Komputer spowolniony, ciężko cokolwiek zrobić


(Songoku Ssj4) #1

Chyba jakiś poważniejszy wirus

skanowałem wszelkimi programami i nic niewykryło...

niewiem co robić bo efekty po wirusie są iwdoczne

chodzi tak wolno że cieżko coś włączyć

LOGO:

====================================

Widziałeś ten komunikat Ważny komunikat dotyczący tytułowania tematów zastosuj sie do niego => inaczej temat poleci do śmietnika :evil:

Pozdrawiam kuz5


(Gblade) #2

1.Startujesz do trybu awaryjnego

2.Wyłanczasz przywracanie systemu (tylko Me/Xp)

3.Kasujesz wpisy w HijackThis

4.Kasujesz pogrubione pliki/foldery

5.Dajesz nowy log z hjt + log z Silent Runners

Użyj smitfradufix


(Songoku Ssj4) #3
Logfile of HijackThis v1.99.1

Scan saved at 16:14:59, on 2006-06-19

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\atmclk.exe

C:\WINDOWS\system32\dcomcfg.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Gry\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Eset\nod32kui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Gry\Gadu-Gadu\gg.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Documents and Settings\Paweł Borkowski\Pulpit\hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Gry\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM\..\Run: [Skrót do strony właściwości High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Gry\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray

O4 - HKLM\..\Run: [Odkurzacz-MCD] C:\Gry\Odkurzacz 10.1 Pro\odk_mcd.exe

O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"

O4 - HKLM\..\Run: [Zone Labs Client] C:\Gry\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Gry\Gadu-Gadu\gg.exe" /tray

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: &Clean Traces - C:\Gry\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Gry\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Gry\DAP\dapextie2.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Szybkie dostosowywanie programu Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll (file missing)

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

(Bbieniol) #4

Nie zrobiłeś tego, co wskazał InfinityToJa

Zrób to i daj nowy log z Hijacka i Silent Runners


(Songoku Ssj4) #5

Nobo tych niektórych plików niema co kazał usunąć więc neiwiem co robić dalej... podajcie jescze raz te pliki co trzeba usunąć tylko na tym nowym logu


(Bbieniol) #6

Uruchamiasz narzędzie KillBox, zaznaczasz Delete on reboot i All Files , w polu full path of file wklej ścieżkę:

C:\WINDOWS\system32\atmclk.exe

C:\WINDOWS\system32\dcomcfg.exe

C:\WINDOWS\system32\hp101.tmp

Klikasz X i restart kompa :slight_smile:

Odpalasz Hijacka --> Do a system scan and save a logfile i zaznaczasz wpisy:

I klikasz na dole "fix checked"

Użyj narzędzia --> SmitFraudFix

I dajesz logi :slight_smile:


(Songoku Ssj4) #7

No a robie to w trybie awaryjnym te wrzystki eczynności czy w zwykłym

??


(Bbieniol) #8

Najlepiej w awaryjnym, ale w zwykłym tez możesz :slight_smile:


(Songoku Ssj4) #9

SmitFraudFix

co to jest czy to konieczne nierozumiem :oops:


(Bbieniol) #10

Wchodzisz tutaj --> http://forum.dobreprogramy.pl/viewtopic.php?t=36654

Niżej masz wszystko opisane :slight_smile:

TAK :!:


(Gutek) #11

wsm na przyszłość czytaj to i rób to, o co prosi moderator

Nie zmieniłeś tytułu tematu


(Songoku Ssj4) #12
Logfile of HijackThis v1.99.1

Scan saved at 17:04:14, on 2006-06-19

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Gry\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Eset\nod32kui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Gry\Gadu-Gadu\gg.exe

C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Paweł Borkowski\Pulpit\hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Gry\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [Skrót do strony właściwości High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Gry\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray

O4 - HKLM\..\Run: [Odkurzacz-MCD] C:\Gry\Odkurzacz 10.1 Pro\odk_mcd.exe

O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"

O4 - HKLM\..\Run: [Zone Labs Client] C:\Gry\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Gry\Gadu-Gadu\gg.exe" /tray

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: &Clean Traces - C:\Gry\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Gry\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Gry\DAP\dapextie2.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Szybkie dostosowywanie programu Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll (file missing)

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Były pewne problemy, nieudało mi sie usunąć tego pliku (bądź niedało się):

C:\WINDOWS\system32\hp101.tmp

bo kiedy robiłem według wskazówek i wciskałem

X to rozpoczynało się odliczanie do restartu i pojawjało sie to co3471np.jpg

Powieccie czy coś jeszcze jest z moim kompem... co prawda niepojawiają się strony xxx albo z kupnem programów... ale wole być pewny i odczytać opinni specjalistów


(Bbieniol) #13

Log z Hijacka czysty

Wrzuć jeszcze log z Silent Runners (opis pod Hijackiem)


(Songoku Ssj4) #14
"Silent Runners.vbs", revision 45, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"Gadu-Gadu" = ""C:\Gry\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu Sp. z oo"]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}

"kernel32.dll" = "C:\WINDOWS\system32\atmclk.exe" [file not found]

"dcomcfg.exe" = "dcomcfg.exe" [file not found]

"wininet.dll" = "regperf.exe" [null data]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"Skrót do strony właściwości High Definition Audio" = "HDAudPropShortcut.exe" ["Windows (R) Server 2003 DDK provider"]

"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]

"PCSuiteTrayApplication" = "C:\Gry\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray" ["Nokia"]

"Odkurzacz-MCD" = "C:\Gry\Odkurzacz 10.1 Pro\odk_mcd.exe" ["FranmoSoft"]

"AWMON" = ""C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"" ["Lavasoft Sweden"]

"Zone Labs Client" = "C:\Gry\Zone Labs\ZoneAlarm\zlclient.exe" [file not found]

"IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]

"HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]

"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]

"KernelFaultCheck" = "%systemroot%\system32\dumprep 0 -k" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "AcroIEHlprObj Class"

                   \InProcServer32\(Default) = "C:\Gry\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx" [empty string]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}" = "jetAudio"

  -> {HKLM...CLSID} = "JetFlExt"

                   \InProcServer32\(Default) = "C:\Gry\JetAudio\JetFlExt.dll" ["JetAudio, Inc."]

"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser"

  -> {HKLM...CLSID} = "Nokia Phone Browser"

                   \InProcServer32\(Default) = "C:\Gry\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]

"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}" = "Message View"

  -> {HKLM...CLSID} = "Message View"

                   \InProcServer32\(Default) = "C:\Gry\Nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

  -> {HKLM...CLSID} = "Microsoft Office Outlook"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"

  -> {HKLM...CLSID} = "Shell Search Band"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

  -> {HKLM...CLSID} = "RealOne Player Context Menu Class"

                   \InProcServer32\(Default) = "C:\Gry\Real Alternative\rpshell.dll" ["RealNetworks, Inc."]

"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"

  -> {HKLM...CLSID} = "UnlockerShellExtension"

                   \InProcServer32\(Default) = "C:\Gry\Unlocker\UnlockerCOM.dll" [null data]

"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"

  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]

"{DBD8E168-244D-448C-9922-25508950D1DC}" = "Ulead UDF Driver"

  -> {HKLM...CLSID} = "USIShellExt Class"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Ulead Systems\DVD\USIShex.dll" ["Ulead Systems, Inc."]

"{52B87208-9CCF-42C9-B88E-069281105805}" = "Trojan Remover Shell Extension"

  -> {HKLM...CLSID} = "Trojan Remover Shell Extension"

                   \InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"]

INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [MS]


HKLM\Software\Classes\PROTOCOLS\Filter\

INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"

  -> {HKLM...CLSID} = "Outpost.ASWShellExt Component"

                   \InProcServer32\(Default) = "C:\PROGRA~1\Agnitum\OUTPOS~1.0\op_shell.dll" [file not found]

DAP_Menu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"

  -> {HKLM...CLSID} = "DAPMenuShellExt Class"

                   \InProcServer32\(Default) = "C:\Gry\DAP\PRIVAC~1\DAPCTX~1.DLL" ["Speedbit Ltd."]

NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]

Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"

  -> {HKLM...CLSID} = "Trojan Remover Shell Extension"

                   \InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"

  -> {HKLM...CLSID} = "Outpost.ASWShellExt Component"

                   \InProcServer32\(Default) = "C:\PROGRA~1\Agnitum\OUTPOS~1.0\op_shell.dll" [file not found]

jetAudio\(Default) = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}"

  -> {HKLM...CLSID} = "JetFlExt"

                   \InProcServer32\(Default) = "C:\Gry\JetAudio\JetFlExt.dll" ["JetAudio, Inc."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"

  -> {HKLM...CLSID} = "Outpost.ASWShellExt Component"

                   \InProcServer32\(Default) = "C:\PROGRA~1\Agnitum\OUTPOS~1.0\op_shell.dll" [file not found]

jetAudio\(Default) = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}"

  -> {HKLM...CLSID} = "JetFlExt"

                   \InProcServer32\(Default) = "C:\Gry\JetAudio\JetFlExt.dll" ["JetAudio, Inc."]

NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]

Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"

  -> {HKLM...CLSID} = "Trojan Remover Shell Extension"

                   \InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]

UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"

  -> {HKLM...CLSID} = "UnlockerShellExtension"

                   \InProcServer32\(Default) = "C:\Gry\Unlocker\UnlockerCOM.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



Active Desktop and Wallpaper:

-----------------------------


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Paweł Borkowski\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = """" [file not found]



Startup items in "Paweł Borkowski" & "All Users" startup folders:

-----------------------------------------------------------------


C:\Documents and Settings\Paweł Borkowski\Menu Start\Programy\Autostart

"Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 11

%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 12 - 28

%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10



Toolbars, Explorer Bars, Extensions:

------------------------------------


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"

  -> {HKCU...CLSID} = "Java Plug-in"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]


{44627E97-789B-40D4-B5C2-58BD171129A1}\

"ButtonText" = "Szybkie dostosowywanie programu Outpost Firewall Pro"


{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Badanie"


{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


Agent SAP, NwSapAgent, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\ipxsap.dll" [MS]}

Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]

NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]

Ulead Burning Helper, UleadBurningHelper, "C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe" ["Ulead Systems, Inc."]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]



----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

  use the -supp parameter or answer "No" at the first message box.

---------- (total run time: 25 seconds, including 5 seconds for message boxes)

(Bbieniol) #15

Otwórz notatnik i wklej w nim to:

Plik --> zapisz jako --> zmień rozszerzenie na wszystkie pliki --> zapisz pod nazwą FIX.REG

W trybie awaryjnym odpal plik FIX.REG i potwierdź dodanie do rejestru i reset kompa :slight_smile:


(Gutek) #16

wsm ty chyba nie słuchasz i dlatego nie reagujesz na prośby! !!

Nie zmienisz nazwy tematu, to ten temat poleci do kosza


(Songoku Ssj4) #17
"Silent Runners.vbs", revision 45, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"Gadu-Gadu" = ""C:\Gry\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu Sp. z oo"]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"Skrót do strony właściwości High Definition Audio" = "HDAudPropShortcut.exe" ["Windows (R) Server 2003 DDK provider"]

"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]

"PCSuiteTrayApplication" = "C:\Gry\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray" ["Nokia"]

"Odkurzacz-MCD" = "C:\Gry\Odkurzacz 10.1 Pro\odk_mcd.exe" ["FranmoSoft"]

"AWMON" = ""C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"" ["Lavasoft Sweden"]

"Zone Labs Client" = "C:\Gry\Zone Labs\ZoneAlarm\zlclient.exe" [file not found]

"IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]

"HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]

"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]

"KernelFaultCheck" = "%systemroot%\system32\dumprep 0 -k" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "AcroIEHlprObj Class"

                   \InProcServer32\(Default) = "C:\Gry\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx" [empty string]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}" = "jetAudio"

  -> {HKLM...CLSID} = "JetFlExt"

                   \InProcServer32\(Default) = "C:\Gry\JetAudio\JetFlExt.dll" ["JetAudio, Inc."]

"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser"

  -> {HKLM...CLSID} = "Nokia Phone Browser"

                   \InProcServer32\(Default) = "C:\Gry\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]

"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}" = "Message View"

  -> {HKLM...CLSID} = "Message View"

                   \InProcServer32\(Default) = "C:\Gry\Nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

  -> {HKLM...CLSID} = "Microsoft Office Outlook"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"

  -> {HKLM...CLSID} = "Shell Search Band"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

  -> {HKLM...CLSID} = "RealOne Player Context Menu Class"

                   \InProcServer32\(Default) = "C:\Gry\Real Alternative\rpshell.dll" ["RealNetworks, Inc."]

"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"

  -> {HKLM...CLSID} = "UnlockerShellExtension"

                   \InProcServer32\(Default) = "C:\Gry\Unlocker\UnlockerCOM.dll" [null data]

"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"

  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]

"{DBD8E168-244D-448C-9922-25508950D1DC}" = "Ulead UDF Driver"

  -> {HKLM...CLSID} = "USIShellExt Class"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Ulead Systems\DVD\USIShex.dll" ["Ulead Systems, Inc."]

"{52B87208-9CCF-42C9-B88E-069281105805}" = "Trojan Remover Shell Extension"

  -> {HKLM...CLSID} = "Trojan Remover Shell Extension"

                   \InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"]

INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [MS]


HKLM\Software\Classes\PROTOCOLS\Filter\

INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"

  -> {HKLM...CLSID} = "Outpost.ASWShellExt Component"

                   \InProcServer32\(Default) = "C:\PROGRA~1\Agnitum\OUTPOS~1.0\op_shell.dll" [file not found]

DAP_Menu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"

  -> {HKLM...CLSID} = "DAPMenuShellExt Class"

                   \InProcServer32\(Default) = "C:\Gry\DAP\PRIVAC~1\DAPCTX~1.DLL" ["Speedbit Ltd."]

NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]

Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"

  -> {HKLM...CLSID} = "Trojan Remover Shell Extension"

                   \InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"

  -> {HKLM...CLSID} = "Outpost.ASWShellExt Component"

                   \InProcServer32\(Default) = "C:\PROGRA~1\Agnitum\OUTPOS~1.0\op_shell.dll" [file not found]

jetAudio\(Default) = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}"

  -> {HKLM...CLSID} = "JetFlExt"

                   \InProcServer32\(Default) = "C:\Gry\JetAudio\JetFlExt.dll" ["JetAudio, Inc."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"

  -> {HKLM...CLSID} = "Outpost.ASWShellExt Component"

                   \InProcServer32\(Default) = "C:\PROGRA~1\Agnitum\OUTPOS~1.0\op_shell.dll" [file not found]

jetAudio\(Default) = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}"

  -> {HKLM...CLSID} = "JetFlExt"

                   \InProcServer32\(Default) = "C:\Gry\JetAudio\JetFlExt.dll" ["JetAudio, Inc."]

NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]

Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"

  -> {HKLM...CLSID} = "Trojan Remover Shell Extension"

                   \InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]

UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"

  -> {HKLM...CLSID} = "UnlockerShellExtension"

                   \InProcServer32\(Default) = "C:\Gry\Unlocker\UnlockerCOM.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



Active Desktop and Wallpaper:

-----------------------------


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Paweł Borkowski\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = """" [file not found]



Startup items in "Paweł Borkowski" & "All Users" startup folders:

-----------------------------------------------------------------


C:\Documents and Settings\Paweł Borkowski\Menu Start\Programy\Autostart

"Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 11

%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 12 - 28

%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10



Toolbars, Explorer Bars, Extensions:

------------------------------------


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"

  -> {HKCU...CLSID} = "Java Plug-in"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]


{44627E97-789B-40D4-B5C2-58BD171129A1}\

"ButtonText" = "Szybkie dostosowywanie programu Outpost Firewall Pro"


{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Badanie"


{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


Agent SAP, NwSapAgent, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\ipxsap.dll" [MS]}

Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]

NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]

Ulead Burning Helper, UleadBurningHelper, "C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe" ["Ulead Systems, Inc."]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]



----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

  use the -supp parameter or answer "No" at the first message box.

---------- (total run time: 24 seconds, including 2 seconds for message boxes)

Logfile of HijackThis v1.99.1

Scan saved at 17:49:16, on 2006-06-19

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Gry\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Eset\nod32kui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Gry\Gadu-Gadu\gg.exe

C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Paweł Borkowski\Pulpit\hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Gry\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [Skrót do strony właściwości High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Gry\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray

O4 - HKLM\..\Run: [Odkurzacz-MCD] C:\Gry\Odkurzacz 10.1 Pro\odk_mcd.exe

O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"

O4 - HKLM\..\Run: [Zone Labs Client] C:\Gry\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Gry\Gadu-Gadu\gg.exe" /tray

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: &Clean Traces - C:\Gry\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Gry\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Gry\DAP\dapextie2.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Szybkie dostosowywanie programu Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll (file missing)

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

(Bbieniol) #18

Czysto :slight_smile:


(Songoku Ssj4) #19

Dziękuje, temat do zamknięty :mrgreen:


(Gutek) #20

Start >>> Uruchom >>> msconfig >>> w zakładce Uruchamianie wyłącz te 3 wpisy.

Start >>> Programy >>> Autostart >>> kasacja z prawokliku.

Optymalizacja XP: http://forum.dobreprogramy.pl/viewtopic.php?t=76580