Proszę o sprawdzenie loga


(KubVard) #1

Od pewnego czasu komputer mi strasznie muli, miałem virusa, a raczej trojana zwiącego się (już dokładnie nie pamiętam) icg00001.exe chyb. Mógłby mi ktoś pomóc? wklejam loga:

Logfile of HijackThis v1.99.1

Scan saved at 21:43:16, on 2006-02-10

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Program Files\Norton AntiVirus\navapsvc.exe

D:\WINDOWS\system32\nvsvc32.exe

D:\WINDOWS\explorer.exe

D:\PROGRA~1\NEOSTR~1\CnxMon.exe

D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

D:\Program Files\Common Files\Symantec Shared\ccApp.exe

D:\WINDOWS\SOUNDMAN.EXE

D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe

D:\Program Files\HP\HP Software Update\HPWuSchd2.exe

D:\Program Files\HP\hpcoretech\hpcmpmgr.exe

D:\WINDOWS\system32\hphmon06.exe

D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

D:\WINDOWS\system32\RUNDLL32.EXE

D:\Program Files\Common Files\Real\Update_OB\realsched.exe

D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

D:\Program Files\Winamp\winampa.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program Files\Messenger\msmsgs.exe

D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

D:\WINDOWS\system32\wscntfy.exe

D:\WINDOWS\system32\HPZipm12.exe

D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

D:\Program Files\Neostrada TP\NeostradaTP.exe

D:\Program Files\Neostrada TP\ComComp.exe

D:\Program Files\Neostrada TP\Watch.exe

D:\Program Files\Gadu-Gadu\gg.exe

D:\Program Files\Mozilla Firefox\firefox.exe

D:\Documents and Settings\KubVard\Pulpit\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

F2 - REG:system.ini: Shell=explorer.exe "D:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - D:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL (file missing)

O4 - HKLM\..\Run: [WooCnxMon] D:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM\..\Run: [ccApp] D:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [ccRegVfy] D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Odkurzacz-MCD] D:\Program Files\Odkurzacz 10.0 Pro\odk_mcd.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe

O4 - HKLM\..\Run: [HPHUPD06] D:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPHmon06] D:\WINDOWS\system32\hphmon06.exe

O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ISUSPM Startup] D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] E:\Corel\Corel Graphics 12\Languages\PL\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=021806 serial=DR12WNG-4342981-SQN lang=PL

O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Shell] "D:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"

O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\digital imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = D:\Program Files\HP\digital imaging\bin\hpqthb08.exe

O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{7F043235-F7BF-43AA-AABE-0735278E49EC}: NameServer = 194.204.152.34 217.98.63.164

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Usługa Auto-Protect w programie Norton AntiVirus (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

(Gutek) #2

plik i folder usuń ręcznie w trybie awaryjnym a wpisy hijackiem


(KubVard) #3

Teraz to wyglada tak:

Logfile of HijackThis v1.99.1

Scan saved at 22:15:20, on 2006-02-10

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Program Files\Norton AntiVirus\navapsvc.exe

D:\WINDOWS\system32\nvsvc32.exe

D:\WINDOWS\explorer.exe

D:\PROGRA~1\NEOSTR~1\CnxMon.exe

D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

D:\Program Files\Common Files\Symantec Shared\ccApp.exe

D:\WINDOWS\SOUNDMAN.EXE

D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe

D:\Program Files\HP\HP Software Update\HPWuSchd2.exe

D:\Program Files\HP\hpcoretech\hpcmpmgr.exe

D:\WINDOWS\system32\hphmon06.exe

D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

D:\WINDOWS\system32\RUNDLL32.EXE

D:\Program Files\Common Files\Real\Update_OB\realsched.exe

D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

D:\Program Files\Winamp\winampa.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program Files\Messenger\msmsgs.exe

D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

D:\WINDOWS\system32\wscntfy.exe

D:\WINDOWS\system32\HPZipm12.exe

D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

D:\Program Files\Neostrada TP\NeostradaTP.exe

D:\Program Files\Neostrada TP\ComComp.exe

D:\Program Files\Neostrada TP\Watch.exe

D:\Program Files\Gadu-Gadu\gg.exe

D:\Program Files\Mozilla Firefox\firefox.exe

D:\Documents and Settings\KubVard\Pulpit\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

F2 - REG:system.ini: Shell=explorer.exe "D:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [WooCnxMon] D:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM\..\Run: [ccApp] D:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [ccRegVfy] D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Odkurzacz-MCD] D:\Program Files\Odkurzacz 10.0 Pro\odk_mcd.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe

O4 - HKLM\..\Run: [HPHUPD06] D:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPHmon06] D:\WINDOWS\system32\hphmon06.exe

O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ISUSPM Startup] D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] E:\Corel\Corel Graphics 12\Languages\PL\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=021806 serial=DR12WNG-4342981-SQN lang=PL

O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\digital imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = D:\Program Files\HP\digital imaging\bin\hpqthb08.exe

O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{7F043235-F7BF-43AA-AABE-0735278E49EC}: NameServer = 194.204.152.34 217.98.63.164

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Usługa Auto-Protect w programie Norton AntiVirus (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

A nie mam na komputerze tego imb00001.exe :expressionless: więc nie moge go ręcznie ani nijak usunąć ale windows pluje siuę że nie umi go odczytać przy każdym starcie systemu.


(Gutek) #4

Daj log z silenta - LOG z Silent Runners


(KubVard) #5

Jeśli to to: bo dużo tam było tego na stronce:

"Silent Runners.vbs", revision 43, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "D:\WINDOWS\system32\ctfmon.exe" [MS]

"MSMSGS" = ""D:\Program Files\Messenger\msmsgs.exe" /background" [MS]

"Gadu-Gadu" = ""D:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu Sp. z oo"]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"WooCnxMon" = "D:\PROGRA~1\NEOSTR~1\CnxMon.exe" [empty string]

"WOOWATCH" = "D:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"]

"WOOTASKBARICON" = "D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" ["France Télécom R&D"]

"ccApp" = "D:\Program Files\Common Files\Symantec Shared\ccApp.exe" ["Symantec Corporation"]

"ccRegVfy" = "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" ["Symantec Corporation"]

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"Odkurzacz-MCD" = "D:\Program Files\Odkurzacz 10.0 Pro\odk_mcd.exe" ["FranmoSoft"]

"SunJavaUpdateSched" = "D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]

"HPDJ Taskbar Utility" = "D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe" ["HP"]

"HPHUPD06" = "D:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" ["Hewlett-Packard"]

"HP Software Update" = ""D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"" ["Hewlett-Packard Company"]

"HP Component Manager" = ""D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]

"HPHmon06" = "D:\WINDOWS\system32\hphmon06.exe" ["Hewlett-Packard"]

(Gutek) #6

Poczekaj dłużej około 70 secund, program sam skończy prace, log niepełny


(KubVard) #7

Ah fakt... Przepraszam.. już daje pełny.

"Silent Runners.vbs", revision 43, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "D:\WINDOWS\system32\ctfmon.exe" [MS]

"MSMSGS" = ""D:\Program Files\Messenger\msmsgs.exe" /background" [MS]

"Gadu-Gadu" = ""D:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu Sp. z oo"]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"WooCnxMon" = "D:\PROGRA~1\NEOSTR~1\CnxMon.exe" [empty string]

"WOOWATCH" = "D:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"]

"WOOTASKBARICON" = "D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" ["France Télécom R&D"]

"ccApp" = "D:\Program Files\Common Files\Symantec Shared\ccApp.exe" ["Symantec Corporation"]

"ccRegVfy" = "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" ["Symantec Corporation"]

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"Odkurzacz-MCD" = "D:\Program Files\Odkurzacz 10.0 Pro\odk_mcd.exe" ["FranmoSoft"]

"SunJavaUpdateSched" = "D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]

"HPDJ Taskbar Utility" = "D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe" ["HP"]

"HPHUPD06" = "D:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" ["Hewlett-Packard"]

"HP Software Update" = ""D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"" ["Hewlett-Packard Company"]

"HP Component Manager" = ""D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]

"HPHmon06" = "D:\WINDOWS\system32\hphmon06.exe" ["Hewlett-Packard"]

"RemoteControl" = ""D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]

"NvCplDaemon" = "RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"NvMediaCenter" = "RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

"TkBellExe" = ""D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]

"ISUSPM Startup" = "D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup" ["InstallShield Software Corporation"]

"ISUSScheduler" = ""D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start" ["InstallShield Software Corporation"]

"CorelDRAW Graphics Suite 11b" = "E:\Corel\Corel Graphics 12\Languages\PL\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=021806 serial=DR12WNG-4342981-SQN lang=PL" ["Corel Corporation"]

"WinampAgent" = "D:\Program Files\Winamp\winampa.exe" [null data]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

  -> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = "SSVHelper Class" [from CLSID]

  -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "CNavExtBho Class" [from CLSID]

  -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

  -> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

  -> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

  -> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

  -> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

  -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

  -> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]


HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

INFECTION WARNING! "Shell" = "explorer.exe "D:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"" [MS], [file not found], [file not found], [file not found], [file not found], [file not found]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"

  -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"

  -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]



Active Desktop and Wallpaper:

-----------------------------


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


HKCU\Control Panel\Desktop\

"Wallpaper" = "D:\Documents and Settings\KubVard\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "D:\WINDOWS\system32\logon.scr" [MS]



Startup items in "KubVard" & "All Users" startup folders:

---------------------------------------------------------


D:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"DSLMON" -> shortcut to: "D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W" [empty string]

"HP Digital Imaging Monitor" -> shortcut to: "D:\Program Files\HP\digital imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]

"HP Image Zone - szybkie uruchamianie" -> shortcut to: "D:\Program Files\HP\digital imaging\bin\hpqthb08.exe -s" [null data]

"Microsoft Office" -> shortcut to: "D:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]



Enabled Scheduled Tasks:

------------------------


"Norton AntiVirus - Skanuj komputer" -> launches: "D:\PROGRA~1\NORTON~1\NAVW32.exe /task:D:\DOCUME~1\ALLUSE~1\DANEAP~1\Symantec\NORTON~1\Tasks\mycomp.sca" ["Symantec Corporation"]

"Symantec NetDetect" -> launches: "D:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]

"HP Usg Daily" -> launches: "D:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped05.exe" [empty string]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]

  -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]


HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{5345A7A9-805A-4923-B505-86B2FEBA3FE0}" = "iMeshBar" [from CLSID]

  -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL" [file not found]


HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"

  -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"

  -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]



Miscellaneous IE Hijack Points

------------------------------


HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\


Missing lines (compared with English-language version):

"{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = "Search Class" [from CLSID]

  -> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


NVIDIA Display Driver Service, NVSvc, "D:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

Pml Driver HPZ12, Pml Driver HPZ12, "D:\WINDOWS\system32\HPZipm12.exe" ["HP"]

Symantec Event Manager, ccEvtMgr, ""D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]

Usługa Auto-Protect w programie Norton AntiVirus, navapsvc, "D:\Program Files\Norton AntiVirus\navapsvc.exe" ["Symantec Corporation"]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

hpzlnt11\Driver = "hpzlnt11.dll" ["HP"]



----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

  use the -supp parameter or answer "No" at the first message box.

---------- (total run time: 48 seconds, including 8 seconds for message boxes)

(Gutek) #8

przejdz do klucza - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon i ma zostać w "Shell" tylko "Shell" = "explorer.exe :wink:


(KubVard) #9

eeeeeeee.... przepraszam ale ja niekumaty jestem, ze mną trzeba jak z dzieckiem, mógłbyś mi to wytłumaczyć?


(Gutek) #10

Otwórz notatnik i wklej:

Plik >>> Zapisz jako >>> Ustaw rozszerzenie z TXT na Wszystkie pliki >>> zapisz pod nazwą FIX.REG >>> kliknij podwójnie zrobiony plik i potwierdź >>> reset kompa


(KubVard) #11

Dziękuje bardzo :]