mala.M
(mała.M)
31 Maj 2006 16:51
#1
Witam,
od pewnego czasu nie działa mi żaden komunikator /gg, skype, MSN itd./, ani też przeglądarka IE oraz WMP, podejrzewam że pewnie coś jeszcze jakby szukać dalej…
Problem zawsze jest ten sam: gg czy IE od razu się zamykają i wyskakuje komunikat: “Wystąpił problem z aplikacją … i zostanie ona zamknięta” a błąd dotyczy wininet.dll. Podejrzewam, że może mieć to związek z problemem fałszywej tapety… Raz pojawiła mi się takowa, w rogu ekranu była ikonka unistall, to ją uninstalowałam i myślałam, że po kłopocie… nic bardziej mylnego. Przejrzałam dział dotyczący fałszywych tapet, ale żadnej nie rozpoznałam, ani też nie zauważyłam podobnych błędów w moim logu. Próbowałam przywrócić wininet.dll z płyty instalacyjnej, w cmd pojawił się komunikat: “rozszerzono bajtów 28683 do 601500 przyrost 109%” - czyli operacja się udała? Naprawiałam poprzez ewindo, ale problem nie zniknął.
To jest mój log:
Logfile of HijackThis v1.99.1 Scan saved at 18:53:01, on 2006-05-31 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WIN\System32\smss.exe C:\WIN\system32\winlogon.exe C:\WIN\system32\services.exe C:\WIN\system32\lsass.exe C:\WIN\system32\svchost.exe C:\WIN\System32\svchost.exe C:\WIN\system32\spoolsv.exe C:\WIN\Explorer.EXE C:\WIN\system32\ntvdm.exe C:\Program Files\Computer Associates\InoculateIT\realmon.exe C:\WIN\system32\rundll32.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Winamp\winampa.exe C:\Zegarynka\Zegarynka.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WIN\system32\ctfmon.exe C:\install\pogoda\pogoda.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Computer Associates\Alert\ALERT.EXE C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Computer Associates\InoculateIT\InoRpc.exe C:\Program Files\Computer Associates\InoculateIT\InoRT.exe C:\Program Files\Computer Associates\InoculateIT\InoTask.exe C:\WIN\LogWatNT.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WIN\System32\nvsvc32.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\WinRAR\WinRAR.exe C:\WIN\system32\cmd.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\mortas\USTAWI~1\Temp\Rar$EX00.406\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wp.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - Default URLSearchHook is missing F3 - REG:win.ini: load=C:\YDPDict\watch.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\2.0.0\ShprRprt.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM…\Run: [WIN USB 2.0] winusb.exe O4 - HKLM…\Run: [Winmode] MCupdate.exe O4 - HKLM…\Run: [NVMixerTray] “C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe” O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WIN\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WIN\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [Realtime Monitor] “C:\Program Files\Computer Associates\InoculateIT\realmon.exe” O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM…\Run: [Grokster] C:\PROGRA~1\GROKSTER\GROKSTER.EXE /SYSTRAY O4 - HKLM…\Run: [OSS] C:\WIN\system32\ossproxy.exe -boot O4 - HKLM…\Run: [NeroFilterCheck] C:\WIN\system32\NeroCheck.exe O4 - HKLM…\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [Parallel Tasking] C:\Program Files\Parallel Tasking\ptask.exe O4 - HKLM…\Run: [sais] c:\program files\180solutions\sais.exe O4 - HKLM…\Run: [apsnorgx] C:\apsnorgx.exe O4 - HKLM…\Run: [FineReader7NewsReaderPro] C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe O4 - HKLM…\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe O4 - HKLM…\Run: [FtkCPY] “C:\Program Files\Common Files\Java\ftkcpy.exe” O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe” O4 - HKLM…\Run: [tvs_b] C:\program files\tvs\tvs_b.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [NeroCheck] C:\WIN\system32\NeroCheck.exe O4 - HKLM…\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM…\RunServices: [WIN USB 2.0] winusb.exe O4 - HKLM…\RunServices: [Winmode] MCupdate.exe O4 - HKCU…\Run: [WIN USB 2.0] winusb.exe O4 - HKCU…\Run: [Winmode] MCupdate.exe O4 - HKCU…\Run: [Zegarynka] C:\Zegarynka\Zegarynka.exe O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background O4 - HKCU…\Run: [ctfmon.exe] C:\WIN\system32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [tray] C:\install\pogoda\pogoda.exe /tray O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WIN\System32\msjava.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WIN\System32\msjava.dll O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program Files\MultiPoker\MultiPoker.exe (file missing) O9 - Extra ‘Tools’ menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program Files\MultiPoker\MultiPoker.exe (file missing) O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\2.0.0\ShprRprt.dll (file missing) O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\2.0.0\ShprRprt.dll (file missing) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://arcaonline.arcabit.com O15 - Trusted Zone: http://www.mks.com.pl O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_20.cab O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_70.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/pl/boards_2_0_0_22.cab O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) - http://67.15.101.3/g_bin/pl/slots90_2_0_0_29.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v … 6197003453 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_39.cab O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://67.15.101.3/g_bin/pl/slots70_2_0_0_29.cab O16 - DPF: {A854AD6D-6DB5-41FB-8044-0BD38092A007} (Ganymede Sudoku) - http://67.15.101.3/g_bin/pl/sudoku_2_0_0_7.cab O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.3/g_bin/pl/darts_2_0_0_34.cab O16 - DPF: {AD7013FF-1D9A-4F36-94A6-3CD408A663F9} (GameDesire BreakOut) - http://67.15.101.3/g_bin/pl/breakout_2_0_0_20.cab O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/pl/words_2_0_0_38.cab O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://67.15.101.3/g_bin/pl/wordssingle_2_0_0_36.cab O16 - DPF: {CB53713E-8CE4-4571-9A31-98DD999B79D3} (GameDesire Chat Manager) - http://67.15.101.3/g_bin/ginadmin_2_0_0_3.cab O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://67.15.101.3/g_bin/pl/mahjong_2_0_0_23.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab O16 - DPF: {ECEAD8AE-01D6-11D5-9A39-0080C8D85044} (GameDesire Slots 80th) - http://67.15.101.3/g_bin/pl/slots80_2_0_0_26.cab O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_22.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_24.cab O17 - HKLM\System\CCS\Services\Tcpip…{23E7C99F-DD73-4338-9AA0-48CE3FEB42D3}: NameServer = 10.0.0.2 O17 - HKLM\System\CCS\Services\Tcpip…{D8E73941-BE8A-4732-8166-0273A20D026B}: NameServer = 194.204.152.34 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip…{23E7C99F-DD73-4338-9AA0-48CE3FEB42D3}: NameServer = 10.0.0.2 O17 - HKLM\System\CS2\Services\Tcpip…{23E7C99F-DD73-4338-9AA0-48CE3FEB42D3}: NameServer = 10.0.0.2 O17 - HKLM\System\CS3\Services\Tcpip…{23E7C99F-DD73-4338-9AA0-48CE3FEB42D3}: NameServer = 10.0.0.2 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing) O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) O23 - Service: Alert Notification Server - Computer Associates International, Inc. - C:\Program Files\Computer Associates\Alert\ALERT.EXE O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\mortas\USTAWI~1\Temp\hpdj.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InoculateIT RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\Computer Associates\InoculateIT\InoRpc.exe O23 - Service: InoculateIT Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\Computer Associates\InoculateIT\InoRT.exe O23 - Service: InoculateIT Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\Computer Associates\InoculateIT\InoTask.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WIN\LogWatNT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WIN\System32\nvsvc32.exe
Za pomoc z góry dziękuję
====================================
Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE
Proponuje poczytać TEN temat i zobacz jaka jest prośba do userów wklejających loga.
Pozdrawiam kuz5
Ściągnij Windows Woorms Door Cleaner , odpal>>>zmień wszystkie znaczki z disable na enable>>>po użyciu narzedzia wymagany jest reset kompa.
start>>>uruchom>>>services.msc>>>zatrzymaj i wyłącz hpdj
1.Startujesz do trybu awaryjnego
2.Wyłanczasz przywracanie systemu (tylko Me/Xp)
3.Kasujesz wpisy w HijackThis
4.Kasujesz pogrubione pliki/foldery
5.Dajesz nowy log z hjt + log z Silent Runners
mala.M
(mała.M)
31 Maj 2006 19:05
#3
Dziękuję bardzo za szybką odpowiedź to są moje nowe logi:
Logfile of HijackThis v1.99.1 Scan saved at 21:06:15, on 2006-05-31 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WIN\System32\smss.exe C:\WIN\system32\winlogon.exe C:\WIN\system32\services.exe C:\WIN\system32\lsass.exe C:\WIN\system32\svchost.exe C:\WIN\System32\svchost.exe C:\WIN\system32\spoolsv.exe C:\WIN\Explorer.EXE C:\WIN\system32\ntvdm.exe C:\Program Files\Computer Associates\InoculateIT\realmon.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\WIN\system32\rundll32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Winamp\winampa.exe C:\Zegarynka\Zegarynka.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WIN\system32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\install\pogoda\pogoda.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Computer Associates\Alert\ALERT.EXE C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Computer Associates\InoculateIT\InoRpc.exe C:\Program Files\Computer Associates\InoculateIT\InoRT.exe C:\Program Files\Computer Associates\InoculateIT\InoTask.exe C:\WIN\LogWatNT.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WIN\System32\nvsvc32.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WIN\system32\NOTEPAD.EXE C:\Documents and Settings\mortas\Pulpit\Naprawa systemu\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wp.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F3 - REG:win.ini: load=C:\YDPDict\watch.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM…\Run: [NVMixerTray] “C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe” O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WIN\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WIN\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [Realtime Monitor] “C:\Program Files\Computer Associates\InoculateIT\realmon.exe” O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM…\Run: [Grokster] C:\PROGRA~1\GROKSTER\GROKSTER.EXE /SYSTRAY O4 - HKLM…\Run: [NeroFilterCheck] C:\WIN\system32\NeroCheck.exe O4 - HKLM…\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [FineReader7NewsReaderPro] C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe O4 - HKLM…\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe” O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [NeroCheck] C:\WIN\system32\NeroCheck.exe O4 - HKLM…\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKCU…\Run: [Zegarynka] C:\Zegarynka\Zegarynka.exe O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background O4 - HKCU…\Run: [ctfmon.exe] C:\WIN\system32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [tray] C:\install\pogoda\pogoda.exe /tray O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WIN\System32\msjava.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WIN\System32\msjava.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\2.0.0\ShprRprt.dll (file missing) O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\2.0.0\ShprRprt.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://arcaonline.arcabit.com O15 - Trusted Zone: http://www.mks.com.pl O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_20.cab O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_70.cab O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/pl/boards_2_0_0_22.cab O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) - http://67.15.101.3/g_bin/pl/slots90_2_0_0_29.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v … 6197003453 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_39.cab O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://67.15.101.3/g_bin/pl/slots70_2_0_0_29.cab O16 - DPF: {A854AD6D-6DB5-41FB-8044-0BD38092A007} (Ganymede Sudoku) - http://67.15.101.3/g_bin/pl/sudoku_2_0_0_7.cab O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.3/g_bin/pl/darts_2_0_0_34.cab O16 - DPF: {AD7013FF-1D9A-4F36-94A6-3CD408A663F9} (GameDesire BreakOut) - http://67.15.101.3/g_bin/pl/breakout_2_0_0_20.cab O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/pl/words_2_0_0_38.cab O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://67.15.101.3/g_bin/pl/wordssingle_2_0_0_36.cab O16 - DPF: {CB53713E-8CE4-4571-9A31-98DD999B79D3} (GameDesire Chat Manager) - http://67.15.101.3/g_bin/ginadmin_2_0_0_3.cab O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://67.15.101.3/g_bin/pl/mahjong_2_0_0_23.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab O16 - DPF: {ECEAD8AE-01D6-11D5-9A39-0080C8D85044} (GameDesire Slots 80th) - http://67.15.101.3/g_bin/pl/slots80_2_0_0_26.cab O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_22.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_24.cab O17 - HKLM\System\CCS\Services\Tcpip…{23E7C99F-DD73-4338-9AA0-48CE3FEB42D3}: NameServer = 10.0.0.2 O17 - HKLM\System\CCS\Services\Tcpip…{D8E73941-BE8A-4732-8166-0273A20D026B}: NameServer = 194.204.152.34 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip…{23E7C99F-DD73-4338-9AA0-48CE3FEB42D3}: NameServer = 10.0.0.2 O17 - HKLM\System\CS2\Services\Tcpip…{23E7C99F-DD73-4338-9AA0-48CE3FEB42D3}: NameServer = 10.0.0.2 O17 - HKLM\System\CS3\Services\Tcpip…{23E7C99F-DD73-4338-9AA0-48CE3FEB42D3}: NameServer = 10.0.0.2 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing) O23 - Service: Alert Notification Server - Computer Associates International, Inc. - C:\Program Files\Computer Associates\Alert\ALERT.EXE O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\mortas\USTAWI~1\Temp\hpdj.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InoculateIT RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\Computer Associates\InoculateIT\InoRpc.exe O23 - Service: InoculateIT Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\Computer Associates\InoculateIT\InoRT.exe O23 - Service: InoculateIT Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\Computer Associates\InoculateIT\InoTask.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WIN\LogWatNT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WIN\System32\nvsvc32.exe
“Silent Runners.vbs”, revision 45, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “Zegarynka” = “C:\Zegarynka\Zegarynka.exe” [null data] “MsnMsgr” = ““C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background” [MS] “ctfmon.exe” = “C:\WIN\system32\ctfmon.exe” [MS] “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“sms-express.com ”] “Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”] “tray” = “C:\install\pogoda\pogoda.exe /tray” [“Pogoda Inc.”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “NVMixerTray” = ““C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe”” [“NVIDIA Corporation”] “NvCplDaemon” = “RUNDLL32.EXE C:\WIN\System32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NvMediaCenter” = “RUNDLL32.EXE C:\WIN\System32\NvMcTray.dll,NvTaskbarInit” [MS] “Realtime Monitor” = ““C:\Program Files\Computer Associates\InoculateIT\realmon.exe”” [“Computer Associates International, Inc.”] “SunJavaUpdateSched” = “C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe” [null data] “Grokster” = “C:\PROGRA~1\GROKSTER\GROKSTER.EXE /SYSTRAY” [file not found] “NeroFilterCheck” = “C:\WIN\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “zSPGuard” = "c:\program files\pjw\spguard\spguard.exe /s " [file not found] “TkBellExe” = ““C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot” [“RealNetworks, Inc.”] “FineReader7NewsReaderPro” = “C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe” [“ABBYY (BIT Software)”] “MKS_MENU” = “C:\Program Files\MKS\Bin\mks_menu.exe” [file not found] “iTunesHelper” = ““C:\Program Files\iTunes\iTunesHelper.exe”” [“Apple Computer, Inc.”] “QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”] “WinampAgent” = “C:\Program Files\Winamp\winampa.exe” [null data] “NeroCheck” = “C:\WIN\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “InCD” = “C:\Program Files\Ahead\InCD\InCD.exe” [file not found] HKLM\Software\Microsoft\Active Setup\Installed Components\ >{26923b43-4d38-484f-9b9e-de460746276c}(Default) = “Internet Explorer” \StubPath = “C:\WIN\system32\shmgrate.exe OCInstallUserConfigIE” [MS] >{881dd1c5-3dcf-431b-b061-f3f88e8be88a}(Default) = “Outlook Express” \StubPath = “C:\WIN\system32\shmgrate.exe OCInstallUserConfigOE” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\PROGRA~1\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”] {AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided) -> {HKLM…CLSID} = “Google Toolbar Helper” \InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WIN\System32\hticons.dll” [“Hilgraeve, Inc.”] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WIN\System32\nvcpl.dll” [“NVIDIA Corporation”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WIN\System32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WIN\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WIN\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WIN\System32\nvshell.dll” [“NVIDIA Corporation”] “{DCED20BE-3645-11D4-BC95-00C04F0E0588}” = “InoShell” -> {HKLM…CLSID} = “InoShell” \InProcServer32(Default) = “C:\Program Files\Computer Associates\InoculateIT\InoShell.dll” [“Computer Associates International, Inc.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{AB77609F-2178-4E6F-9C4B-44AC179D937A}” = “a˛ Context Menu Shell Extension” -> {HKLM…CLSID} = “a˛ Context Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\A2FREE~1\A2CONT~1.DLL” [null data] “{640167b4-59b0-47a6-b335-a6b3c0695aea}” = “Portable Media Devices” -> {HKLM…CLSID} = “Portable Media Devices” \InProcServer32(Default) = “C:\WIN\system32\Audiodev.dll” [MS] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WIN\system32\Audiodev.dll” [MS] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” -> {HKLM…CLSID} = “RealOne Player Context Menu Class” \InProcServer32(Default) = “C:\Program Files\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”] “{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD}” = “Skladnik rozszerzenia powloki CorelDRAW” -> {HKLM…CLSID} = “CorelDRAW Shell Extension Component” \InProcServer32(Default) = “C:\Program Files\Corel11\Corel Graphics 11\DRAW\CDRVIEWER\CrlShell110.dll” [null data] “{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}” = “iTunes” -> {HKLM…CLSID} = “iTunes” \InProcServer32(Default) = “C:\Program Files\iTunes\iTunesMiniPlayer.dll” [“Apple Computer, Inc.”] “{21569614-B795-46b1-85F4-E737A8DC09AD}” = “Shell Search Band” -> {HKLM…CLSID} = “Shell Search Band” \InProcServer32(Default) = “C:\WIN\system32\browseui.dll” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! “{54D9498B-CF93-414F-8984-8CE7FDE0D391}” = “ewido shell guard” -> {HKLM…CLSID} = “CShellExecuteHookImpl Object” \InProcServer32(Default) = “C:\Program Files\ewido anti-malware\shellhook.dll” ["TODO: "] HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ INFECTION WARNING! “load” = “C:\YDPDict\watch.exe” [null data] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ ewido(Default) = “{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}” -> {HKLM…CLSID} = “Ctest Object” \InProcServer32(Default) = “C:\Program Files\ewido anti-malware\context.dll” [“ewido networks”] InoShell(Default) = “{DCED20BE-3645-11D4-BC95-00C04F0E0588}” -> {HKLM…CLSID} = “InoShell” \InProcServer32(Default) = “C:\Program Files\Computer Associates\InoculateIT\InoShell.dll” [“Computer Associates International, Inc.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ewido(Default) = “{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}” -> {HKLM…CLSID} = “Ctest Object” \InProcServer32(Default) = “C:\Program Files\ewido anti-malware\context.dll” [“ewido networks”] InoShell(Default) = “{DCED20BE-3645-11D4-BC95-00C04F0E0588}” -> {HKLM…CLSID} = “InoShell” \InProcServer32(Default) = “C:\Program Files\Computer Associates\InoculateIT\InoShell.dll” [“Computer Associates International, Inc.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ a2ContMenu(Default) = “{AB77609F-2178-4E6F-9C4B-44AC179D937A}” -> {HKLM…CLSID} = “a˛ Context Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\A2FREE~1\A2CONT~1.DLL” [null data] FineReader(Default) = “{AC0DD14A-8F29-4F88-BE1D-0F0ED1B06C9F}” -> {HKLM…CLSID} = “FineReaderExplorerContextMenuHandler” \InProcServer32(Default) = “c:\program files\abbyy finereader 7.0 professional edition\fecmenu.dll” [“ABBYY (BIT Software)”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\mortas\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Startup items in “mortas” & “All Users” startup folders: -------------------------------------------------------- C:\Documents and Settings\All Users.WIN\Menu Start\Programy\Autostart “DSLMON” -> shortcut to: “C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W” [empty string] “Adobe Gamma Loader” -> shortcut to: “C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe” [“Adobe Systems, Inc.”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided) -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”] Explorer Bars HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ {2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}(Default) = (no title provided) -> {HKLM…CLSID} = “ShopperReports – Price Comparison” \InProcServer32(Default) = “C:\Program Files\ShopperReports\Bin\2.0.0\ShprRprt.dll” [file not found] {A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}(Default) = (no title provided) -> {HKLM…CLSID} = “ShopperReports – Price Comparison” \InProcServer32(Default) = “C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll” [file not found] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{08B0E5C0-4FCB-11CF-AAA5-00401C608501}” -> {HKLM…CLSID} = “Web Browser Applet Control” \InProcServer32(Default) = “C:\WIN\System32\msjava.dll” [MS] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” {946B3E9E-E21A-49C8-9F63-900533FAFE14}\ “ButtonText” = “ShopperReports - Compare product prices” “CLSIDExtension” = “{580a1f3f-89b4-433b-bbdb-b97aeb13f3fc}” -> {HKLM…CLSID} = “IEButton” \InProcServer32(Default) = “C:\Program Files\ShopperReports\Bin\2.0.0\ShprRprt.dll” [file not found] {946B3E9E-E21A-49C8-9F63-900533FAFE15}\ “ButtonText” = “ShopperReports - Compare travel rates” “CLSIDExtension” = “{454b4812-e572-4703-a1bb-63490809eac0}” -> {HKLM…CLSID} = “IEButtonA” \InProcServer32(Default) = “C:\Program Files\ShopperReports\Bin\2.0.0\ShprRprt.dll” [file not found] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Alert Notification Server, Alert Notification Server, ““C:\Program Files\Computer Associates\Alert\ALERT.EXE”” [“Computer Associates International, Inc.”] Event Log Watch, LogWatch, “C:\WIN\LogWatNT.exe” [null data] ewido security suite control, ewido security suite control, “C:\Program Files\ewido anti-malware\ewidoctrl.exe” [“ewido networks”] InoculateIT Job Server, InoTask, ““C:\Program Files\Computer Associates\InoculateIT\InoTask.exe”” [“Computer Associates International, Inc.”] InoculateIT Realtime Server, InoRT, ““C:\Program Files\Computer Associates\InoculateIT\InoRT.exe”” [“Computer Associates International, Inc.”] InoculateIT RPC Server, InoRPC, ““C:\Program Files\Computer Associates\InoculateIT\InoRpc.exe”” [“Computer Associates International, Inc.”] iPodService, iPodService, “C:\Program Files\iPod\bin\iPodService.exe” [“Apple Computer, Inc.”] Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS] NVIDIA Display Driver Service, NVSvc, “C:\WIN\System32\nvsvc32.exe” [“NVIDIA Corporation”] Windows User Mode Driver Framework, UMWdf, “C:\WIN\system32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzlnt09\Driver = “hpzlnt09.dll” [“HP”] Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer “No” at the first message box. ---------- (total run time: 34 seconds, including 10 seconds for message boxes)
start>>>uruchom>>>services.msc>>>zatrzymaj i wyłącz hpdj
skasuj w hjt:
wyczyść katalog temp
Przeczyść rejestr np. programem jv16 PowerTools 1.3.0.195
mala.M
(mała.M)
31 Maj 2006 20:21
#5
wszystko zrobiłam, rejestr wyczyszczony, dalej zgłasza problem z wininet.dll
Logfile of HijackThis v1.99.1 Scan saved at 22:22:14, on 2006-05-31 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WIN\System32\smss.exe C:\WIN\system32\winlogon.exe C:\WIN\system32\services.exe C:\WIN\system32\lsass.exe C:\WIN\system32\svchost.exe C:\WIN\System32\svchost.exe C:\WIN\system32\spoolsv.exe C:\WIN\Explorer.EXE C:\WIN\system32\ntvdm.exe C:\Program Files\Computer Associates\InoculateIT\realmon.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\WIN\system32\rundll32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Winamp\winampa.exe C:\Zegarynka\Zegarynka.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WIN\system32\ctfmon.exe C:\install\pogoda\pogoda.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Computer Associates\Alert\ALERT.EXE C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Computer Associates\InoculateIT\InoRpc.exe C:\Program Files\Computer Associates\InoculateIT\InoRT.exe C:\Program Files\Computer Associates\InoculateIT\InoTask.exe C:\WIN\LogWatNT.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WIN\System32\nvsvc32.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\mortas\Pulpit\Naprawa systemu\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wp.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F3 - REG:win.ini: load=C:\YDPDict\watch.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM…\Run: [NVMixerTray] “C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe” O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WIN\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WIN\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [Realtime Monitor] “C:\Program Files\Computer Associates\InoculateIT\realmon.exe” O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM…\Run: [Grokster] C:\PROGRA~1\GROKSTER\GROKSTER.EXE /SYSTRAY O4 - HKLM…\Run: [NeroFilterCheck] C:\WIN\system32\NeroCheck.exe O4 - HKLM…\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [FineReader7NewsReaderPro] C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe O4 - HKLM…\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe” O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [NeroCheck] C:\WIN\system32\NeroCheck.exe O4 - HKLM…\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKCU…\Run: [Zegarynka] C:\Zegarynka\Zegarynka.exe O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background O4 - HKCU…\Run: [ctfmon.exe] C:\WIN\system32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [tray] C:\install\pogoda\pogoda.exe /tray O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WIN\System32\msjava.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WIN\System32\msjava.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\2.0.0\ShprRprt.dll (file missing) O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\2.0.0\ShprRprt.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://arcaonline.arcabit.com O15 - Trusted Zone: http://www.mks.com.pl O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_20.cab O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_70.cab O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/pl/boards_2_0_0_22.cab O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) - http://67.15.101.3/g_bin/pl/slots90_2_0_0_29.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v … 6197003453 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_39.cab O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://67.15.101.3/g_bin/pl/slots70_2_0_0_29.cab O16 - DPF: {A854AD6D-6DB5-41FB-8044-0BD38092A007} (Ganymede Sudoku) - http://67.15.101.3/g_bin/pl/sudoku_2_0_0_7.cab O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.3/g_bin/pl/darts_2_0_0_34.cab O16 - DPF: {AD7013FF-1D9A-4F36-94A6-3CD408A663F9} (GameDesire BreakOut) - http://67.15.101.3/g_bin/pl/breakout_2_0_0_20.cab O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/pl/words_2_0_0_38.cab O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://67.15.101.3/g_bin/pl/wordssingle_2_0_0_36.cab O16 - DPF: {CB53713E-8CE4-4571-9A31-98DD999B79D3} (GameDesire Chat Manager) - http://67.15.101.3/g_bin/ginadmin_2_0_0_3.cab O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://67.15.101.3/g_bin/pl/mahjong_2_0_0_23.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab O16 - DPF: {ECEAD8AE-01D6-11D5-9A39-0080C8D85044} (GameDesire Slots 80th) - http://67.15.101.3/g_bin/pl/slots80_2_0_0_26.cab O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_22.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_24.cab O17 - HKLM\System\CCS\Services\Tcpip…{23E7C99F-DD73-4338-9AA0-48CE3FEB42D3}: NameServer = 10.0.0.2 O17 - HKLM\System\CCS\Services\Tcpip…{D8E73941-BE8A-4732-8166-0273A20D026B}: NameServer = 194.204.152.34 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip…{23E7C99F-DD73-4338-9AA0-48CE3FEB42D3}: NameServer = 10.0.0.2 O17 - HKLM\System\CS2\Services\Tcpip…{23E7C99F-DD73-4338-9AA0-48CE3FEB42D3}: NameServer = 10.0.0.2 O17 - HKLM\System\CS3\Services\Tcpip…{23E7C99F-DD73-4338-9AA0-48CE3FEB42D3}: NameServer = 10.0.0.2 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing) O23 - Service: Alert Notification Server - Computer Associates International, Inc. - C:\Program Files\Computer Associates\Alert\ALERT.EXE O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InoculateIT RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\Computer Associates\InoculateIT\InoRpc.exe O23 - Service: InoculateIT Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\Computer Associates\InoculateIT\InoRT.exe O23 - Service: InoculateIT Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\Computer Associates\InoculateIT\InoTask.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WIN\LogWatNT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WIN\System32\nvsvc32.exe
Bieniol
(Bbieniol)
31 Maj 2006 20:32
#6
Otwórz notatnik i wklej w nim to:
Plik --> zapisz jako --> zmień rozszerzenie na wszystkie pliki --> zapisz pod nazwą FIX.REG
Usuwasz ręcznie z dysku (o ile będzie) folder:
C:\Program Files\ ShopperReports
W trybie awaryjnym odpal plik FIX.REG i potwierdź dodanie do rejestru i reset kompa
1. Umieszczasz CD Windowsa w napędzie. 2. Start >>> Uruchom >>> cmd i wpisujesz komendę: EXPAND X:\i386\WININET.DL_ C:\WINDOWS\SYSTEM32\WININET.DLL X - tu podstawiasz literę CD-ROMu, użytkownicy Windows 2000 oczywiście wpisują C:\WINNT zamiast C:\WINDOWS. Jeśli to zawiedzie należy uruchomić z CD XP tzw. Konsolę Odzyskiwania i wpisać w jej linii komend: EXPAND X:\i386\WININET.DL_ C:\WINDOWS\SYSTEM32
mala.M
(mała.M)
1 Czerwiec 2006 12:57
#7
zmagań ciąg dalszy…
Bieniol zrobiłam tak jak napisałeś FIX.REG dodany do rejestru jeśli chodzi o winninet.dll to tak jak już pisałam próbowałam go odzyskać z płyty CD Windowsa, ale nic to nie pomogło… :?
mala.M
(mała.M)
1 Czerwiec 2006 13:36
#9
Użyłam SmithraudFix… niestety nic…
pytanie takie nie padło
SmitFraudFix v2.53 Scan done at 15:20:46,82, 2006-06-01 Run from C:\Documents and Settings\mortas\Pulpit\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT Fix ran in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler’s .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler’s .dll »»»»»»»»»»»»»»»»»»»»»»»» End