15854de8}” = “ShellLink for Application References” -> {HKLM…CLSID} = “ShellLink for Application References” \InProcServer32(Default) = “C:\WINDOWS\system32\dfshim.dll” [MS] “{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}” = “Shell Icon Handler for Application References” -> {HKLM…CLSID} = “Shell Icon Handler for Application References” \InProcServer32(Default) = “C:\WINDOWS\system32\dfshim.dll” [MS] “{4255A182-CAD9-4214-A19B-7BA7FB633BBD}” = “Comodo AntiVirus” -> {HKLM…CLSID} = “Comodo AntiVirus” \InProcServer32(Default) = “C:\Program Files\Comodo\Comodo AntiVirus\CavSheI.dll” [“COMODO”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “ewido anti-spyware 4.0” -> {HKLM…CLSID} = “CShellExecuteHookImpl Object” \InProcServer32(Default) = “C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll” [“Anti-Malware Development a.s.”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7A5117B0-B594-4DA8-829D-D15BF11996F2}(Default) = “awxDTools - ColumnHandler” -> {HKLM…CLSID} = “awxDTColumnHandler Class” \InProcServer32(Default) = “C:\Program Files\arniWORX\awxDTools\awxDTools.dll” [“arniWORX”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] Comodo AntiVirus(Default) = “{4255A182-CAD9-4214-A19B-7BA7FB633BBD}” -> {HKLM…CLSID} = “Comodo AntiVirus” \InProcServer32(Default) = “C:\Program Files\Comodo\Comodo AntiVirus\CavSheI.dll” [“COMODO”] ewido anti-spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\ewido anti-spyware 4.0\context.dll” [“Anti-Malware Development a.s.”] Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Home Edition\shellex.dll” [“Kaspersky Lab”] UltimateZip(Default) = “{2F860D81-AF3C-11D4-BDB3-00E0987D8540}” -> {HKLM…CLSID} = “UltimateZip Shell Extension 1” \InProcServer32(Default) = “C:\PROGRA~1\ULTIMA~1.7\uzshlex.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ewido anti-spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\ewido anti-spyware 4.0\context.dll” [“Anti-Malware Development a.s.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] Comodo AntiVirus(Default) = “{4255A182-CAD9-4214-A19B-7BA7FB633BBD}” -> {HKLM…CLSID} = “Comodo AntiVirus” \InProcServer32(Default) = “C:\Program Files\Comodo\Comodo AntiVirus\CavSheI.dll” [“COMODO”] Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Home Edition\shellex.dll” [“Kaspersky Lab”] UltimateZip(Default) = “{2F860D81-AF3C-11D4-BDB3-00E0987D8540}” -> {HKLM…CLSID} = “UltimateZip Shell Extension 1” \InProcServer32(Default) = “C:\PROGRA~1\ULTIMA~1.7\uzshlex.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Zbigniew Kujawiak\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\system32\logon.scr” [MS] Startup items in “Zbigniew Kujawiak” & “All Users” startup folders: ------------------------------------------------------------------- C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart “DSLMON” -> shortcut to: “C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W” [empty string] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 14 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ “{463DF6D5-BEC1-4D67-B217-59DB692DFC53}” -> {HKLM…CLSID} = “Mario Forever Toolbar” \InProcServer32(Default) = “C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll” [null data] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{463DF6D5-BEC1-4D67-B217-59DB692DFC53}” -> {HKLM…CLSID} = “Mario Forever Toolbar” \InProcServer32(Default) = “C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll” [null data] “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] “{EF99BD32-C1FB-11D2-892F-0090271D4F88}” -> {HKLM…CLSID} = “Yahoo! Toolbar” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{463DF6D5-BEC1-4D67-B217-59DB692DFC53}” = “Mario Forever Toolbar” -> {HKLM…CLSID} = “Mario Forever Toolbar” \InProcServer32(Default) = “C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll” [null data] “{EF99BD32-C1FB-11D2-892F-0090271D4F88}” = (no title provided) -> {HKLM…CLSID} = “Yahoo! Toolbar” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”] “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided) -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] “{E0E899AB-F487-11D5-8D29-0050BA6940E3}” = “FlashGet Bar” -> {HKLM…CLSID} = “FlashGet Bar” \InProcServer32(Default) = “C:\PROGRA~1\FlashGet\fgiebar.dll” [“Amaze Soft”] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {39C8D5A1-0DE2-476F-9254-998AE490F32F}(Default) = (no title provided) -> {HKLM…CLSID} = “żĄĆÄ˝ş ´ş˝ş ĽÓş¸” \InProcServer32(Default) = “C:\Program Files\Empas\Empas Toolbar\empastool1.dll” [file not found] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {215940F1-E7E0-4801-BEE3-44D045534106}\ “ButtonText” = “Wyslij SMS’a” “Script” = “C:\Program Files\Common Files\moje.js” [null data] {D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\ “ButtonText” = “FlashGet” “MenuText” = “&FlashGet” “Exec” = “C:\Program Files\FlashGet\flashget.exe” [“FlashGet.com ”] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ Missing lines (compared with English-language version): “{08C06D61-F1F3-4799-86F8-BE1A89362C85}” = (no title provided) -> {HKLM…CLSID} = “Search Class” \InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL” [empty string] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer “No” at the first message box. ---------- (total run time: 35 seconds, including 2 seconds for message boxes)
Gutek
(Gutek)
24 Wrzesień 2006 20:13
#19
platek91
(Platek91)
25 Wrzesień 2006 12:45
#20
a jak usuwac wpisy w jv16 power tools?
zainstalowalem, wlaczylem
tools>registry cleaner>continue>start
potem jak sie juz wszystko wyszuka to chce usunac wpisy, czyli np. zaznaczam jeden i klikam remove, komp cos chwile mysli a potem nic sie nie dzieje.
pzdr.