Nie mogę usunąć nic w HijackThis

jerry2006 · 11 Sierpień 2007 17:39

Sam widzę że na tym logu są rzeczy których nie mam na komputerze (O4 - HKCU…\Run: [speedX] F:\SPEEDX~1.EXE

O4 - HKCU…\Run: [AnyDVD] “f:\Program Files\SlySoft\AnyDVD\AnyDVD.exe”) ale nie mogę sięich pozbyć. Ad- Watch po każdym uruchomieniu Windowsa pokazuje jakąś modyfikację rejestru i te dwa programy u niego też się pokazują , o co chodzi? Proszę o zerknięcie

Logfile of HijackThis v1.99.1 Scan saved at 19:29:54, on 2007-08-11 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe f:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe f:\Program Files\Alwil Software\Avast4\ashMaiSv.exe f:\Program Files\Alwil Software\Avast4\ashWebSv.exe F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe F:\Program Files\CursorXP\CursorXP.exe F:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe C:\Program Files\SAGEM WiFi manager\WLANUTL.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\msiexec.exe F:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\explorer.exe F:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM…\Run: [avast!] f:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” O4 - HKLM…\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\RunOnce: [WMC_0] C:\WINDOWS\system32\regsvr32.exe /s “C:\WINDOWS\system32\wmp.dll” O4 - HKLM…\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 “C:\DOCUME~1\Jarek\USTAWI~1\Temp\IXP000.TMP” O4 - HKLM…\RunOnce: [selfreg] C:\WINDOWS\Corel\Slfregen.exe O4 - HKLM…\RunOnce: [WMC_1] C:\WINDOWS\system32\regsvr32.exe /s “C:\WINDOWS\system32\wmpdxm.dll” O4 - HKLM…\RunOnce: [WMC_RebootCheck] C:\WINDOWS\inf\unregmp2.exe /FixUps O4 - HKCU…\Run: [CursorXP] f:\Program Files\CursorXP\CursorXP.exe O4 - HKCU…\Run: [AWMON] “F:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe” O4 - HKCU…\Run: [Gadu-Gadu] “F:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [Odkurzacz-MCD] F:\Program Files\Odkurzacz\odk_mcd.exe O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [t4oetray] F:\Program Files\poleng\Translatica 4\Translatica Integration\bin\win\int\ms-oe\t4oetray.exe O4 - HKCU…\Run: [speedX] F:\SPEEDX~1.EXE O4 - HKCU…\Run: [AnyDVD] “f:\Program Files\SlySoft\AnyDVD\AnyDVD.exe” O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ? O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - f:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - f:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - f:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: QODUTLYNYBO - Unknown owner - C:\DOCUME~1\Jarek\USTAWI~1\Temp\QODUTLYNYBO.exe (file missing)

Złączono Posta : 11.08.2007 (Sob) 21:33

Czy nikt nie jest mi wstanie pomóc?

Złączono Posta : 11.08.2007 (Sob) 21:34

Czy nikt nie jest mi wstanie pomóc?

qrczak13 · 12 Sierpień 2007 18:20

Start > uruchom > cmd i wpisz:

sc stop "QODUTLYNYBO"

sc delete "QODUTLYNYBO"

Użyj ATF Cleaner w trybie awaryjnym.

Na czas usuwania wyłącz Ad-Watch, bo on blokuje modyfikacje rejestru.

Daj po tym log z ComboFix + opis zrobienia loga na samym dole.

jerry2006 · 14 Sierpień 2007 19:48

Czemu mają służyć te dwie pierwsze komendy(chciałbym wiedzieć co robię).

Ale przy próbie wykonania ich wyskakuje taki tekst -[sc] OpenService FAILED 1060:

Złączono Posta : 14.08.2007 (Wto) 21:57

A oto log z Combo Fix

ComboFix 07-08-14.4 - “Jarek” 2007-08-14 21:49:26.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.591 [GMT 2:00] ADS removed - svchost.exe: deleted 68 bytes in 1 streams. ADS removed - ntoskrnl.exe: deleted 68 bytes in 1 streams. ((((((((((((((((((((((((( Files Created from 2007-07-14 to 2007-08-14 ))))))))))))))))))))))))))))))) 2007-08-14 21:48 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-14 19:26 2007-08-13 19:53 176,128 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-08-13 19:53 2007-08-13 19:51 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2007-08-11 22:13 2007-08-11 22:12 2007-08-11 22:07 7,680 --a–c— C:\WINDOWS\system32\dllcache\inetmgr.exe 2007-08-11 22:07 68,608 --a–c— C:\WINDOWS\system32\dllcache\isatq.dll 2007-08-11 22:07 19,968 --a–c— C:\WINDOWS\system32\dllcache\inetsloc.dll 2007-08-11 22:07 13,312 --a–c— C:\WINDOWS\system32\dllcache\infoadmn.dll 2007-08-11 22:06 68,608 --a–c— C:\WINDOWS\system32\dllcache\iisext51.dll 2007-08-11 22:06 64,512 --a–c— C:\WINDOWS\system32\dllcache\iismap.dll 2007-08-11 22:06 6,144 --a–c— C:\WINDOWS\system32\dllcache\ftpsapi2.dll 2007-08-11 22:06 5,632 --a–c— C:\WINDOWS\system32\dllcache\iisrstap.dll 2007-08-11 22:06 15,360 --a–c— C:\WINDOWS\system32\dllcache\iisreset.exe 2007-08-11 22:06 133,632 --a–c— C:\WINDOWS\system32\dllcache\iisrtl.dll 2007-08-11 22:02 102,509 --a–c— C:\WINDOWS\system32\dllcache\fp4atxt.dll 2007-08-11 22:01 82,035 --a–c— C:\WINDOWS\system32\dllcache\fp4anscp.dll 2007-08-11 22:01 49,210 --a–c— C:\WINDOWS\system32\dllcache\fp4areg.dll 2007-08-11 22:01 147,513 --a–c— C:\WINDOWS\system32\dllcache\fp4apws.dll 2007-08-11 22:00 46,592 --a–c— C:\WINDOWS\system32\dllcache\coadmin.dll 2007-08-11 22:00 188,480 --a–c— C:\WINDOWS\system32\dllcache\cfgwiz.exe 2007-08-11 21:57 43,520 --a–c— C:\WINDOWS\system32\dllcache\admwprox.dll 2007-08-11 21:57 290,816 --a–c— C:\WINDOWS\system32\dllcache\adsiis51.dll 2007-08-11 13:50 2007-08-10 21:31 2007-08-09 09:24 2007-08-07 18:53 2007-08-05 20:48 2007-08-05 17:19 2007-08-04 11:37 22,016 --a------ C:\WINDOWS\system32\drivers\MSIRCOMM.sys 2007-08-04 10:57 607,744 --a------ C:\WINDOWS\system32\Decslib.dll 2007-08-04 10:55 245,760 --a------ C:\WINDOWS\system32\Sccomp91.dll 2007-08-04 10:55 225,280 --a------ C:\WINDOWS\system32\Scint91.dll 2007-08-04 10:55 110,592 --a------ C:\WINDOWS\system32\Sccres91.dll 2007-08-04 10:55 2007-08-03 20:17 2007-08-02 19:55 2007-07-19 22:53 2007-07-19 21:40 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys 2007-07-19 21:40 8,192 --a------ C:\WINDOWS\system32\wshirda.dll 2007-07-19 21:40 27,648 --a------ C:\WINDOWS\system32\irmon.dll 2007-07-19 21:40 26,624 --a------ C:\WINDOWS\system32\drivers\irstusb.sys 2007-07-19 21:40 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys 2007-07-19 21:40 153,088 --a------ C:\WINDOWS\system32\irftp.exe 2007-07-16 21:49 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-13 19:43 --------- d–h----- C:\Program Files\InstallShield Installation Information 2007-08-13 19:43 --------- d-------- C:\Program Files\ATI Technologies 2007-08-12 09:39 --------- d-------- C:\DOCUME~1\Jarek\DANEAP~1\MegauploadToolbar 2007-08-11 21:52 --------- d-------- C:\DOCUME~1\Jarek\DANEAP~1\Uniblue 2007-08-11 21:51 --------- d-------- C:\Program Files\Skype 2007-08-11 21:51 --------- d-------- C:\DOCUME~1\Jarek\DANEAP~1\Skype 2007-08-11 19:16 --------- d-------- C:\Program Files\MegauploadToolbar 2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-07-28 00:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-07-05 14:51 --------- d-------- C:\Program Files\Messenger 2007-06-06 23:02 921600 --a------ C:\WINDOWS\system32\vorbisenc.dll 2007-06-06 23:02 45056 --a------ C:\WINDOWS\system32\ogg.dll 2007-06-06 23:02 237568 --a------ C:\WINDOWS\system32\OggDS.dll 2007-06-06 23:02 188416 --a------ C:\WINDOWS\system32\vorbis.dll 2007-06-06 23:02 1415680 --a------ C:\WINDOWS\system32\WMV9VCM.dll 2007-06-06 23:01 9216 --a------ C:\WINDOWS\system32\cpuinf32.dll 2007-06-06 23:01 755200 --a------ C:\WINDOWS\system32\ir50_32.dll 2007-06-06 23:01 245760 --a------ C:\WINDOWS\system32\mplvpx.dll 2007-06-06 23:00 765952 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-06-06 23:00 639066 --a------ C:\WINDOWS\system32\DivX.dll 2007-05-16 17:18 683520 --a------ C:\WINDOWS\system32\inetcomm.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “avast!”=“f:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-07-28 00:03] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [2007-07-12 04:00] “WMC_AutoUpdate”="" [] “TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [] “ATIModeChange”=“Ati2mdxx.exe” [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CursorXP”=“f:\Program Files\CursorXP\CursorXP.exe” [2005-01-19 17:34] “AWMON”=“F:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe” [2005-05-25 13:12] “Gadu-Gadu”=“F:\Program Files\Gadu-Gadu\gg.exe” [2007-05-07 17:08] “Odkurzacz-MCD”=“F:\Program Files\Odkurzacz\odk_mcd.exe” [2007-05-03 10:02] “odk_mcd”="" [] “t4oetray”=“F:\Program Files\poleng\Translatica 4\Translatica Integration\bin\win\int\ms-oe\t4oetray.exe” [] “SpeedX”=“F:\SPEEDX~1.EXE” [] “AnyDVD”=“f:\Program Files\SlySoft\AnyDVD\AnyDVD.exe” [] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [] “Uniblue SpeedUpMyPC”="" [] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] “HPWebUpdate”= “WMC_0”=C:\WINDOWS\system32\regsvr32.exe /s “C:\WINDOWS\system32\wmp.dll” “wextract_cleanup0”=rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 “C:\DOCUME~1\Jarek\USTAWI~1\Temp\IXP000.TMP” “Selfreg”=C:\WINDOWS\Corel\Slfregen.exe “WMC_1”=C:\WINDOWS\system32\regsvr32.exe /s “C:\WINDOWS\system32\wmpdxm.dll” “WMC_RebootCheck”=C:\WINDOWS\inf\unregmp2.exe /FixUps C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2007-02-26 21:40:35] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “appinit_dlls”=wbsys.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized “t4oetray”=F:\Program Files\poleng\Translatica 4\Translatica Integration\bin\win\int\ms-oe\t4oetray.exe “Uniblue SpeedUpMyPC”= [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] “HPHmon05”=C:\WINDOWS\system32\hphmon05.exe “HP Software Update”=“F:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe” “HP Component Manager”=“C:\Program Files\HP\hpcoretech\hpcmpmgr.exe” “HPDJ Taskbar Utility”=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe “WMC_AutoUpdate”= “ATIModeChange”=Ati2mdxx.exe “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys S3 ZDCndis5;ZDCndis5 Protocol Driver;??\C:\WINDOWS\system32\ZDCndis5.SYS S3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver;??\C:\WINDOWS\system32\ZDPNDIS5.SYS Contents of the ‘Scheduled Tasks’ folder 2007-08-11 15:47:37 C:\WINDOWS\Tasks{F897AA24-BDC3-11D1-B85B-00C04FB93981}_ASIEK_Jarek.job ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-14 21:50:55 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-14 21:51:39 — E O F —

jessica · 15 Sierpień 2007 09:10

Nie widzę w logu ComboFixa nic podejrzanego.

Zaś jeśli chodzi o te dwie komendy, to pirwsza zatrzymuje usługę, a druga usuwa tę usługę. U Ciebie mogło być tak, że usługa była już wcześniej wyłączona i dlatego pojawił się komunikat “failed”.

.Sprawdź w logu Hijacka, czy ta nieznana usługa zniknęła.

jessi

jerry2006 · 15 Sierpień 2007 18:29

Dlaczego to mam w logach skoro te programy usunąłem

jessica · 15 Sierpień 2007 19:07

Jeśli chcesz usunąć te bezplikowe klucze rejestru:

Nie jestem pewna, czy to się uda, bo widzę, że zabezpieczyłeś sobie te klucze przed usuwaniem.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run -]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run -] --> mają minusy z prawej strony, co oznacza, że są zablokowane.

jessi

jerry2006 · 15 Sierpień 2007 20:42

Nie wiem jak je sobie zabezpieczyłem ale nie mogę ich usunąć w żaden sposób,zrobiłem jak było napisane. Nawet w HijackThis po zaznaczeniu tych wpisów i zfixowaniu ich one zginęły ale po restarcie kompa znowu wszystko jest po staremu i Ad-Watch pokazuje mi przy starcie że są jakieś zmiany( nie wiem jak Ci je pokazać) a oto świeży log

Logfile of HijackThis v1.99.1 Scan saved at 22:29:00, on 2007-08-15 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe f:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe f:\Program Files\Alwil Software\Avast4\ashMaiSv.exe f:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe F:\Program Files\CursorXP\CursorXP.exe F:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe F:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\SAGEM WiFi manager\WLANUTL.exe C:\WINDOWS\system32\wuauclt.exe F:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM…\Run: [avast!] f:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM…\RunOnce: [WMC_0] C:\WINDOWS\system32\regsvr32.exe /s “C:\WINDOWS\system32\wmp.dll” O4 - HKLM…\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 “C:\DOCUME~1\Jarek\USTAWI~1\Temp\IXP000.TMP” O4 - HKLM…\RunOnce: [selfreg] C:\WINDOWS\Corel\Slfregen.exe O4 - HKLM…\RunOnce: [WMC_1] C:\WINDOWS\system32\regsvr32.exe /s “C:\WINDOWS\system32\wmpdxm.dll” O4 - HKLM…\RunOnce: [WMC_RebootCheck] C:\WINDOWS\inf\unregmp2.exe /FixUps O4 - HKCU…\Run: [CursorXP] f:\Program Files\CursorXP\CursorXP.exe O4 - HKCU…\Run: [AWMON] “F:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe” O4 - HKCU…\Run: [Gadu-Gadu] “F:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [Odkurzacz-MCD] F:\Program Files\Odkurzacz\odk_mcd.exe O4 - HKCU…\Run: [speedX] F:\SPEEDX~1.EXE O4 - HKCU…\Run: [AnyDVD] “f:\Program Files\SlySoft\AnyDVD\AnyDVD.exe” O4 - HKCU…\Run: [t4oetray] F:\Program Files\poleng\Translatica 4\Translatica Integration\bin\win\int\ms-oe\t4oetray.exe O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ? O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - f:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - f:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - f:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

qrczak13 · 15 Sierpień 2007 22:20

Wyłączasz na czas usuwania tych kluczy Ad-Watch?

Jak nie to wyłącz i wtedy spróbuj.

jerry2006 · 16 Sierpień 2007 20:18

Przy wyłączonym Ad-Watch usuwam wpisy i jest wszystko w porządku ale jak uruchomię Ad-Watch to wszystko wraca. Czy mam go nie używać?

To jest log zrobiony po usunięciu wpisów bez uruchamiania Ad- Watch

Logfile of HijackThis v1.99.1 Scan saved at 22:05:21, on 2007-08-16 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe f:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvsvc32.exe f:\Program Files\Alwil Software\Avast4\ashMaiSv.exe f:\Program Files\Alwil Software\Avast4\ashWebSv.exe F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe F:\Program Files\CursorXP\CursorXP.exe F:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\SAGEM WiFi manager\WLANUTL.exe C:\WINDOWS\system32\wuauclt.exe F:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM…\Run: [avast!] f:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” O4 - HKLM…\RunOnce: [WMC_0] C:\WINDOWS\system32\regsvr32.exe /s “C:\WINDOWS\system32\wmp.dll” O4 - HKLM…\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 “C:\DOCUME~1\Jarek\USTAWI~1\Temp\IXP000.TMP” O4 - HKLM…\RunOnce: [selfreg] C:\WINDOWS\Corel\Slfregen.exe O4 - HKLM…\RunOnce: [WMC_1] C:\WINDOWS\system32\regsvr32.exe /s “C:\WINDOWS\system32\wmpdxm.dll” O4 - HKLM…\RunOnce: [WMC_RebootCheck] C:\WINDOWS\inf\unregmp2.exe /FixUps O4 - HKCU…\Run: [CursorXP] f:\Program Files\CursorXP\CursorXP.exe O4 - HKCU…\Run: [Gadu-Gadu] “F:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [Odkurzacz-MCD] F:\Program Files\Odkurzacz\odk_mcd.exe O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ? O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - f:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - f:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - f:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Gutek · 16 Sierpień 2007 20:38

Daj log z Silenta

jerry2006 · 17 Sierpień 2007 17:16

Oto log z Silenta:

“Silent Runners.vbs”, revision R51, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CursorXP” = “f:\Program Files\CursorXP\CursorXP.exe” [" "] “Gadu-Gadu” = ““F:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”] “Odkurzacz-MCD” = “F:\Program Files\Odkurzacz\odk_mcd.exe” [“Franmo Software”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “avast!” = “f:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [“ALWIL Software”] “SunJavaUpdateSched” = ““C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe”” [“Sun Microsystems, Inc.”] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}(Default) = (no title provided) -> {HKLM…CLSID} = “Megaupload Toolbar” \InProcServer32(Default) = “C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL” [“MEGAUPLOAD “] {72853161-30C5-4D22-B7F9-0BBC1D38A37E}(Default) = (no title provided) -> {HKLM…CLSID} = “Groove GFS Browser Helper” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “f:\Program Files\WinRAR\rarext.dll” [null data] “{72853161-30C5-4D22-B7F9-0BBC1D38A37E}” = “Groove GFS Browser Helper” -> {HKLM…CLSID} = “Groove GFS Browser Helper” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}” = “Groove GFS Explorer Bar” -> {HKLM…CLSID} = “Groove Folder Synchronization” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{A449600E-1DC6-4232-B948-9BD794D62056}” = “Groove GFS Stub Icon Handler” -> {HKLM…CLSID} = “Groove GFS Stub Icon Handler” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{B5A7F190-DDA6-4420-B3BA-52453494E6CD}” = “Groove GFS Stub Execution Hook” -> {HKLM…CLSID} = “Groove GFS Stub Execution Hook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{6C467336-8281-4E60-8204-430CED96822D}” = “Groove GFS Context Menu Handler” -> {HKLM…CLSID} = “Groove GFS Context Menu Handler” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{387E725D-DC16-4D76-B310-2C93ED4752A0}” = “Groove XML Icon Handler” -> {HKLM…CLSID} = “Groove XML Icon Handler” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{16F3DD56-1AF5-4347-846D-7C10C4192619}” = “Groove Explorer Icon Overlay 3 (GFS Folder)” -> {HKLM…CLSID} = “Groove Explorer Icon Overlay 3 (GFS Folder)” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}” = “Groove Explorer Icon Overlay 2 (GFS Stub)” -> {HKLM…CLSID} = “Groove Explorer Icon Overlay 2 (GFS Stub)” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}” = “Groove Explorer Icon Overlay 4 (GFS Unread Mark)” -> {HKLM…CLSID} = “Groove Explorer Icon Overlay 4 (GFS Unread Mark)” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{99FD978C-D287-4F50-827F-B2C658EDA8E7}” = “Groove Explorer Icon Overlay 1 (GFS Unread Stub)” -> {HKLM…CLSID} = “Groove Explorer Icon Overlay 1 (GFS Unread Stub)” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{920E6DB1-9907-4370-B3A0-BAFC03D81399}” = “Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)” -> {HKLM…CLSID} = “Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL” [MS] “{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}” = “Microsoft Office OneNote Namespace Extension for Windows Desktop Search” -> {HKLM…CLSID} = “Microsoft Office OneNote Namespace Extension for Windows Desktop Search” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office12\msohevi.dll” [MS] “{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}” = “Microsoft Office Metadata Handler” -> {HKLM…CLSID} = “Microsoft Office Metadata Handler” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll” [MS] “{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}” = “Microsoft Office Thumbnail Handler” -> {HKLM…CLSID} = “Microsoft Office Thumbnail Handler” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll” [MS] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “f:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] “{2F5AC606-70CF-461C-BFE1-734234536262}” = “WindowBlinds CPL Extension” -> {HKLM…CLSID} = “DisplayCplExt Class” \InProcServer32(Default) = “F:\Program Files\Stardock\Object Desktop\WindowBlinds\wbui.dll” [“Stardock.Net, Inc”] “{e57ce731-33e8-4c51-8354-bb4de9d215d1}” = “Uniwersalne urządzenia Plug and Play” -> {HKLM…CLSID} = “Uniwersalne urządzenia Plug and Play” \InProcServer32(Default) = “C:\WINDOWS\system32\upnpui.dll” [MS] “{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}” = “NeroCoverEd Live Icons” -> {HKLM…CLSID} = “NeroCoverEdLiveIcons Class” \InProcServer32(Default) = “C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll” [“Nero AG”] “{B327765E-D724-4347-8B16-78AE18552FC3}” = “NeroDigitalIconHandler” -> {HKLM…CLSID} = “NeroDigitalIconHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] “{7F1CF152-04F8-453A-B34C-E609530A9DC8}” = “NeroDigitalPropSheetHandler” -> {HKLM…CLSID} = “NeroDigitalPropSheetHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{3028902F-6374-48b2-8DC6-9725E775B926}” = “IE Microsoft AutoComplete” -> {HKLM…CLSID} = “IE Microsoft AutoComplete” \InProcServer32(Default) = “C:\WINDOWS\system32\browseui.dll” [MS] “{EFA24E62-B078-11d0-89E4-00C04FC9E26E}” = “History Band” -> {HKLM…CLSID} = “History Band” \InProcServer32(Default) = “C:\WINDOWS\system32\shdocvw.dll” [MS] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> “{B5A7F190-DDA6-4420-B3BA-52453494E6CD}” = “Groove GFS Stub Execution Hook” -> {HKLM…CLSID} = “Groove GFS Stub Execution Hook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <> “AppInit_DLLs” = “wbsys.dll” [“Stardock.Net, Inc”] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807563E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = “Microsoft Office InfoPath XML Mime Filter” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}(Default) = “NeroDigitalExt.NeroDigitalColumnHandler” -> {HKLM…CLSID} = “NeroDigitalColumnHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “f:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] Cover Designer(Default) = “{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}” -> {HKLM…CLSID} = “NeroCoverEdContextMenu Class” \InProcServer32(Default) = “C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll” [“Nero AG”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “f:\Program Files\WinRAR\rarext.dll” [null data] XXX Groove GFS Context Menu Handler XXX(Default) = “{6C467336-8281-4E60-8204-430CED96822D}” -> {HKLM…CLSID} = “Groove GFS Context Menu Handler” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “f:\Program Files\WinRAR\rarext.dll” [null data] XXX Groove GFS Context Menu Handler XXX(Default) = “{6C467336-8281-4E60-8204-430CED96822D}” -> {HKLM…CLSID} = “Groove GFS Context Menu Handler” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “f:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “f:\Program Files\WinRAR\rarext.dll” [null data] XXX Groove GFS Context Menu Handler XXX(Default) = “{6C467336-8281-4E60-8204-430CED96822D}” -> {HKLM…CLSID} = “Groove GFS Context Menu Handler” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ XXX Groove GFS Context Menu Handler XXX(Default) = “{6C467336-8281-4E60-8204-430CED96822D}” -> {HKLM…CLSID} = “Groove GFS Context Menu Handler” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Jarek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Startup items in “Jarek” & “All Users” startup folders: ------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Program sieciowy dla SAGEM Wi-Fi 11g USB adapter” -> shortcut to: “C:\Program Files\SAGEM WiFi manager\WLANUTL.exe” [” “] Enabled Scheduled Tasks: ------------------------ “{F897AA24-BDC3-11D1-B85B-00C04FB93981}_ASIEK_Jarek” -> launches: “C:\WINDOWS\system32\mobsync.exe /Schedule=”{F897AA24-BDC3-11D1-B85B-00C04FB93981}_ASIEK_Jarek”” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000004\LibraryPath = “C:\Program Files\Bonjour\mdnsNSP.dll” [“Apple Computer, Inc.”] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 16 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}” -> {HKLM…CLSID} = “Megaupload Toolbar” \InProcServer32(Default) = “C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL” ["MEGAUPLOAD "] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}” = (no title provided) -> {HKLM…CLSID} = “Megaupload Toolbar” \InProcServer32(Default) = “C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL” ["MEGAUPLOAD "] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}(Default) = “Groove Folder Synchronization” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Poszukaj” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.6.0_02” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.6.0_02” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll” [“Sun Microsystems, Inc.”] {2670000A-7350-4F3C-8081-5663EE0C6C49}\ “ButtonText” = “Wyślij do programu OneNote” “MenuText” = “Wyślij &do programu OneNote” “CLSIDExtension” = “{48E73304-E1D6-4330-914C-F5F514E3486C}” -> {HKLM…CLSID} = “Send to OneNote from Internet Explorer button” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll” [MS] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Research” {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Miscellaneous IE Hijack Points ------------------------------ HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ <> “Tabs” = “C:\Documents and Settings\Jarek\Dane aplikacji\MEGAUPLOADTOOLBAR\tabwelcome.html” [null data] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ““f:\Program Files\Alwil Software\Avast4\ashServ.exe”” [“ALWIL Software”] avast! iAVS4 Control Service, aswUpdSv, ““f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [“ALWIL Software”] avast! Mail Scanner, avast! Mail Scanner, ““f:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““f:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzlnt09\Driver = “hpzlnt09.dll” [“HP”] Send To Microsoft OneNote Monitor\Driver = “msonpmon.dll” [MS] ---------- (launch time: 2007-08-17 19:12:15) <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 81 seconds. ---------- (total run time: 132 seconds)

qrczak13 · 17 Sierpień 2007 19:09

Wg silenta wszystkie puste wpisy usunięte.

jerry2006 · 17 Sierpień 2007 19:26

Ale to jest przy wyłączonym programie Ad - Watch. Gdy go uruchamiam wszystko wraca.

jessica · 17 Sierpień 2007 19:48

To spróbuj go uruchomić dopiero po restarcie komputera.

jessi

jerry2006 · 17 Sierpień 2007 19:56

Ad-Watch jest wyłączony i jest wszystko w porządku. Komputer dzisiaj był uruchamiany kilkukrotnie( odznaczyłem opcję uruchamiania Ad-Watch razem z systemem, ale gdy go uruchomiłem przypadkiem będąc w programie Ad-Aware wszystkie wpisy wróciły, dlatego teraz jadę bez niego) zastanawiam się czy go nie przeinstaluje jeszcze raz, to znaczy program Ad-Aware. Na razie dzięki za pomoc i uspokojenie mnie że jest wszystko OK.