Prosze o rozwiązanie mojego problemu. LOG z HijakThis

Dla specjalistów Bezpieczeństwo
#1

Witam Serdecznie.

Dziś przy próbie ściągnięcia programu z pewnej niekomercyjnej stronki do komputerka zawitała niezbyt przyjazna reklamka. W dodatku jeśli chodzi o internet występuje ciągły upload, internet sie zawiesza. Ponadto, gdy próbuję skanowac komputer CWSreaderem lub Spybot`em komputer się zawiesza po czym wystepuje natychmiastowy zgon i restart :slight_smile:

Już mam dość tego wszystkiego, wypróbowałem wiele skanerów on-line, Ad-Warea i inne tego typu ustrojstwa :) Poniżej log z Hijakthis oraz print-screen "sympatycznej" reklamki :) Dodam że nie jest to część Active Desktopu. JEŚLI CHODZI O PRTSCRN to proszę o PW, prześlę.

Jeśli chodzi o SilentRuners w czasie skanowania otrzymałem komunikat tej treści:

“The ‘Silent Runners.vbs’ was closed by rbvflra.exe”. Jednakże coś tam wygenerował i pliczek się pokazał, nie wiem czy cały ale… dodac nie zaszkodzi :slight_smile:

A tutaj już same logi :

Logfile of HijackThis v1.99.1

Scan saved at 01:20:54, on 2005-12-17

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\csrss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\System32\Ati2evxx.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\spoolsv.exe

E:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe

E:\WINDOWS\System32\svchost.exe

E:\Program Files\HHVcdV7Sys\VC7SecS.exe

E:\WINDOWS\system32\Ati2evxx.exe

E:\WINDOWS\explorer.exe

E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

E:\WINDOWS\SOUNDMAN.EXE

E:\PROGRA~1\NEOSTR~1\CnxMon.exe

E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

E:\Program Files\D-Tools\daemon.exe

E:\Program Files\HHVcdV7Sys\VC7Play.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

E:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Motorola\A925 Desktop Suite\ConnMngmntBox.exe

E:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\mRouterRuntime.exe

C:\Program Files\Virtual CD v7\System\VC7Tray.exe

E:\WINDOWS\System32\wuauclt.exe

E:\Program Files\Internet Explorer\IEXPLORE.EXE

E:\Program Files\Internet Explorer\IEXPLORE.EXE

E:\WINDOWS\System32\wbem\wmiprvse.exe

E:\WINDOWS\system32\NOTEPAD.EXE

E:\WINDOWS\system32\NOTEPAD.EXE

E:\WINDOWS\system32\NOTEPAD.EXE

E:\Documents and Settings\Master\Pulpit\hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F2 - REG:system.ini: Shell=explorer.exe 

O2 - BHO: (no name) - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [WooCnxMon] E:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM\..\Run: [WOOWATCH] E:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [VC7Player] E:\Program Files\HHVcdV7Sys\VC7Play.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [adiras] adiras.exe

O4 - HKLM\..\Run: [Microsoft Windows Logon Process] iwinlogon.exe

O4 - HKLM\..\Run: [SysMemory manager] e:\windows\system32\mdms.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\RunServices: [Microsoft Windows Logon Process] iwinlogon.exe

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [rdavoxj] e:\windows\ketjdge.exe

O4 - HKCU\..\Run: [ajltjmx] e:\windows\rbvflra.exe

O4 - HKCU\..\Run: [esdecng] e:\windows\rbvflra.exe

O4 - HKCU\..\Run: [wrpjkey] e:\windows\rbvflra.exe

O4 - HKCU\..\Run: [wlappdd] e:\windows\rbvflra.exe

O4 - HKCU\..\Run: [iwwxhvd] e:\windows\rbvflra.exe

O4 - HKCU\..\Run: [dshfocn] e:\windows\rbvflra.exe

O4 - HKCU\..\Run: [uejipms] e:\windows\rbvflra.exe

O4 - HKCU\..\Run: [ejkkvjw] e:\windows\rbvflra.exe

O4 - HKCU\..\Run: [ubfpvbg] e:\windows\rbvflra.exe

O4 - HKCU\..\Run: [wcrfsug] e:\windows\rbvflra.exe

O4 - HKCU\..\Run: [smervgv] e:\windows\rbvflra.exe

O4 - HKCU\..\Run: [dllnupj] e:\windows\rbvflra.exe

O4 - HKCU\..\Run: [cliwldt] e:\windows\xysjkei.exe

O4 - HKCU\..\Run: [qxgmryk] e:\windows\xysjkei.exe

O4 - HKCU\..\Run: [pwuktib] e:\windows\xysjkei.exe

O4 - HKCU\..\Run: [qdkusja] e:\windows\xysjkei.exe

O4 - HKCU\..\Run: [xgjtjei] e:\windows\xysjkei.exe

O4 - HKCU\..\Run: [fkstsnt] e:\windows\xysjkei.exe

O4 - HKCU\..\Run: [srwphth] e:\windows\xysjkei.exe

O4 - HKCU\..\Run: [tkvqdfr] e:\windows\xysjkei.exe

O4 - HKCU\..\Run: [snfvqpk] e:\windows\xysjkei.exe

O4 - HKCU\..\Run: [xpqjtbh] e:\windows\xysjkei.exe

O4 - HKCU\..\Run: [nkrtcaq] e:\windows\xysjkei.exe

O4 - HKCU\..\Run: [sdesjst] e:\windows\xysjkei.exe

O4 - HKCU\..\Run: [kcssrsc] e:\windows\xysjkei.exe

O4 - HKCU\..\Run: [elrcvmx] e:\windows\xysjkei.exe

O4 - HKCU\..\Run: [vxwcxok] e:\windows\xysjkei.exe

O4 - HKCU\..\Run: [jmcnfmh] e:\windows\xysjkei.exe

O4 - HKCU\..\Run: [ubnooof] e:\windows\jglvstr.exe

O4 - HKCU\..\Run: [gpymmor] e:\windows\jglvstr.exe

O4 - HKCU\..\Run: [ytrkwgu] e:\windows\ssqwdvf.exe

O4 - HKCU\..\Run: [anfcftg] e:\windows\ssqwdvf.exe

O4 - HKCU\..\Run: [stkaobw] e:\windows\ssqwdvf.exe

O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: A925 Connection Manager.lnk = ?

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O12 - Plugin for .pdf: E:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} - 

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - 

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{68473299-8E93-4F3D-8ACD-2CE062B01FBA}: NameServer = 85.255.115.115 85.255.112.24

O20 - Winlogon Notify: printpnp - E:\WINDOWS\SYSTEM32\printpnp.dll

O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - E:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: NetLimiter (nlsvc) - Locktime Software - E:\Program Files\NetLimiter 2 Lite\nlsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe

O23 - Service: Virtual CD v7 Management Service (VC7SecS) - H+H Software GmbH - E:\Program Files\HHVcdV7Sys\VC7SecS.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

I log z SilentRunners :

"Silent Runners.vbs", revision 41, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]

"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["sms-express.com"]

"rdavoxj" = "e:\windows\ketjdge.exe" [file not found]

"ajltjmx" = "e:\windows\rbvflra.exe" [file not found]

"esdecng" = "e:\windows\rbvflra.exe" [file not found]

"wrpjkey" = "e:\windows\rbvflra.exe" [file not found]

"wlappdd" = "e:\windows\rbvflra.exe" [file not found]

"iwwxhvd" = "e:\windows\rbvflra.exe" [file not found]

"dshfocn" = "e:\windows\rbvflra.exe" [file not found]

"uejipms" = "e:\windows\rbvflra.exe" [file not found]

"ejkkvjw" = "e:\windows\rbvflra.exe" [file not found]

"ubfpvbg" = "e:\windows\rbvflra.exe" [file not found]

"wcrfsug" = "e:\windows\rbvflra.exe" [file not found]

"smervgv" = "e:\windows\rbvflra.exe" [file not found]

"dllnupj" = "e:\windows\rbvflra.exe" [file not found]

"cliwldt" = "e:\windows\xysjkei.exe" [file not found]

"qxgmryk" = "e:\windows\xysjkei.exe" [file not found]

"pwuktib" = "e:\windows\xysjkei.exe" [file not found]

"qdkusja" = "e:\windows\xysjkei.exe" [file not found]

"xgjtjei" = "e:\windows\xysjkei.exe" [file not found]

"fkstsnt" = "e:\windows\xysjkei.exe" [file not found]

"srwphth" = "e:\windows\xysjkei.exe" [file not found]

"tkvqdfr" = "e:\windows\xysjkei.exe" [file not found]

"snfvqpk" = "e:\windows\xysjkei.exe" [file not found]

"xpqjtbh" = "e:\windows\xysjkei.exe" [file not found]

"nkrtcaq" = "e:\windows\xysjkei.exe" [file not found]

"sdesjst" = "e:\windows\xysjkei.exe" [file not found]

"kcssrsc" = "e:\windows\xysjkei.exe" [file not found]

"elrcvmx" = "e:\windows\xysjkei.exe" [file not found]

"vxwcxok" = "e:\windows\xysjkei.exe" [file not found]

"jmcnfmh" = "e:\windows\xysjkei.exe" [file not found]

"ubnooof" = "e:\windows\jglvstr.exe" [file not found]

"gpymmor" = "e:\windows\jglvstr.exe" [file not found]

"ytrkwgu" = "e:\windows\ssqwdvf.exe" [file not found]

"anfcftg" = "e:\windows\ssqwdvf.exe" [file not found]

"stkaobw" = "e:\windows\ssqwdvf.exe" [file not found]

"MSMSGS" = ""E:\Program Files\Messenger\msmsgs.exe" /background" [MS]

"desktop" = "E:\WINDOWS\System32\idemlog.exe" [empty string]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"ATIPTA" = "E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"WooCnxMon" = "E:\PROGRA~1\NEOSTR~1\CnxMon.exe" [empty string]

"WOOWATCH" = "E:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"]

"SpeedTouch USB Diagnostics" = ""E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]

"DAEMON Tools-1033" = ""E:\Program Files\D-Tools\daemon.exe" -lang 1033" ["VeNoM386 and SwENSkE"]

"NvCplDaemon" = "RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]

"NvMediaCenter" = "RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]

"VC7Player" = "E:\Program Files\HHVcdV7Sys\VC7Play.exe" ["H+H Software GmbH"]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"adiras" = "adiras.exe" [file not found]

" Microsoft Windows Logon Process" = "iwinlogon.exe" [null data]

"SysMemory manager" = "e:\windows\system32\mdms.exe" [file not found]

"dmuns.exe" = "E:\WINDOWS\System32\dmuns.exe" [null data]

"KernelFaultCheck" = "E:\WINDOWS\system32\dumprep 0 -k" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]

"{EC10012C-A920-4DBE-A13A-AB798F48E4FD}" = "My A925"

  -> {CLSID}\InProcServer32\(Default) = "c:\PROGRA~1\Motorola\A925DE~1\pw32expl.dll" ["Motorola, Inc."]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

  -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]

"{D3796116-94D3-4009-96D7-51578411CC7D}" = "Outpost Shell Extension"

  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Agnitum\OUTPOS~1.0\oshdlr.dll" ["Agnitum Ltd."]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

  -> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

  -> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

  -> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

  -> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]


HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

INFECTION WARNING! "System" = "csaul.exe" [null data]


HKLM\System\CurrentControlSet\Control\Session Manager\

INFECTION WARNING! "BootExecute" = "autocheck autochk * PFDNNT E:\WINDOWS\SYSTEM32\WINACPI.DLL" [file not found], [MS], [file not found], [file not found], [file not found]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

INFECTION WARNING! printpnp\DLLName = "printpnp.dll" [**WMI GetObject error**]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]



Active Desktop and Wallpaper:

-----------------------------


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


HKCU\Control Panel\Desktop\

"Wallpaper" = "E:\Documents and Settings\Master\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "E:\WINDOWS\System32\ssbezier.scr" [MS]



Startup items in "Master" & "All Users" startup folders:

--------------------------------------------------------


E:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart

"A925 Connection Manager" -> shortcut to: "C:\Program Files\Motorola\A925 Desktop Suite\ConnMngmntBox.exe" [empty string]



Enabled Scheduled Tasks:

------------------------


"XoftSpy" -> launches: "E:\Program Files\XoftSpy\XoftSpy.exe -t" ["ParetoLogic Inc."]

"mks_vir - Zadanie 0" -> launches: "E:\Program Files\MKS\Bin\mks_virw.exe /profil:"Skanowanie wybranych dysków"" [file not found]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}"

  -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll" ["Sun Microsystems, Inc."]


{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\

"ButtonText" = "FlashGet"

"MenuText" = "&FlashGet"

"Exec" = "C:\PROGRA~1\FlashGet\flashget.exe" ["Amaze Soft"]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


Ati HotKey Poller, Ati HotKey Poller, "E:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]

BlueSoleil Hid Service, BlueSoleil Hid Service, "E:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe" [null data]

Outpost Firewall Service, OutpostFirewall, "C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /service" ["Agnitum"]

Virtual CD v7 Management Service, VC7SecS, "E:\Program Files\HHVcdV7Sys\VC7SecS.exe" ["H+H Software GmbH"]



----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

  use the -supp parameter or answer "No" at the first message box.

---------- (total run time: 47 seconds, including 12 seconds for message boxes)

Pozdrawiam serdecznie i czekam na szybką odpowiedź :slight_smile:

#2

ocywiście nie chciałem zaznaczac od O4 - HKCU…\Run: [rdavoxj] e:\windows\ketjdge.exe do O4 - HKCU…\Run: [stkaobw] e:\windows\ssqwdvf.exe pliki co są po e:\windows… usuwasz

  1. Wyłączyć Przywracanie systemu w XP TU

  2. Zastartować do trybu awaryjnego bez internetu(opis w linku wyżej).

  3. Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte.

  4. Skasować z dysku pliki i foldery, które podkreśliłem na czerwono

  5. Dokończyć skanerami online - Scanery do wyboru

  6. Pokazać nowy log :stuck_out_tongue:

zastosuj usuwanie Usuwanie Trojan.Repsamo oraz Usuwanie fałszywej tapety SlimShield

poczytaj Usuwanie VX2.BetterInternet i daj log nr 1 z narzędzia L2Mfix