Mam problem.Miałem wirusa typu not-a-wirus ale wszystkie wykasowałem bo kolega mi wysłał jakąś stronę po chwili pokazały sie wirusy.
Te wirusy zostały usunięte.Lecz gdy wysyłam wiadomośći na gadu do inych to moim znajomym nie pokazują sie wiadomośći.A wczesniej przed wirusami było jeszcze ok.Nie wiem co mam zrobić.
Prosze o szybką odpowiedź
Pokaż logi (hjt + silent) bo może zostały jeszcze jakieś resztki po tych śmieciach o których wspomniałeś.
mialem ten sam problem, wyczyscilem wszysciutko, zapewne ty tez ale problem tkwi w tym ze dostalismy flod bana (czy jakos tak sie to pisze) za spamowanie na gg 
wiec trza poczekac do jutra,narazie nic na to nie poradzisz
Oto logi z HT i Silenta
[qoute]
Logfile of HijackThis v1.99.1
Scan saved at 09:25:28, on 2006-11-12
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Mouse\MouseDrv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Rafał\Moje dokumenty\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM…\Run: [kav] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe”
O4 - HKLM…\Run: [DeluxMouse] C:\Program Files\Mouse\MouseDrv.exe
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - HKCU…\Run: [AQQ] C:\PROGRA~1\Wapster\AQQ\AQQ.exe
O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
[qoute]
[quote
“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“CTFMON.EXE” = “C:\WINDOWS\System32\ctfmon.exe” [MS]
“Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”]
“AQQ” = “C:\PROGRA~1\Wapster\AQQ\AQQ.exe” [“AQQ Sp. z o.o.”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” [MS]
“nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”]
“SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”]
“KernelFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -k”
“kav” = ““C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe”” [“Kaspersky Lab”]
“DeluxMouse” = “C:\Program Files\Mouse\MouseDrv.exe” [empty string]
HKLM\Software\Microsoft\Active Setup\Installed Components\
{306D6C21-C1B6-4629-986C-E59E1875B8AF}(Default) = (no title provided)
\StubPath = ““C:\WINDOWS\System32\rundll32.exe” “C:\Program Files\Messenger\msgsc.dll”,ShowIconsUser” [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM…CLSID} = “AcroIEHlprObj Class”
\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”
-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”
\InProcServer32(Default) = “deskpan.dll” [file not found]
“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”
-> {HKLM…CLSID} = “HyperTerminal Icon Ext”
\InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”]
“{6D0E6651-1CD8-11d6-92C4-0003479E4848}” = “NVIDIA NT4 Multimon Control Panel Extension”
-> {HKLM…CLSID} = “NVIDIA NT4 Multimon Control Panel Extension”
\InProcServer32(Default) = “nvnt4cpl.dll” [“NVIDIA Corporation”]
“{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Eksplorator pulpitu”
-> {HKLM…CLSID} = “Eksplorator pulpitu”
\InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”]
“{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”]
“{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu”
-> {HKLM…CLSID} = “Portable Media Devices Menu”
\InProcServer32(Default) = “C:\WINDOWS\System32\Audiodev.dll” [MS]
“{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler”
-> {HKLM…CLSID} = “Microsoft Office Outlook”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL” [MS]
“{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler”
-> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL” [MS]
“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS]
“{85E0B171-04FA-11D1-B7DA-00A0C90348D6}” = “Ochrona WWW”
-> {HKLM…CLSID} = “Ochrona WWW”
\InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll” [“Kaspersky Lab”]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<> klogon\DLLName = “C:\WINDOWS\System32\klogon.dll” [“Kaspersky Lab”]
<> rpcc\DLLName = “C:\WINDOWS\System32\rpcc.dll” [null data]
HKLM\Software\Classes\PROTOCOLS\Filter\
<> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info”
-> {HKLM…CLSID} = “PDF Shell Extension”
\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”]
HKLM\Software\Classes*\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll” [“Kaspersky Lab”]
PowerArchiver(Default) = “{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}”
-> {HKLM…CLSID} = “PowerArchiver Shell Extensions”
\InProcServer32(Default) = “C:\Program Files\PowerArchiver\PASHLEXT.DLL” [“ConeXware, Inc.”]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll” [“Kaspersky Lab”]
PowerArchiver(Default) = “{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}”
-> {HKLM…CLSID} = “PowerArchiver Shell Extensions”
\InProcServer32(Default) = “C:\Program Files\PowerArchiver\PASHLEXT.DLL” [“ConeXware, Inc.”]
Group Policies {GPedit.msc branch and setting}:
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
“undockwithoutlogon” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
“Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp”
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
“Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp”
Enabled Screen Saver:
HKCU\Control Panel\Desktop\
“SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS]
Winsock2 Service Provider DLLs:
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]
000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID{85E0B171-04FA-11D1-B7DA-00A0C90348D6}(Default) = “Ochrona WWW”
Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll” [“Kaspersky Lab”]
HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie”
Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\
“ButtonText” = “Ochrona WWW”
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
“ButtonText” = “Badanie”
Running Services (Display Name, Service Name, Path {Service DLL}):
Kaspersky Anti-Virus 6.0, AVP, “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe -r” [“Kaspersky Lab”]
Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS]
NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\System32\nvsvc32.exe” [“NVIDIA Corporation”]
Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\System32\wdfmgr.exe” [MS]
Print Monitors:
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS]
<>: Suspicious data at a malware launch point.
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
DLL launch points, use the -supp parameter or answer “No” at the
first message box and “Yes” at the second message box.
---------- (total run time: 105 seconds, including 7 seconds for message boxes)
[qoute]
Złączono Posta : 12.11.2006 (Nie) 9:28
Oto logi z HT i Silenta
[qoute]
Logfile of HijackThis v1.99.1
Scan saved at 09:25:28, on 2006-11-12
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Mouse\MouseDrv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Rafał\Moje dokumenty\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM…\Run: [kav] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe”
O4 - HKLM…\Run: [DeluxMouse] C:\Program Files\Mouse\MouseDrv.exe
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - HKCU…\Run: [AQQ] C:\PROGRA~1\Wapster\AQQ\AQQ.exe
O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
[qoute]
[quote
“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“CTFMON.EXE” = “C:\WINDOWS\System32\ctfmon.exe” [MS]
“Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”]
“AQQ” = “C:\PROGRA~1\Wapster\AQQ\AQQ.exe” [“AQQ Sp. z o.o.”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” [MS]
“nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”]
“SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”]
“KernelFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -k”
“kav” = ““C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe”” [“Kaspersky Lab”]
“DeluxMouse” = “C:\Program Files\Mouse\MouseDrv.exe” [empty string]
HKLM\Software\Microsoft\Active Setup\Installed Components\
{306D6C21-C1B6-4629-986C-E59E1875B8AF}(Default) = (no title provided)
\StubPath = ““C:\WINDOWS\System32\rundll32.exe” “C:\Program Files\Messenger\msgsc.dll”,ShowIconsUser” [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM…CLSID} = “AcroIEHlprObj Class”
\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”
-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”
\InProcServer32(Default) = “deskpan.dll” [file not found]
“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”
-> {HKLM…CLSID} = “HyperTerminal Icon Ext”
\InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”]
“{6D0E6651-1CD8-11d6-92C4-0003479E4848}” = “NVIDIA NT4 Multimon Control Panel Extension”
-> {HKLM…CLSID} = “NVIDIA NT4 Multimon Control Panel Extension”
\InProcServer32(Default) = “nvnt4cpl.dll” [“NVIDIA Corporation”]
“{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Eksplorator pulpitu”
-> {HKLM…CLSID} = “Eksplorator pulpitu”
\InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”]
“{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”]
“{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu”
-> {HKLM…CLSID} = “Portable Media Devices Menu”
\InProcServer32(Default) = “C:\WINDOWS\System32\Audiodev.dll” [MS]
“{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler”
-> {HKLM…CLSID} = “Microsoft Office Outlook”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL” [MS]
“{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler”
-> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL” [MS]
“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS]
“{85E0B171-04FA-11D1-B7DA-00A0C90348D6}” = “Ochrona WWW”
-> {HKLM…CLSID} = “Ochrona WWW”
\InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll” [“Kaspersky Lab”]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<> klogon\DLLName = “C:\WINDOWS\System32\klogon.dll” [“Kaspersky Lab”]
<> rpcc\DLLName = “C:\WINDOWS\System32\rpcc.dll” [null data]
HKLM\Software\Classes\PROTOCOLS\Filter\
<> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info”
-> {HKLM…CLSID} = “PDF Shell Extension”
\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”]
HKLM\Software\Classes*\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll” [“Kaspersky Lab”]
PowerArchiver(Default) = “{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}”
-> {HKLM…CLSID} = “PowerArchiver Shell Extensions”
\InProcServer32(Default) = “C:\Program Files\PowerArchiver\PASHLEXT.DLL” [“ConeXware, Inc.”]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll” [“Kaspersky Lab”]
PowerArchiver(Default) = “{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}”
-> {HKLM…CLSID} = “PowerArchiver Shell Extensions”
\InProcServer32(Default) = “C:\Program Files\PowerArchiver\PASHLEXT.DLL” [“ConeXware, Inc.”]
Group Policies {GPedit.msc branch and setting}:
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
“undockwithoutlogon” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
“Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp”
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
“Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp”
Enabled Screen Saver:
HKCU\Control Panel\Desktop\
“SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS]
Winsock2 Service Provider DLLs:
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]
000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID{85E0B171-04FA-11D1-B7DA-00A0C90348D6}(Default) = “Ochrona WWW”
Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll” [“Kaspersky Lab”]
HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie”
Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\
“ButtonText” = “Ochrona WWW”
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
“ButtonText” = “Badanie”
Running Services (Display Name, Service Name, Path {Service DLL}):
Kaspersky Anti-Virus 6.0, AVP, “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe -r” [“Kaspersky Lab”]
Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS]
NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\System32\nvsvc32.exe” [“NVIDIA Corporation”]
Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\System32\wdfmgr.exe” [MS]
Print Monitors:
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS]
<>: Suspicious data at a malware launch point.
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
DLL launch points, use the -supp parameter or answer “No” at the
first message box and “Yes” at the second message box.
---------- (total run time: 105 seconds, including 7 seconds for message boxes)
[qoute]
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll
Problem z tym plikiem HT nie chce gop wykasować a w trybie awaryjnym tez nie chce sie wykasować.Co zrobić z tym jednym plikiem??
Otwórz notatnik i wklej :
Plik --> zapisz jako --> zmień rozszerzenie z .txt na wszystkie pliki --> zapisz jako FIX.BAT --> uruchom w awaryjnym.
Daj wtedy log z Silenta. 
[qoute]
“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“CTFMON.EXE” = “C:\WINDOWS\System32\ctfmon.exe” [MS]
“Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” [MS]
“nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”]
“SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”]
“kav” = ““C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe”” [“Kaspersky Lab”]
“DeluxMouse” = “C:\Program Files\Mouse\MouseDrv.exe” [empty string]
HKLM\Software\Microsoft\Active Setup\Installed Components\
{306D6C21-C1B6-4629-986C-E59E1875B8AF}(Default) = (no title provided)
\StubPath = ““C:\WINDOWS\System32\rundll32.exe” “C:\Program Files\Messenger\msgsc.dll”,ShowIconsUser” [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM…CLSID} = “AcroIEHlprObj Class”
\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”
-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”
\InProcServer32(Default) = “deskpan.dll” [file not found]
“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”
-> {HKLM…CLSID} = “HyperTerminal Icon Ext”
\InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”]
“{6D0E6651-1CD8-11d6-92C4-0003479E4848}” = “NVIDIA NT4 Multimon Control Panel Extension”
-> {HKLM…CLSID} = “NVIDIA NT4 Multimon Control Panel Extension”
\InProcServer32(Default) = “nvnt4cpl.dll” [“NVIDIA Corporation”]
“{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Eksplorator pulpitu”
-> {HKLM…CLSID} = “Eksplorator pulpitu”
\InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”]
“{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”]
“{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu”
-> {HKLM…CLSID} = “Portable Media Devices Menu”
\InProcServer32(Default) = “C:\WINDOWS\System32\Audiodev.dll” [MS]
“{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler”
-> {HKLM…CLSID} = “Microsoft Office Outlook”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL” [MS]
“{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler”
-> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL” [MS]
“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS]
“{85E0B171-04FA-11D1-B7DA-00A0C90348D6}” = “Ochrona WWW”
-> {HKLM…CLSID} = “Ochrona WWW”
\InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll” [“Kaspersky Lab”]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<> klogon\DLLName = “C:\WINDOWS\System32\klogon.dll” [“Kaspersky Lab”]
<> rpcc\DLLName = “C:\WINDOWS\System32\rpcc.dll” [null data]
HKLM\Software\Classes\PROTOCOLS\Filter\
<> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info”
-> {HKLM…CLSID} = “PDF Shell Extension”
\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”]
HKLM\Software\Classes*\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll” [“Kaspersky Lab”]
PowerArchiver(Default) = “{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}”
-> {HKLM…CLSID} = “PowerArchiver Shell Extensions”
\InProcServer32(Default) = “C:\Program Files\PowerArchiver\PASHLEXT.DLL” [“ConeXware, Inc.”]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll” [“Kaspersky Lab”]
PowerArchiver(Default) = “{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}”
-> {HKLM…CLSID} = “PowerArchiver Shell Extensions”
\InProcServer32(Default) = “C:\Program Files\PowerArchiver\PASHLEXT.DLL” [“ConeXware, Inc.”]
Group Policies {GPedit.msc branch and setting}:
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
“undockwithoutlogon” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
“Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp”
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
“Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp”
Enabled Screen Saver:
HKCU\Control Panel\Desktop\
“SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS]
Winsock2 Service Provider DLLs:
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]
000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID{85E0B171-04FA-11D1-B7DA-00A0C90348D6}(Default) = “Ochrona WWW”
Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll” [“Kaspersky Lab”]
HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie”
Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\
“ButtonText” = “Ochrona WWW”
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
“ButtonText” = “Badanie”
Running Services (Display Name, Service Name, Path {Service DLL}):
Kaspersky Anti-Virus 6.0, AVP, “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe -r” [“Kaspersky Lab”]
Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS]
NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\System32\nvsvc32.exe” [“NVIDIA Corporation”]
Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\System32\wdfmgr.exe” [MS]
Print Monitors:
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS]
<>: Suspicious data at a malware launch point.
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
DLL launch points, use the -supp parameter or answer “No” at the
first message box and “Yes” at the second message box.
---------- (total run time: 106 seconds, including 3 seconds for message boxes)
[qoute]
Użyj programu Killbox. Uruchamiasz zaznaczasz Delete on reboot, w polu full path of file wklej ścieżkę :
C:\WINDOWS\System32\rpcc.dll
Klikasz X i reset kompa.
I wtedy daj nowy log.
Rafikk Skasuj poniższy wpis w hjt:
No teraz wszytsko działa.Pliczek wykasowany dziex.
kurcze 
ja tez dziś załapałem takiego wirusa , istnieje jakiś prosty sposob aby to naprawić gdyż nie jestem az tak doświadczonym userem, mam windows 2000 i nie wiem nawet jak loga zrobic.Prosze pomozcie mi
dziekuje za podpowiedz 
pozdrowionka dla całego forum