Problem z


(Patrol69) #1

Mam taki problem ,mianowicie weszlem na jedna stronke ktora sie dlugo ladowala , inagle po jej zamknieciu spojrzalem na pulpit, a tam wszystkie skroty staly sie niedostepne (tzn. ikonki przy skrotach sa tj.---> otworz za pomoca..)Nie wiem juz co robic ,wkleilbym loog z hijacka ale tez nie idzie bo ta ikonka jest taka sama jak pozostale

wklejam tu on-line scan z pandy bo nic innego nie idzie zrobic

Bardzo, bardzo was prosze o pomoc

Zdarzenie Status Lokalizacja                                                                                                                                                                                                                                                     


Spyware:spyware/dyfuca Nie wyleczalny C:\Documents and Settings\PatroL\Ustawienia lokalne\Temp\cfout.txt                                                                                                                                                                                              

Adware:Adware/IST.ISTBar Nie wyleczalny C:\Documents and Settings\PatroL\Ustawienia lokalne\Temp\fl1rA29.exe                                                                                                                                                                                            

Adware:Adware/WUpd Nie wyleczalny C:\Documents and Settings\PatroL\Ustawienia lokalne\Temp\Temporary Internet Files\Content.IE5\45M7GXIF\pdfq2lib[1].htm                                                                                                                                          

Adware:Adware/WUpd Nie wyleczalny C:\Documents and Settings\PatroL\Ustawienia lokalne\Temp\Temporary Internet Files\Content.IE5\GPI785YR\bridge-c282[1].cab[MediaGatewayX.dll]                                                                                                                    

Adware:Adware/WUpd Nie wyleczalny C:\Documents and Settings\PatroL\Ustawienia lokalne\Temp\Temporary Internet Files\Content.IE5\GPI785YR\init[1].js                                                                                                                                               

Adware:Adware/WUpd Nie wyleczalny C:\Documents and Settings\PatroL\Ustawienia lokalne\Temp\Temporary Internet Files\Content.IE5\SX2ZOXYR\go[1].htm                                                                                                                                                

Adware:Adware/WUpd Nie wyleczalny C:\Documents and Settings\PatroL\Ustawienia lokalne\Temp\Temporary Internet Files\Content.IE5\SX2ZOXYR\licznik[1].htm                                                                                                                                           

Adware:Adware/nCase Nie wyleczalny C:\Documents and Settings\PatroL\Ustawienia lokalne\Temp\Temporary Internet Files\Content.IE5\SX2ZOXYR\prompt_ie_win[1].js                                                                                                                                      

Adware:Adware/WUpd Nie wyleczalny C:\Internet\do wypakowania\backups\backup-20050825-194133-315.dll                                                                                                                                                                                               

Adware:Adware/WUpd Nie wyleczalny C:\Internet\do wypakowania\backups\backup-20051009-100003-675.dll                                                                                                                                                                                               

Virus:Trj/Banker.AZG Zdezynfekowany C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.dll                                                                                                                                                                                         

Adware:Adware/Exact.BargainBuddyNie wyleczalny C:\Program Files\Media Gateway\MediaGateway.exe                                                                                                                                                                                                                 

Adware:Adware/SpySheriff Nie wyleczalny C:\Program Files\SpySheriff\heur002.dll                                                                                                                                                                                                                         

Adware:Adware/SpywareNo Nie wyleczalny C:\Program Files\SpySheriff\IESecurity.dll                                                                                                                                                                                                                      

Adware:Adware/SpywareNo Nie wyleczalny C:\Program Files\SpySheriff\ProcMon.dll                                                                                                                                                                                                                         

Adware:Adware/SpySheriff Nie wyleczalny C:\Program Files\SpySheriff\Uninstall.exe                                                                                                                                                                                                                       

Adware:Adware/WinAD Nie wyleczalny C:\WINDOWS\Downloaded Program Files\MediaAccX.dll                                                                                                                                                                                                               

Adware:Adware/WUpd Nie wyleczalny C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll                                                                                                                                                                                                           

Adware:Adware/WinAD Nie wyleczalny C:\WINDOWS\Downloaded Program Files\MediaPassX.dll                                                                                                                                                                                                              

Spyware:Spyware/New.net Nie wyleczalny C:\WINDOWS\NDNuninstall6_38.exe                                                                                                                                                                                                                                 

Dialer:Dialer.DKD Nie wyleczalny C:\WINDOWS\system32\countrydial.exe                                                                                                                                                                                                                             

Adware:adware/wupd Nie wyleczalny C:\WINDOWS\system32\ide21201.vxd                                                                                                                                                                                                                                

Dialer:Dialer.CVM Nie wyleczalny C:\WINDOWS\system32\paydial.exe                                                                                                                                                                                                                                 

Adware:adware/cws.searchmeup Nie wyleczalny C:\WINDOWS\system32\paytime.exe                                                                                                                                                                                                                                 

Virus:Trj/Banker.AZG Zdezynfekowany C:\WINDOWS\Temp\$_2341233.EXE                                                                                                                                                                                                                                   

Adware:Adware/Spywad Nie wyleczalny C:\WINDOWS\tool2.exe                                                                                                                                                                                                                                            

Adware:Adware/WUpd Nie wyleczalny C:\WINDOWS\WindUp.exe

(Qbek50) #2

wrzuć loga:

http://forum.dobreprogramy.pl/viewtopic.php?t=36654


(Bunio) #3

8)


(Patrol69) #4

no wlasnie !!

Wkleilbym tego loga ale nie moge uruchomic zadnego programu !!


(Qbek50) #5

zobacz czy to pójdzie:

Klik


(Patrol69) #6

poszlo dziexik

oto i log

Logfile of HijackThis v1.99.1

Scan saved at 16:37:57, on 2005-10-13

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Programki\Panda Antivirus Platinum\pavsrv51.exe

C:\Programki\Panda Antivirus Platinum\AVENGINE.EXE

C:\Programki\Panda Antivirus Platinum\apvxdwin.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Programki\Panda Antivirus Platinum\pavProxy.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Internet\hijackthis.com


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [SCANINICIO] "C:\Programki\Panda Antivirus Platinum\Inicio.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Programki\Panda Antivirus Platinum\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [Overnet] C:\Programki\Overnet0,53a\Overnet.exe -t

O4 - HKLM\..\Run: [MediaKey] C:\PROGRA~1\INTERN~2\MEDIAKEY.EXE

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - Startup: JTVRemote.lnk = C:\Programki\JTV\JTVRemote.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Programki\Panda Antivirus Platinum\Firewall\PavFires.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Programki\Panda Antivirus Platinum\pavsrv51.exe

Złączono Posta : 13.10.2005 (Czw) 16:46

loog chyba wyglada na czystego , co o tym myslicie ??

W takim razie w czym moze tkwic problem


(Gutek) #7

LOG Ok widze że musisz zrobić tak - oczyścić w trybie awaryjnym:

Temp, Temporary Internet Files

Files\Common Files\Microsoft Shared\Web Folders**** ibm00003.dll

C:\Program Files**** Media Gateway ****\MediaGateway.exe

C:\Program Files**** SpySheriff ****\heur002.dll

C:\WINDOWS\Downloaded Program Files**** MediaAccX.dll

C:\WINDOWS\Downloaded Program Files**** MediaGatewayX.dll

C:\WINDOWS\Downloaded Program Files**** MediaPassX.dll

C:\WINDOWS**** NDNuninstall6_38.exe

C:\WINDOWS\system32**** countrydial.exe

C:\WINDOWS\system32**** ide21201.vxd

C:\WINDOWS\system32**** paydial.exe

C:\WINDOWS\system32**** paytime.exe

C:\WINDOWS\Temp\$_2341233.EXE

C:\WINDOWS**** tool2.exe

C:\WINDOWS**** WindUp.exe - jak czyścić usunać wpisy ręcznie

Poczytaj SpySheriff tapeta: SpySheriff


(Patrol69) #8

mam to wywalic z rejestru (urochom-->regedit) czy inaczej ??


(Gutek) #9

Jaki rejestr na dysku są nie idzisz lokalizacji np. C:\Program Files\Media Gateway\MediaGateway.exe


(Patrol69) #10

no zrobilem tak jak mi kazales i dalej to samo ;(

Złączono Posta : 13.10.2005 (Czw) 17:39

no nie chce mi sie wierzyc ze nikt na forum nie wie co to moze byc ??

nic nie moge wlaczyc, dziala tylko internet i moj komputer, a tak wszystko od painta po dodaj usun nie chce sie uruchomic

Blagam pomozcie


(Gutek) #11

Daj log z Silent Runners


(Patrol69) #12

Moze wam pomoze jeszcze jedna wskazowka, a mianowicie po wlaczeniu kompa ad-watch zaraegowal i wszystko co bylo mozliwe to poblokowalem moze to jest przyczna??

jak myslicie??

Złączono Posta : 13.10.2005 (Czw) 23:01

a oto i ten log co chciales

"Silent Runners.vbs", revision 41, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["sms-express.com"]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"SiSUSBRG" = "C:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."]

"SCANINICIO" = ""C:\Programki\Panda Antivirus Platinum\Inicio.exe"" ["Panda Software"]

"APVXDWIN" = ""C:\Programki\Panda Antivirus Platinum\APVXDWIN.EXE" /s" ["Panda Software International"]

"Overnet" = "C:\Programki\Overnet0,53a\Overnet.exe -t" [empty string]

"MediaKey" = "C:\PROGRA~1\INTERN~2\MEDIAKEY.EXE" ["Dritek System Inc."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Eksplorator pulpitów"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{65756541-C65C-11CD-0000-4B656E696100}" = "Panda Antivirus"

  -> {CLSID}\InProcServer32\(Default) = "C:\Programki\Panda Antivirus Platinum\pavOLE.dll" ["Panda Software"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {CLSID}\InProcServer32\(Default) = "C:\Programki\win rar\rarext.dll" [null data]

"{40950107-FEA6-4d53-A65F-B2DCBA57DD58}" = "Nokia Phone Browser"

  -> {CLSID}\InProcServer32\(Default) = "C:\Programki\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]

"{FBFE7864-D495-41f0-B7DC-4BB601CC295E}" = "Contact View"

  -> {CLSID}\InProcServer32\(Default) = "C:\Programki\Nokia\Nokia PC Suite 6\ContactView.dll" ["Nokia"]

"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}" = "Message View"

  -> {CLSID}\InProcServer32\(Default) = "C:\Programki\Nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"]

"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"

  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]

"{5E2121EE-0300-11D4-8D3B-444553540000}" = "st"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\winacpi.dll" [file not found]

"{00020000-0000-1011-8004-0000C06B5161}" = "WIBU-SYSTEMS Shell Extension"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WIBU-SYSTEMS\System\WibuShellExt.dll" ["WIBU-SYSTEMS AG"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\

INFECTION WARNING! "{B212D577-05B7-4963-911E-4A8588160DFA}" = "Memory monitor"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\q13935978.dll" [file not found]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

Panda Antivirus\(Default) = "{65756541-C65C-11CD-0000-4B656E696100}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Programki\Panda Antivirus Platinum\pavOLE.dll" ["Panda Software"]

sysacpildap\(Default) = "{5E2121EE-0300-11D4-8D3B-444553540000}"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\winacpi.dll" [file not found]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Programki\win rar\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Programki\win rar\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

Panda Antivirus\(Default) = "{65756541-C65C-11CD-0000-4B656E696100}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Programki\Panda Antivirus Platinum\pavOLE.dll" ["Panda Software"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Programki\win rar\rarext.dll" [null data]



Active Desktop and Wallpaper:

-----------------------------


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Internet\tapetka.bmp"



Startup items in "PatroL" & "All Users" startup folders:

--------------------------------------------------------


C:\Documents and Settings\PatroL\Menu Start\Programy\Autostart

"JTVRemote" -> shortcut to: "C:\Programki\JTV\JTVRemote.exe" [null data]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]

Panda anti-virus service, PAVSRV, "C:\Programki\Panda Antivirus Platinum\pavsrv51.exe" ["Panda Software"]



----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 69 seconds.

+ The search for all Registry CLSIDs containing dormant Explorer Bars

  took 16 seconds.

---------- (total run time: 126 seconds)

p.s.

twoj sig mnie podtrzymuje na duchu i jestem przekonany ze mi pomozesz !!

Format wogole nie wchodzi w gre


(Gutek) #13

ad-watch blokuje zmiany w rejestrze jak coś zmienialeś to przywróci te wpisy ten program

Proszę o LOG z Silent Runners


(Patrol69) #14

powyzej

kurde mam nadzieje ze mi pomozesz i przezwyciezymy ten szjas

Pierwszy raz mam takie cholerstwo w kompie ze naprtawde nie wiem co zrobic!!


(Gutek) #15

No i siedzi syf:

Poczytaj Usuwanie Trojan.Repsamo

Po tym nowy log z silenta! !!


(Patrol69) #16

prosze wyslijcie mi tego killboxa na maila bo po sciagnieciu, gdy rozpakuje to i tak nie idzie uruchomic oto adrtes patrol69@wp.pl

Złączono Posta : 14.10.2005 (Pią) 11:03

no niby utworzylem ten plik FIX.REG , ale gdy zrestartuje kompa do trybu awaryjnego gdy klikam na ten plik to otwiera mi sie w notatniku, a to chyba nie powinno sie w nim otwierac co zrobic??

Złączono Posta : 14.10.2005 (Pią) 14:37

znalazlem 2 pliki o nazwie WIBU-SYSTEMS i WIBUKEY nie mam pojecia skad sie wziely ,moze to jest jakas przyczyna

co o tym sadzicie, pomocy


(Gutek) #17

Pocket Killbox

Co do pliku FIX.REG na pewno wykonujesz dobrze instrukcję?

Program u mnie działa Pocket Killbox


(Patrol69) #18

a u mnie sie sciagnal, ale gdy chcialem go rozpakowac wystepuje blad i nie idzie! !!

co do pliku fix.reg to 100% wszystko wykonuje jak jest w instrukcji !!

Nie wierze ze nikt jeszcze nie spotkal sie z takim przypadkiem!!

Nie idzie usunac inaczej tych zasyfionych plikow??

regedit mi takze nie dziala.

Złączono Posta : 14.10.2005 (Pią) 22:13

gutttek czekam na ciebie az przyjedziesz i mam nadzieje ze razem rozwiazemy ten problem.

Trzeci dzien i nic sie zmienilo,

kuzwa duzymi krokami zbliza sie format ale tego to chyba nie zniesie


(Gutek) #19

Jak nie możesz stworzyć tego pliku? Czytałes dokładnie instrukcję?

Daj nowe logi z hijacka i Silent Runners


(Patrol69) #20

yeaaaaaaaaaahhhhhhhhhhhhhh! !!

tydzien walki z tym wszytkim, oplacalo sie pliki .exe dzialaja

Wrzucam tutaj jeszcze kontrolny loog z Silent Runners

"Silent Runners.vbs", revision 41, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["sms-express.com"]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"SiSUSBRG" = "C:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."]

"SCANINICIO" = ""C:\Programki\Panda Antivirus Platinum\Inicio.exe"" ["Panda Software"]

"APVXDWIN" = ""C:\Programki\Panda Antivirus Platinum\APVXDWIN.EXE" /s" ["Panda Software International"]

"Overnet" = "C:\Programki\Overnet0,53a\Overnet.exe -t" [empty string]

"MediaKey" = "C:\PROGRA~1\INTERN~2\MEDIAKEY.EXE" ["Dritek System Inc."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  - {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  - {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Eksplorator pulpitów"

  - {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  - {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{65756541-C65C-11CD-0000-4B656E696100}" = "Panda Antivirus"

  - {CLSID}\InProcServer32\(Default) = "C:\Programki\Panda Antivirus Platinum\pavOLE.dll" ["Panda Software"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  - {CLSID}\InProcServer32\(Default) = "C:\Programki\win rar\rarext.dll" [null data]

"{40950107-FEA6-4d53-A65F-B2DCBA57DD58}" = "Nokia Phone Browser"

  - {CLSID}\InProcServer32\(Default) = "C:\Programki\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]

"{FBFE7864-D495-41f0-B7DC-4BB601CC295E}" = "Contact View"

  - {CLSID}\InProcServer32\(Default) = "C:\Programki\Nokia\Nokia PC Suite 6\ContactView.dll" ["Nokia"]

"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}" = "Message View"

  - {CLSID}\InProcServer32\(Default) = "C:\Programki\Nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"]

"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"

  - {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]

"{00020000-0000-1011-8004-0000C06B5161}" = "WIBU-SYSTEMS Shell Extension"

  - {CLSID}\InProcServer32\(Default) = "C:\Program Files\WIBU-SYSTEMS\System\WibuShellExt.dll" ["WIBU-SYSTEMS AG"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\

INFECTION WARNING! "{B212D577-05B7-4963-911E-4A8588160DFA}" = "Memory monitor"

  - {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\q13935978.dll" [file not found]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

Panda Antivirus\(Default) = "{65756541-C65C-11CD-0000-4B656E696100}"

  - {CLSID}\InProcServer32\(Default) = "C:\Programki\Panda Antivirus Platinum\pavOLE.dll" ["Panda Software"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  - {CLSID}\InProcServer32\(Default) = "C:\Programki\win rar\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  - {CLSID}\InProcServer32\(Default) = "C:\Programki\win rar\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

Panda Antivirus\(Default) = "{65756541-C65C-11CD-0000-4B656E696100}"

  - {CLSID}\InProcServer32\(Default) = "C:\Programki\Panda Antivirus Platinum\pavOLE.dll" ["Panda Software"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  - {CLSID}\InProcServer32\(Default) = "C:\Programki\win rar\rarext.dll" [null data]



Active Desktop and Wallpaper:

-----------------------------


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Internet\tapetka.bmp"



Startup items in "PatroL" "All Users" startup folders:

--------------------------------------------------------


C:\Documents and Settings\PatroL\Menu Start\Programy\Autostart

"JTVRemote" - shortcut to: "C:\Programki\JTV\JTVRemote.exe" [null data]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]

Panda anti-virus service, PAVSRV, "C:\Programki\Panda Antivirus Platinum\pavsrv51.exe" ["Panda Software"]



----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 98 seconds.

+ The search for all Registry CLSIDs containing dormant Explorer Bars

  took 19 seconds.

---------- (total run time: 158 seconds)

i hijacka

Logfile of HijackThis v1.99.1

Scan saved at 15:06:10, on 2005-10-16

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Programki\Panda Antivirus Platinum\APVXDWIN.EXE

C:\Programki\Overnet0,53a\Overnet.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Programki\JTV\JTVRemote.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Programki\Panda Antivirus Platinum\pavsrv51.exe

C:\Programki\Panda Antivirus Platinum\AVENGINE.EXE

C:\Programki\Panda Antivirus Platinum\pavProxy.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Programki\totalcmd\TOTALCMD.EXE

C:\Internet\do wypakowania\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [SCANINICIO] "C:\Programki\Panda Antivirus Platinum\Inicio.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Programki\Panda Antivirus Platinum\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [Overnet] C:\Programki\Overnet0,53a\Overnet.exe -t

O4 - HKLM\..\Run: [MediaKey] C:\PROGRA~1\INTERN~2\MEDIAKEY.EXE

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - Startup: JTVRemote.lnk = C:\Programki\JTV\JTVRemote.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Programki\Panda Antivirus Platinum\Firewall\PavFires.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Programki\Panda Antivirus Platinum\pavsrv51.exe

Złączono Posta : 16.10.2005 (Nie) 15:08

gutek mam jeszcze pytanie do ciebie, jakiego firewala i antywira bys mi polecil, postanowilem sie teraz dobrze zabezpieczyc! !!