Przestaly dzialac wszystkie narzędzia systemowe

upx32 · 11 Lipiec 2006 11:16

Mam taki problem, zawsze jak wlącze internet odrazu pokazuje mi avast że wykryto 2 wirusy. Trochę mnie to zaczęło niepokoić, chciałem zajrzeć do loga z HijackThis ale okazało się to nie możliwe ponieważ program włącza sie na 1 sekunde i wyłącza sie tak ze nie można nic zrobić (

Jednak udało mi się jakoś uruchomić program SillentRunners daje więc z niego tylko log i bardzo proszę o pomoc.

“Silent Runners.vbs”, revision 45, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\System32\ctfmon.exe” [MS] “Free Download Manager” = “C:\Program Files\Free Download Manager\fdm.exe -autorun” [null data] “Microsoft Configure” = “msconfigures.exe” [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [null data] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit” [MS] “SoundMan” = “SOUNDMAN.EXE” [“Avance Logic, Inc.”] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “SunJavaUpdateSched” = “C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe” [“Sun Microsystems, Inc.”] “Microsoft Configure” = “msconfigures.exe” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) - {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) - {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll” [“Sun Microsystems, Inc.”] {EBE9E2B5-B526-48BC-AD46-687263EDCB0E}(Default) = “Kwyshell MidpX BHO” - {HKLM…CLSID} = “Kwyshell MidpX” \InProcServer32(Default) = “C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll” [“Kwyshell G.Corp”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” - {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” - {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” - {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” - {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” - {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” - {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” - {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{23170F69-40C1-278A-1000-000100020000}” = “7-Zip Shell Extension” - {HKLM…CLSID} = “7-Zip Shell Extension” \InProcServer32(Default) = “C:\Program Files\7-Zip\7-zip.dll” [“Igor Pavlov”] HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ INFECTION WARNING! “load” = “C:\YDPDict\watch.exe” [null data] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” - {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ 7-Zip(Default) = “{23170F69-40C1-278A-1000-000100020000}” - {HKLM…CLSID} = “7-Zip Shell Extension” \InProcServer32(Default) = “C:\Program Files\7-Zip\7-zip.dll” [“Igor Pavlov”] avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” - {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ 7-Zip(Default) = “{23170F69-40C1-278A-1000-000100020000}” - {HKLM…CLSID} = “7-Zip Shell Extension” \InProcServer32(Default) = “C:\Program Files\7-Zip\7-zip.dll” [“Igor Pavlov”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” - {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Witkowscy\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Startup items in “Witkowscy” “All Users” startup folders: ----------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “DSLMON” - shortcut to: “C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe” [empty string] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 14 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ “{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}” - {HKLM…CLSID} = “Kwyshell MidpX” \InProcServer32(Default) = “C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll” [“Kwyshell G.Corp”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}” = “Kwyshell MidpX” - {HKLM…CLSID} = “Kwyshell MidpX” \InProcServer32(Default) = “C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll” [“Kwyshell G.Corp”] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}” - {HKLM…CLSID} = “Java Plug-in 1.5.0_07” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll” [“Sun Microsystems, Inc.”] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [null data] avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [null data] avast! Mail Scanner, avast! Mail Scanner, ““C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\System32\wdfmgr.exe” [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer “No” at the first message box. ---------- (total run time: 50 seconds, including 4 seconds for message boxes)

Gutek · 11 Lipiec 2006 11:43

Sprawdź w trybie awaryjnym czy nie ma pliku: C:\WINDOWS\system32\ msconfigures.exe jak jest usuń

otwórz notatnik i wklej:

Plik >>> Zapisz jako >>> Ustaw rozszerzenie z TXT na Wszystkie pliki >>> zapisz pod nazwą FIX.REG >>> kliknij podwójnie zrobiony plik i potwierdź >>> reset kompa

upx32 · 11 Lipiec 2006 13:29

Wielkie dzięki za pomoc, już wszystko jest w porządku.

Daje jeszcze dla pewnosci nowe logi, i chciałbym jeszcze wyjaśnić pewną sytuację, w jednym z nich.

Logfile of HijackThis v1.99.1 Scan saved at 15:28:52, on 2006-07-11 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ntvdm.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Free Download Manager\fdm.exe C:\Windows\system32\cmd.exe C:\Windows\system32\ftp.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Instalki\Bezpieczeństwo\Generowanie Loga\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F3 - REG:win.ini: load=C:\YDPDict\watch.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll O17 - HKLM\System\CCS\Services\Tcpip…{724EB859-9296-4AF7-99B6-7F5D0F527869}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Wpisy ktore wyróżniłem na czerwono, pojawiają się raz , a raz nie najczęsciej kiedy gram w Tibie są. NIe rozumiem tego ponieważ nie kożystam wtedy z żadnego serwera ftp ani niczego takiego, a te wpisy strasznie ciązą mi procesor. Proszę o pomoc.

Jeszcze log z SillentRunners:

“Silent Runners.vbs”, revision 45, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\System32\ctfmon.exe” [MS] “Free Download Manager” = “C:\Program Files\Free Download Manager\fdm.exe -autorun” [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [null data] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit” [MS] “SoundMan” = “SOUNDMAN.EXE” [“Avance Logic, Inc.”] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “SunJavaUpdateSched” = “C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll” [“Sun Microsystems, Inc.”] {EBE9E2B5-B526-48BC-AD46-687263EDCB0E}(Default) = “Kwyshell MidpX BHO” -> {HKLM…CLSID} = “Kwyshell MidpX” \InProcServer32(Default) = “C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll” [“Kwyshell G.Corp”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{23170F69-40C1-278A-1000-000100020000}” = “7-Zip Shell Extension” -> {HKLM…CLSID} = “7-Zip Shell Extension” \InProcServer32(Default) = “C:\Program Files\7-Zip\7-zip.dll” [“Igor Pavlov”] HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ INFECTION WARNING! “load” = “C:\YDPDict\watch.exe” [null data] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ 7-Zip(Default) = “{23170F69-40C1-278A-1000-000100020000}” -> {HKLM…CLSID} = “7-Zip Shell Extension” \InProcServer32(Default) = “C:\Program Files\7-Zip\7-zip.dll” [“Igor Pavlov”] avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ 7-Zip(Default) = “{23170F69-40C1-278A-1000-000100020000}” -> {HKLM…CLSID} = “7-Zip Shell Extension” \InProcServer32(Default) = “C:\Program Files\7-Zip\7-zip.dll” [“Igor Pavlov”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Witkowscy\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Startup items in “Witkowscy” & “All Users” startup folders: ----------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “DSLMON” -> shortcut to: “C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe” [empty string] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 14 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ “{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}” -> {HKLM…CLSID} = “Kwyshell MidpX” \InProcServer32(Default) = “C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll” [“Kwyshell G.Corp”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}” = “Kwyshell MidpX” -> {HKLM…CLSID} = “Kwyshell MidpX” \InProcServer32(Default) = “C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll” [“Kwyshell G.Corp”] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}” -> {HKLM…CLSID} = “Java Plug-in 1.5.0_07” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll” [“Sun Microsystems, Inc.”] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [null data] avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [null data] avast! Mail Scanner, avast! Mail Scanner, ““C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\System32\nvsvc32.exe” [“NVIDIA Corporation”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\System32\wdfmgr.exe” [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer “No” at the first message box. ---------- (total run time: 51 seconds, including 4 seconds for message boxes)

Pozdrawiam

InfinityToJa · 11 Lipiec 2006 13:35

W logach czysto,

Mogą je wykorzystywać trojany, przeskanuj Skanerami online i http://www.ewido.net

upx32 · 12 Lipiec 2006 10:45

Przeskanowalem ArcaMicroScan, znalazło mi całą mase różnych wirusów.

Usunołem je, i co z tego ciagle tworzą mi sie na nowo pozatym problem że nie mozna wlączac tych narzędzi znowu się pojawił

Więc nie pozostaję mi nic innego jak dać znowu loga…

Czemu ciągle łapie te wirusy? Na dodatek na dysku C ciągle pojawiają mi się jakieś dziwne pliki typu navy.exe, lup.exe, mvks.exe itp, wszystkie mają jednakową ikonkę takiej jak by zielonej krreski na jakims białym kwadracie. tera jak włączyłem kąmpa avast mi pokazał że znaleziono 6 wirusów. Generalnie w logu z HijackThis ciągle mi się pojawiają jakies wpisy których nie powinno być i ja ciągle je usówam a one ciągle pojawiają się na nowo, nie ma dnia żebym nie usówał czegos z utostartu.

Proszę o pomoc

“Silent Runners.vbs”, revision 45, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\System32\ctfmon.exe” [MS] “Free Download Manager” = “C:\Program Files\Free Download Manager\fdm.exe -autorun” [null data] “Microsoft Configure” = “msconfigures.exe” [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [null data] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit” [MS] “SoundMan” = “SOUNDMAN.EXE” [“Avance Logic, Inc.”] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “SunJavaUpdateSched” = “C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe” [“Sun Microsystems, Inc.”] “Microsoft Configure” = “msconfigures.exe” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll” [“Sun Microsystems, Inc.”] {EBE9E2B5-B526-48BC-AD46-687263EDCB0E}(Default) = “Kwyshell MidpX BHO” -> {HKLM…CLSID} = “Kwyshell MidpX” \InProcServer32(Default) = “C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll” [“Kwyshell G.Corp”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{23170F69-40C1-278A-1000-000100020000}” = “7-Zip Shell Extension” -> {HKLM…CLSID} = “7-Zip Shell Extension” \InProcServer32(Default) = “C:\Program Files\7-Zip\7-zip.dll” [“Igor Pavlov”] HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ INFECTION WARNING! “load” = “C:\YDPDict\watch.exe” [null data] HKLM\System\CurrentControlSet\Control\Session Manager\ INFECTION WARNING! “BootExecute” = “autocheck autochk * aswBoot.exe /M:2a95253a” [file not found], [MS], [file not found], [null data], [file not found] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ 7-Zip(Default) = “{23170F69-40C1-278A-1000-000100020000}” -> {HKLM…CLSID} = “7-Zip Shell Extension” \InProcServer32(Default) = “C:\Program Files\7-Zip\7-zip.dll” [“Igor Pavlov”] avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ 7-Zip(Default) = “{23170F69-40C1-278A-1000-000100020000}” -> {HKLM…CLSID} = “7-Zip Shell Extension” \InProcServer32(Default) = “C:\Program Files\7-Zip\7-zip.dll” [“Igor Pavlov”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Witkowscy\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Startup items in “Witkowscy” & “All Users” startup folders: ----------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “DSLMON” -> shortcut to: “C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe” [empty string] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 14 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ “{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}” -> {HKLM…CLSID} = “Kwyshell MidpX” \InProcServer32(Default) = “C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll” [“Kwyshell G.Corp”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}” = “Kwyshell MidpX” -> {HKLM…CLSID} = “Kwyshell MidpX” \InProcServer32(Default) = “C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll” [“Kwyshell G.Corp”] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}” -> {HKLM…CLSID} = “Java Plug-in 1.5.0_07” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll” [“Sun Microsystems, Inc.”] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ INFECTION WARNING! The running services cannot be counted. Presence of a spyware service is suspected. The script has been forced to exit. ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer “No” at the first message box.

InfinityToJa · 12 Lipiec 2006 13:38

W logu pojawił się ten sam syf.

Ściągnij Windows Woorms Door Cleaner, odpal>>>zmień wszystkie znaczki z disable na enable>>>po użyciu narzedzia wymagany jest reset kompa.

Skasuj plik C:\WINDOWS\System32\msconfigures.exe

Otwórz notatnik i wklej:

Plik>>>zapisz jako>>zmień rozszerzenie z .txt na wszystkie pliki>>>zapisz pod nazwą FIX.REG i uruchom w trybie awaryjnym

skasuj te pliki w trybie awaryjnym

upx32 · 12 Lipiec 2006 14:18

Mam to zrobione już od dawna.

Kasowałem już w trybie awaryjnym te pliki nie raz. Nic to nie daje.

A co z tym? To wygląda na niezły syf.

InfinityToJa · 12 Lipiec 2006 15:46

Hmm może ma ukrytą usługę,

Daj log z Gmer’a, ściągnij>>>uruchom>>>przejdź do zakładki “rootkit”>>>wybierz “szukaj”>>>czekaż cierpliwie aż program zakończy prace>>>klikasz “kopiuj”>>>ctrl + v i wklej do posta.

Później robisz jeszcze jednego loga, ale zaznacz tylko usługi + pokaż wszystko

standardowe Hijackthis i silent runners

upx32 · 12 Lipiec 2006 18:28

Nie ma czego wkleiać. Program nic nie wykrył.

Logfile of HijackThis v1.99.1 Scan saved at 20:25:24, on 2006-07-12 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ntvdm.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Free Download Manager\fdm.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\rundll32.exe D:\Instalki\Bezpieczeństwo\Generowanie Loga\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F3 - REG:win.ini: load=C:\YDPDict\watch.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM…\Run: [WinDLL (wsync32.dll)] rundll32.exe C:\WINDOWS\System32\wsync32.dll,start Zobacz, przed chwilą pwszystko bylo dobrze, mineła chwila i już jest jakis syf. Mam tego dosyć… O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll O17 - HKLM\System\CCS\Services\Tcpip…{724EB859-9296-4AF7-99B6-7F5D0F527869}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Tym razem nie moge uruchomić SillentRunners

Dam zamiast tego L2MFIX może to coś wyjaśni.

L2MFIX find log 032106 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 “Logoff”=“ChainWlxLogoffEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Logoff”=“CryptnetWlxLogoffEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] “DLLName”=“cscdll.dll” “Logon”=“WinlogonLogonEvent” “Logoff”=“WinlogonLogoffEvent” “ScreenSaver”=“WinlogonScreenSaverEvent” “Startup”=“WinlogonStartupEvent” “Shutdown”=“WinlogonShutdownEvent” “StartShell”=“WinlogonStartShellEvent” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] “DLLName”=“wlnotify.dll” “Logon”=“SCardStartCertProp” “Logoff”=“SCardStopCertProp” “Lock”=“SCardSuspendCertProp” “Unlock”=“SCardResumeCertProp” “Enabled”=dword:00000001 “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] “Asynchronous”=dword:00000000 “DllName”=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Impersonate”=dword:00000000 “StartShell”=“SchedStartShell” “Logoff”=“SchedEventLogOff” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] “Logoff”=“WLEventLogoff” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000001 “DllName”=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] “DLLName”=“WlNotify.dll” “Lock”=“SensLockEvent” “Logon”=“SensLogonEvent” “Logoff”=“SensLogoffEvent” “Safe”=dword:00000001 “MaxWait”=dword:00000258 “StartScreenSaver”=“SensStartScreenSaverEvent” “StopScreenSaver”=“SensStopScreenSaverEvent” “Startup”=“SensStartupEvent” “Shutdown”=“SensShutdownEvent” “StartShell”=“SensStartShellEvent” “PostShell”=“SensPostShellEvent” “Disconnect”=“SensDisconnectEvent” “Reconnect”=“SensReconnectEvent” “Unlock”=“SensUnlockEvent” “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] “Asynchronous”=dword:00000000 “DllName”=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Impersonate”=dword:00000000 “Logoff”=“TSEventLogoff” “Logon”=“TSEventLogon” “PostShell”=“TSEventPostShell” “Shutdown”=“TSEventShutdown” “StartShell”=“TSEventStartShell” “Startup”=“TSEventStartup” “MaxWait”=dword:00000258 “Reconnect”=“TSEventReconnect” “Disconnect”=“TSEventDisconnect” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] “DLLName”=“wlnotify.dll” “Logon”=“RegisterTicketExpiredNotificationEvent” “Logoff”=“UnregisterTicketExpiredNotificationEvent” “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] “{00022613-0000-0000-C000-000000000046}”=“Karta wˆa˜ciwo˜ci pliku multimedialnego” “{176d6597-26d3-11d1-b350-080036a75b03}”=“ZarzĄdzanie skanerem ICM” “{1F2E5C40-9550-11CE-99D2-00AA006E086C}”=“Strona zabezpieczeä NTFS” “{3EA48300-8CF6-101B-84FB-666CCB9BCD32}”=“Strona wˆa˜ciwo˜ci OLE Docfile” “{40dd6e20-7c17-11ce-a804-00aa003ca9f6}”=“Rozszerzenia powˆoki dla udost©pniania zasob˘w” “{41E300E0-78B6-11ce-849B-444553540000}”=“PlusPack CPL Extension” “{42071712-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL karty graficznej” “{42071713-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL monitora wy˜wietlania” “{42071714-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL kadrowania wy˜wietlania” “{4E40F770-369C-11d0-8922-00A024AB2DBB}”=“Strona zabezpieczeä usˆugi DS” “{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}”=“Strona zgodno˜ci” “{56117100-C0CD-101B-81E2-00AA004AE837}”=“Program obsˆugi danych wycinkowych powˆoki” “{59099400-57FF-11CE-BD94-0020AF85B590}”=“Rozszerzenie Disc Copy” “{59be4990-f85c-11ce-aff7-00aa003ca9f6}”=“Rozszerzenia powˆoki dla obiekt˘w Microsoft Windows Network” “{5DB2625A-54DF-11D0-B6C4-0800091AA605}”=“ZarzĄdzanie monitorem ICM” “{675F097E-4C4D-11D0-B6C1-0800091AA605}”=“ZarzĄdzanie drukarkĄ ICM” “{764BF0E1-F219-11ce-972D-00AA00A14F56}”=“Rozszerzenia powˆoki dla kompresji plik˘w” “{77597368-7b15-11d0-a0c2-080036af3f03}”=“Rozszerzenie powˆoki drukarek sieci Web” “{7988B573-EC89-11cf-9C00-00AA00A14F56}”=“Disk Quota UI” “{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}”=“Menu kontekstowe szyfrowania” “{85BBD920-42A0-1069-A2E4-08002B30309D}”=“Akt˘wka” “{88895560-9AA2-1069-930E-00AA0030EBC8}”=“Rozszerzenie ikony HyperTerminalu” “{BD84B380-8CA2-1069-AB1D-08000948F534}”=“Fonts” “{DBCE2480-C732-101B-BE72-BA78E9AD5B27}”=“Profil ICC” “{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}”=“Strona zabezpieczeä drukarek” “{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}”=“Rozszerzenia powˆoki dla udost©pniania zasob˘w” “{f92e8c40-3d33-11d2-b1aa-080036a75b03}”=“Display TroubleShoot CPL Extension” “{7444C717-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto PKO” “{7444C719-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto Sign” “{7007ACC7-3202-11D1-AAD2-00805FC1270E}”=“PoˆĄczenia sieciowe” “{992CFFA0-F557-101A-88EC-00DD010CCC48}”=“PoˆĄczenia sieciowe” “{E211B736-43FD-11D1-9EFB-0000F8757FCD}”="&Skanery i aparaty fotograficzne" “{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}”="&Skanery i aparaty fotograficzne" “{905667aa-acd6-11d2-8080-00805f6596d2}”="&Skanery i aparaty fotograficzne" “{3F953603-1008-4f6e-A73A-04AAC7A992F1}”="&Skanery i aparaty fotograficzne" “{83bbcbf3-b28a-4919-a5aa-73027445d672}”="&Skanery i aparaty fotograficzne" “{F0152790-D56E-4445-850E-4F3117DB740C}”=“Remote Sessions CPL Extension” “{5F327514-6C5E-4d60-8F16-D07FA08A78ED}”=“Auto Update Property Sheet Extension” “{60254CA5-953B-11CF-8C96-00AA00B8708C}”=“Rozszerzenia powˆoki dla hosta skrypt˘w systemu Windows” “{2206CDB2-19C1-11D1-89E0-00C04FD7A829}”=“Microsoft Data Link” “{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Icon Handler” “{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Shell Extension” “{D6277990-4C6A-11CF-8D87-00AA0060F5BF}”=“Zaplanowane zadania” “{0DF44EAA-FF21-4412-828E-260A8728E7F1}”=“Pasek zadaä i menu Start” “{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}”=“Wyszukaj” “{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}”=“Pomoc i obsˆuga techniczna” “{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}”=“Pomoc i obsˆuga techniczna” “{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}”=“Uruchom…” “{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}”=“Internet” “{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}”=“E-mail” “{D20EA4E1-3957-11d2-A40B-0C5020524152}”=“Czcionki” “{D20EA4E1-3957-11d2-A40B-0C5020524153}”=“Narz©dzia administracyjne” “{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}”=“Audio Media Properties Handler” “{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}”=“Video Media Properties Handler” “{E4B29F9D-D390-480b-92FD-7DDB47101D71}”=“Wav Properties Handler” “{87D62D94-71B3-4b9a-9489-5FE6850DC73E}”=“Avi Properties Handler” “{A6FD9E45-6E44-43f9-8644-08598F5A74D9}”=“Midi Properties Handler” “{c5a40261-cd64-4ccf-84cb-c394da41d590}”=“Video Thumbnail Extractor” “{5E6AB780-7743-11CF-A12B-00AA004AE837}”=“Pasek narz©dzi programu Microsoft Internet” “{22BF0C20-6DA7-11D0-B373-00A0C9034938}”=“Stan pobierania” “{91EA3F8B-C99B-11d0-9815-00C04FD91972}”=“Folder powˆoki zwi©kszonej” “{6413BA2C-B461-11d1-A18A-080036B11A03}”=“Folder powˆoki zwi©kszonej 2” “{F61FFEC1-754F-11d0-80CA-00AA005B4383}”=“BandProxy” “{7BA4C742-9E81-11CF-99D3-00AA004AE837}”=“Pasek przeglĄdarki Microsoft” “{30D02401-6A81-11d0-8274-00C04FD5AE38}”=“Pasek wyszukiwania” “{32683183-48a0-441b-a342-7c2a440a9478}”=“Pasek multimedi˘w” “{169A0691-8DF9-11d1-A1C4-00C04FD75D13}”=“Wyszukiwanie w okienku” “{07798131-AF23-11d1-9111-00A0C98BA67D}”=“Wyszukiwanie w sieci Web” “{AF4F6510-F982-11d0-8595-00AA004CD6D8}”=“Narz©dzie opcji drzewa rejestru” “{01E04581-4EEE-11d0-BFE9-00AA005B4383}”="&Adres" “{A08C11D2-A228-11d0-825B-00AA005B4383}”=“Pole edycji adresu” “{00BB2763-6A77-11D0-A535-00C04FD7D062}”=“Autouzupeˆnianie Microsoft” “{7376D660-C583-11d0-A3A5-00C04FD706EC}”=“Wyodr©bnianie obraz˘w Trident” “{6756A641-DE71-11d0-831B-00AA005B4383}”=“Lista autouzupeˆniania MRU” “{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}”=“Niestandardowa lista autouzupeˆniania MRU” “{7e653215-fa25-46bd-a339-34a2790f3cb7}”=“Dost©pny” “{acf35015-526e-4230-9596-becbe19f0ac9}”=“Pasek podr©czny ˜ledzenia” “{E0E11A09-5CB8-4B6C-8332-E00720A168F2}”=“Analizator paska adresu” “{00BB2764-6A77-11D0-A535-00C04FD7D062}”=“Lista autouzupeˆniania historii Microsoft” “{03C036F1-A186-11D0-824A-00AA005B4383}”=“Lista autouzupeˆniania folderu powˆoki Microsoft” “{00BB2765-6A77-11D0-A535-00C04FD7D062}”=“Kontener wielu list autouzupeˆniania Microsoft” “{ECD4FC4E-521C-11D0-B792-00A0C90312E1}”=“Menu witryny paska powˆoki” “{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}”=“Shell DeskBarApp” “{ECD4FC4C-521C-11D0-B792-00A0C90312E1}”=“Pasek pulpitu powˆoki” “{ECD4FC4D-521C-11D0-B792-00A0C90312E1}”=“Shell Rebar BandSite” “{DD313E04-FEFF-11d1-8ECD-0000F87A470C}”=“Pomoc dla uľytkownika” “{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}”=“Globalne ustawienia folder˘w” “{EFA24E61-B078-11d0-89E4-00C04FC9E26E}”=“Favorites Band” “{0A89A860-D7B1-11CE-8350-444553540000}”=“Shell Automation Inproc Service” “{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}”=“Shell DocObject Viewer” “{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}”=“Microsoft Browser Architecture” “{FBF23B40-E3F0-101B-8488-00AA003E56F8}”=“InternetShortcut” “{3C374A40-BAE4-11CF-BF7D-00AA006946EE}”=“Microsoft Url History Service” “{FF393560-C2A7-11CF-BFF4-444553540000}”=“Historia” “{7BD29E00-76C1-11CF-9DD0-00A0C9034933}”=“Tymczasowe pliki internetowe” “{7BD29E01-76C1-11CF-9DD0-00A0C9034933}”=“Tymczasowe pliki internetowe” “{CFBFAE00-17A6-11D0-99CB-00C04FD64497}”=“Microsoft Url Search Hook” “{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}”=“Ekran powitalny pakietu IE4” “{67EA19A0-CCEF-11d0-8024-00C04FD75D13}”=“CDF Extension Copy Hook” “{131A6951-7F78-11D0-A979-00C04FD705A2}”=“ISFBand OC” “{9461b922-3c5a-11d2-bf8b-00c04fb93661}”=“Search Assistant OC” “{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}”=“Internet” “{871C5380-42A0-1069-A2EA-08002B30309D}”=“Internet Name Space” “{EFA24E64-B078-11d0-89E4-00C04FC9E26E}”=“Pasek eksploratora” “{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service” “{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service” “{88C6C381-2E85-11D0-94DE-444553540000}”=“Folder pami©ci podr©cznej ActiveX” “{E6FB5E20-DE35-11CF-9C87-00AA005127ED}”=“WebCheck” “{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}”=“Subscription Mgr” “{F5175861-2688-11d0-9C5E-00AA00A45957}”=“Folder subskrypcji” “{08165EA0-E946-11CF-9C87-00AA005127ED}”=“WebCheckWebCrawler” “{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}”=“WebCheckChannelAgent” “{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}”=“TrayAgent” “{7D559C10-9FE9-11d0-93F7-00AA0059CE02}”=“Code Download Agent” “{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}”=“ConnectionAgent” “{D8BD2030-6FC9-11D0-864F-00AA006809D9}”=“PostAgent” “{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}”=“WebCheck SyncMgr Handler” “{352EC2B7-8B9A-11D1-B8AE-006008059382}”=“Menedľer aplikacji powˆoki” “{0B124F8F-91F0-11D1-B8B5-006008059382}”=“Wyliczanie zainstalowanych aplikacji” “{CFCCC7A0-A282-11D1-9082-006008059382}”=“Publikator aplikacji Darwin” “{e84fda7c-1d6a-45f6-b725-cb260c236066}”=“Shell Image Verbs” “{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}”=“Shell Image Data Factory” “{3F30C968-480A-4C6C-862D-EFC0897BB84B}”=“GDI+program wyodr©bniajĄcy miniatury plik˘w” “{9DBD2C50-62AD-11d0-B806-00C04FD706EC}”=“Informacje podsumowujĄce obsˆugi miniatur (DOCFILES)” “{EAB841A0-9550-11cf-8C16-00805F1408F3}”=“Wyodr©bnianie miniatur HTML” “{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}”=“Shell Image Property Handler” “{CC6EEFFB-43F6-46c5-9619-51D571967F7D}”=“Kreator publikacji w sieci Web” “{add36aa8-751a-4579-a266-d66f5202ccbb}”=“Zamawianie odbitek w sieci Web” “{6b33163c-76a5-4b6c-bf21-45de9cd503a1}”=“Obiekt powˆoki kreatora publikacji” “{58f1f272-9240-4f51-b6d4-fd63d1618591}”=“Kreator uzyskiwania profilu usˆugi Passport” “{7A9D77BD-5403-11d2-8785-2E0420524153}”=“Konta uľytkownik˘w” “{BD472F60-27FA-11cf-B8B4-444553540000}”=“Compressed (zipped) Folder Right Drag Handler” “{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}”=“Compressed (zipped) Folder SendTo Target” “{f39a0dc0-9cc8-11d0-a599-00c04fd64433}”=“Plik kanaˆu” “{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}”=“Skr˘t kanaˆu” “{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}”=“Obiekt obsˆugi kanaˆu” “{f3da0dc0-9cc8-11d0-a599-00c04fd64437}”=“Channel Menu” “{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}”=“Channel Properties” “{63da6ec0-2e98-11cf-8d82-444553540000}”=“FTP Folders Webview” “{883373C3-BF89-11D1-BE35-080036B11A03}”=“Microsoft DocProp Shell Ext” “{A9CF0EAE-901A-4739-A481-E35B73E47F6D}”=“Microsoft DocProp Inplace Edit Box Control” “{8EE97210-FD1F-4B19-91DA-67914005F020}”=“Microsoft DocProp Inplace ML Edit Box Control” “{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}”=“Microsoft DocProp Inplace Droplist Combo Control” “{6A205B57-2567-4A2C-B881-F787FAB579A3}”=“Microsoft DocProp Inplace Calendar Control” “{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}”=“Microsoft DocProp Inplace Time Control” “{8A23E65E-31C2-11d0-891C-00A024AB2DBB}”=“Directory Query UI” “{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}”=“Shell properties for a DS object” “{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}”=“Directory Object Find” “{F020E586-5264-11d1-A532-0000F8757D7E}”=“Directory Start/Search Find” “{0D45D530-764B-11d0-A1CA-00AA00C16E65}”=“Directory Property UI” “{62AE1F9A-126A-11D0-A14B-0800361B1103}”=“Directory Context Menu Verbs” “{ECF03A33-103D-11d2-854D-006008059367}”=“MyDocs Copy Hook” “{ECF03A32-103D-11d2-854D-006008059367}”=“MyDocs Drop Target” “{4a7ded0a-ad25-11d0-98a8-0800361b1103}”=“MyDocs Properties” “{750fdf0e-2a26-11d1-a3ea-080036587f03}”=“Offline Files Menu” “{10CFC467-4392-11d2-8DB4-00C04FA31A66}”=“Offline Files Folder Options” “{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}”=“Folder plik˘w trybu offline” “{143A62C8-C33B-11D1-84FE-00C04FA34A14}”=“Microsoft Agent Character Property Sheet Handler” “{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}”=“DfsShell” “{60fd46de-f830-4894-a628-6fa81bc0190d}”="%DESC_PublishDropTarget%" “{7A80E4A8-8005-11D2-BCF8-00C04F72C717}”=“MMC Icon Handler” “{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}”=".CAB file viewer" “{32714800-2E5F-11d0-8B85-00AA0044F941}”="&Do os˘b…" “{8DD448E6-C188-4aed-AF92-44956194EB1F}”=“Windows Media Player Play as Playlist Context Menu Handler” “{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}”=“Windows Media Player Burn Audio CD Context Menu Handler” “{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}”=“Windows Media Player Add to Playlist Context Menu Handler” “{472083B0-C522-11CF-8763-00608CC02F24}”=“avast” “{A70C977A-BF00-412C-90B7-034C51DA2439}”=“NvCpl DesktopContext Class” “{FFB699E0-306A-11d3-8BD1-00104B6F7516}”=“Play on my TV helper” “{1CDB2949-8F65-4355-8456-263E7C208A5D}”=“Desktop Explorer” “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}”=“Desktop Explorer Menu” “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}”=“nView Desktop Context Menu” “{23170F69-40C1-278A-1000-000100020000}”=“7-Zip Shell Extension” ********************************************************************************** HKEY ROOT CLASSIDS: ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ byxywxv.dll Wed 2006-06-28 21:02:18 …SH. 39 437 38,51 K cbxxyvs.dll Wed 2006-06-28 20:51:42 …SH. 39 437 38,51 K px.dll Tue 2006-05-16 22:23:54 … 430 080 420,00 K pxdrv.dll Tue 2006-05-16 22:23:54 … 450 560 440,00 K pxmas.dll Tue 2006-05-16 22:23:54 … 176 128 172,00 K pxsfs.dll Tue 2006-05-16 22:23:54 … 1 257 472 1,20 M pxwave.dll Tue 2006-05-16 22:23:56 … 339 968 332,00 K vxblock.dll Tue 2006-05-16 22:23:56 … 28 672 28,00 K wsync32.dll Wed 2006-07-12 20:21:42 …SH. 95 744 93,50 K 9 items found: 9 files (3 H/S), 0 directories. Total of file sizes: 2 857 498 bytes 2,72 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: 2CB6-BE81 Katalog: C:\WINDOWS\System32 2006-07-12 20:21 95˙744 wsync32.dll 2006-06-28 21:02 39˙437 byxywxv.dll 2006-06-28 20:51 39˙437 cbxxyvs.dll 2006-06-26 13:27 3 plik(˘w) 174˙618 bajt˘w 1 katalog(˘w) 9˙246˙511˙104 bajt˘w wolnych

Nie mam pojęcia z kąd te wsztstkie wirusy, ja na żadnych pornolach nie siedze ani zadnych dziwnych stronach.

A teraz, żeby bylo śmieszniej przedstawiam wam screen z Hijacka z mojej listy Backup:

:x

InfinityToJa · 12 Lipiec 2006 19:19

masz zaznaczyć usługi + pokazuj wszystko i wklej .

skoro wszystko i tak wraca, to nie ma sensu narazie ruszać wpisów/plików, które pokazał hjt i l2mfix

upx32 · 12 Lipiec 2006 20:03

OK tu masz same Usługi:

GMER 1.0.10.10122 - http://www.gmer.net Rootkit 2006-07-12 21:47:17 Windows 5.1.2600 ---- Services - GMER 1.0.10 ---- Service [sYSTEM] Aavmker4 Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service C:\WINDOWS\System32\DRIVERS\ACPI.sys [bOOT] ACPI Service [DISABLED] ACPIEC Service C:\WINDOWS\System32\Drivers\adildr.sys [AUTO] ADILOADER Service C:\WINDOWS\System32\DRIVERS\adiusbaw.sys [MANUAL] adiusbaw Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys [AUTO] AFD Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\system32\drivers\ALCXWDM.SYS [MANUAL] ALCXWDM Service C:\WINDOWS\System32\svchost.exe [MANUAL] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service [DISABLED] amsint Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service [AUTO] aswMon2 Service [MANUAL] aswRdr Service [sYSTEM] aswTdi Service C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [AUTO] aswUpdSv Service C:\WINDOWS\System32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\System32\DRIVERS\atapi.sys [bOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\System32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\System32\DRIVERS\audstub.sys [MANUAL] audstub Service C:\Program Files\Alwil Software\Avast4\ashServ.exe [AUTO] avast! Antivirus Service C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [MANUAL] avast! Mail Scanner Service C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [MANUAL] avast! Web Scanner Service [sYSTEM] Beep Service C:\WINDOWS\System32\svchost.exe [MANUAL] BITS Service C:\WINDOWS\System32\svchost.exe [AUTO] Browser Service [DISABLED] cbidf2k Service [DISABLED] cd20xrnt Service [sYSTEM] Cdaudio Service [DISABLED] Cdfs Service C:\WINDOWS\System32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service [sYSTEM] Changer Service C:\WINDOWS\System32\cisvc.exe [MANUAL] cisvc Service C:\WINDOWS\system32\clipsrv.exe [MANUAL] ClipSrv Service [DISABLED] CmdIde Service C:\WINDOWS\System32\dllhost.exe [MANUAL] COMSysApp Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\System32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\System32\DRIVERS\disk.sys [bOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys [bOOT] dmio Service C:\WINDOWS\System32\drivers\dmload.sys [bOOT] dmload Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\System32\svchost.exe [AUTO] Dnscache Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service C:\WINDOWS\System32\svchost.exe [AUTO] ERSvc Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\WINDOWS\System32\svchost.exe [MANUAL] EventSystem Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service C:\WINDOWS\System32\DRIVERS\fdc.sys [MANUAL] Fdc Service [sYSTEM] Fips Service C:\WINDOWS\System32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk Service [sYSTEM] Fs_Rec Service C:\WINDOWS\System32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service C:\WINDOWS\System32\DRIVERS\gameenum.sys [MANUAL] gameenum Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] Gmer Service C:\WINDOWS\System32\DRIVERS\msgpc.sys [MANUAL] Gpc Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service [DISABLED] hpn Service [DISABLED] hpt3xx Service [sYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\System32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt Service [sYSTEM] Imapi Service C:\WINDOWS\System32\imapi.exe [MANUAL] ImapiService Service [DISABLED] ini910u Service [DISABLED] IntelIde Service C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service C:\WINDOWS\System32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service C:\WINDOWS\System32\DRIVERS\ipnat.sys [MANUAL] IpNat Service C:\WINDOWS\System32\DRIVERS\ipsec.sys [sYSTEM] IPSec Service C:\WINDOWS\System32\DRIVERS\irda.sys [AUTO] irda Service C:\WINDOWS\System32\DRIVERS\irenum.sys [MANUAL] IRENUM Service C:\WINDOWS\System32\svchost.exe [AUTO] Irmon Service C:\WINDOWS\System32\DRIVERS\isapnp.sys [bOOT] isapnp Service C:\WINDOWS\System32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service [bOOT] KSecDD Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanserver Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanworkstation Service [sYSTEM] lbrtfdc Service C:\WINDOWS\System32\svchost.exe [AUTO] LmHosts Service C:\WINDOWS\System32\svchost.exe [DISABLED] Messenger Service [sYSTEM] mnmdd Service C:\WINDOWS\System32\mnmsrvc.exe [MANUAL] mnmsrvc Service [MANUAL] Modem Service C:\WINDOWS\System32\DRIVERS\mouclass.sys [sYSTEM] Mouclass Service [bOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\System32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb Service C:\WINDOWS\System32\msdtc.exe [MANUAL] MSDTC Service [sYSTEM] Msfs Service C:\WINDOWS\System32\DRIVERS\MSIRCOMM.sys [MANUAL] MSIRCOMM Service C:\WINDOWS\System32\msiexec.exe [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service C:\WINDOWS\system32\drivers\msmpu401.sys [MANUAL] ms_mpu401 Service [bOOT] Mup Service [bOOT] NDIS Service C:\WINDOWS\System32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service C:\WINDOWS\System32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio Service C:\WINDOWS\System32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service C:\WINDOWS\System32\DRIVERS\netbios.sys [sYSTEM] NetBIOS Service C:\WINDOWS\System32\DRIVERS\netbt.sys [AUTO] NetBT Service C:\WINDOWS\system32\netdde.exe [MANUAL] NetDDE Service C:\WINDOWS\system32\netdde.exe [MANUAL] NetDDEdsdm Service C:\WINDOWS\System32\lsass.exe [MANUAL] Netlogon Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service C:\WINDOWS\System32\svchost.exe [MANUAL] Nla Service [sYSTEM] Npfs Service [DISABLED] Ntfs Service C:\WINDOWS\System32\lsass.exe [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service [sYSTEM] Null Service C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [MANUAL] nv Service C:\WINDOWS\System32\nvsvc32.exe [AUTO] NVSvc Service C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service C:\WINDOWS\System32\DRIVERS\parport.sys [MANUAL] Parport Service [bOOT] PartMgr Service [AUTO] ParVdm Service C:\WINDOWS\System32\DRIVERS\pci.sys [bOOT] PCI Service [sYSTEM] PCIDump Service [DISABLED] PCIIde Service [DISABLED] Pcmcia Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service C:\WINDOWS\System32\lsass.exe [AUTO] PolicyAgent Service C:\WINDOWS\System32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service C:\WINDOWS\System32\DRIVERS\processr.sys [sYSTEM] Processor Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service C:\WINDOWS\System32\DRIVERS\psched.sys [MANUAL] PSched Service C:\WINDOWS\System32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service C:\WINDOWS\System32\Drivers\PxHelp20.sys [bOOT] PxHelp20 Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\System32\DRIVERS\rasacd.sys [sYSTEM] RasAcd Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasAuto Service C:\WINDOWS\System32\DRIVERS\rasirda.sys [MANUAL] Rasirda Service C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasMan Service C:\WINDOWS\System32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service C:\WINDOWS\System32\DRIVERS\raspti.sys [MANUAL] Raspti Service C:\WINDOWS\System32\DRIVERS\rdbss.sys [sYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD Service C:\WINDOWS\System32\DRIVERS\rdpdr.sys [MANUAL] rdpdr Service [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr Service C:\WINDOWS\System32\DRIVERS\redbook.sys [sYSTEM] redbook Service C:\WINDOWS\System32\svchost.exe [DISABLED] RemoteAccess Service C:\WINDOWS\system32\svchost.exe [DISABLED] RemoteRegistry Service C:\WINDOWS\System32\locator.exe [MANUAL] RpcLocator Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service C:\WINDOWS\System32\rsvp.exe [MANUAL] RSVP Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardDrv Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule Service C:\WINDOWS\System32\DRIVERS\secdrv.sys [AUTO] Secdrv Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS Service C:\WINDOWS\System32\DRIVERS\serenum.sys [MANUAL] serenum Service C:\WINDOWS\System32\DRIVERS\serial.sys [sYSTEM] Serial Service [sYSTEM] Sfloppy Service C:\WINDOWS\System32\svchost.exe [DISABLED] SharedAccess Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service [DISABLED] Simbad Service [DISABLED] Sparrow Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler Service C:\WINDOWS\System32\DRIVERS\sr.sys [DISABLED] sr Service C:\WINDOWS\System32\svchost.exe [AUTO] srservice Service C:\WINDOWS\System32\DRIVERS\srv.sys [MANUAL] Srv Service C:\WINDOWS\System32\svchost.exe [DISABLED] SSDPSRV Service C:\WINDOWS\System32\DRIVERS\irstusb.sys [MANUAL] STIrUsb Service C:\WINDOWS\System32\svchost.exe [AUTO] stisvc Service C:\WINDOWS\System32\DRIVERS\swenum.sys [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service C:\WINDOWS\System32\dllhost.exe [MANUAL] SwPrv Service [DISABLED] symc810 Service [DISABLED] symc8xx Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service C:\WINDOWS\System32\DRIVERS\tcpip.sys [sYSTEM] Tcpip Service [MANUAL] TDPIPE Service [MANUAL] TDTCP Service C:\WINDOWS\System32\DRIVERS\termdd.sys [sYSTEM] TermDD Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes Service C:\WINDOWS\System32\tlntsvr.exe [DISABLED] TlntSvr Service [DISABLED] TosIde Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks Service [DISABLED] Udfs Service [DISABLED] ultra Service C:\WINDOWS\System32\wdfmgr.exe [AUTO] UMWdf Service C:\WINDOWS\System32\DRIVERS\update.sys [MANUAL] Update Service C:\WINDOWS\System32\svchost.exe [AUTO] uploadmgr Service C:\WINDOWS\System32\svchost.exe [DISABLED] upnphost Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS Service C:\WINDOWS\System32\DRIVERS\usbhub.sys [MANUAL] usbhub Service C:\WINDOWS\System32\DRIVERS\usbscan.sys [MANUAL] usbscan Service C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR Service C:\WINDOWS\System32\DRIVERS\usbuhci.sys [MANUAL] usbuhci Service C:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave Service C:\WINDOWS\System32\DRIVERS\viaide.sys [bOOT] ViaIde Service [bOOT] VolSnap Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time Service C:\WINDOWS\System32\DRIVERS\wanarp.sys [MANUAL] Wanarp Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud Service C:\WINDOWS\System32\svchost.exe [AUTO] WebClient Service C:\WINDOWS\win32host.exe [DISABLED] Win32Kernel Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt Service [MANUAL] Winsock Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi Service C:\WINDOWS\System32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv Service [DISABLED] wscsvc Service C:\WINDOWS\system32\svchost.exe [DISABLED] wuauserv Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC ---- EOF - GMER 1.0.10 ----

A tu wszystko:

(Jest tego w cholere jasną) Poniewaz wszystko się niezmiescilo (obcielo mi posta) reszta w nastęonym poscie

GMER 1.0.10.10122 - http://www.gmer.net Rootkit 2006-07-12 21:57:16 Windows 5.1.2600 ---- System - GMER 1.0.10 ---- INT 0x00 \WINDOWS\system32\ntoskrnl.exe 804D59B2 INT 0x01 \WINDOWS\system32\ntoskrnl.exe 804D5B06 INT 0x03 \WINDOWS\system32\ntoskrnl.exe 804D5E2E INT 0x04 \WINDOWS\system32\ntoskrnl.exe 804D5F96 INT 0x05 \WINDOWS\system32\ntoskrnl.exe 804D60DE INT 0x06 \WINDOWS\system32\ntoskrnl.exe 804D6242 INT 0x07 \WINDOWS\system32\ntoskrnl.exe 804D681E INT 0x09 \WINDOWS\system32\ntoskrnl.exe 804D6C41 INT 0x0A \WINDOWS\system32\ntoskrnl.exe 804D6D49 INT 0x0B \WINDOWS\system32\ntoskrnl.exe 804D6E75 INT 0x0C \WINDOWS\system32\ntoskrnl.exe 804D7042 INT 0x0D \WINDOWS\system32\ntoskrnl.exe 804D7310 INT 0x0E \WINDOWS\system32\ntoskrnl.exe 804D79A4 INT 0x0F \WINDOWS\system32\ntoskrnl.exe 804D7D50 INT 0x10 \WINDOWS\system32\ntoskrnl.exe 804D7E58 INT 0x11 \WINDOWS\system32\ntoskrnl.exe 804D7F78 INT 0x12 \WINDOWS\system32\ntoskrnl.exe 804D7D50 INT 0x13 \WINDOWS\system32\ntoskrnl.exe 804D80C8 INT 0x14 \WINDOWS\system32\ntoskrnl.exe 804D7D50 INT 0x15 \WINDOWS\system32\ntoskrnl.exe 804D7D50 INT 0x16 \WINDOWS\system32\ntoskrnl.exe 804D7D50 INT 0x17 \WINDOWS\system32\ntoskrnl.exe 804D7D50 INT 0x18 \WINDOWS\system32\ntoskrnl.exe 804D7D50 INT 0x19 \WINDOWS\system32\ntoskrnl.exe 804D7D50 INT 0x1A \WINDOWS\system32\ntoskrnl.exe 804D7D50 INT 0x1B \WINDOWS\system32\ntoskrnl.exe 804D7D50 INT 0x1C \WINDOWS\system32\ntoskrnl.exe 804D7D50 INT 0x1D \WINDOWS\system32\ntoskrnl.exe 804D7D50 INT 0x1E \WINDOWS\system32\ntoskrnl.exe 804D7D50 INT 0x1F \WINDOWS\system32\hal.dll 806B7150 INT 0x2A \WINDOWS\system32\ntoskrnl.exe 804D525E INT 0x2B \WINDOWS\system32\ntoskrnl.exe 804D5354 INT 0x2C \WINDOWS\system32\ntoskrnl.exe 804D54C4 INT 0x2D \WINDOWS\system32\ntoskrnl.exe 804D5D1E INT 0x2E \WINDOWS\system32\ntoskrnl.exe 804D4DCD INT 0x2F \WINDOWS\system32\ntoskrnl.exe 804D7D50 INT 0x30 \WINDOWS\system32\ntoskrnl.exe 804D44B0 INT 0x31 \WINDOWS\system32\ntoskrnl.exe 804D44BA INT 0x32 \WINDOWS\system32\ntoskrnl.exe 804D44C4

Gutek · 12 Lipiec 2006 20:27

Usuwałem zdrowe fragmenty aby forum się nie rozjechało, nic nie widać

InfinityToJa · 12 Lipiec 2006 21:22

hmm, nie ma usług, ciekawe z czego się ładuje

Ściągnij Pocket Killbox>>>uruchom>>>zaznacz opcje “Delete on Reboot” i “all files”>>>w polu “Full path of file” wklej ścieżki:

Po wklejeniu każdej ścieżki z osobna klikasz X, dopiero gdy wkleisz ostatnią ścieżkę, zgadzasz się na restart kompa.

skasuj wpis, w backup skasuj wszystkie wpisy.

Wklej nowe logi hijackthis + silent runners

upx32 · 13 Lipiec 2006 08:28

Ok,zrobiłem

Niestety dało to efekt połowiczny, z tych 2 plików które na dysku C po usunięciu pojawiały się na nowo, teraz pojawia się tylko 1.

Jest jednak jeszcze jeden problem: taka informacja pokazuje mi się przy starcie systemu.

Daje logi jak prosiłeś:

Logfile of HijackThis v1.99.1 Scan saved at 10:24:36, on 2006-07-13 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ntvdm.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Free Download Manager\fdm.exe C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Instalki\Bezpieczeństwo\Generowanie Loga\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F3 - REG:win.ini: load=C:\YDPDict\watch.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM…\Run: [WinDLL (wsync32.dll)] rundll32.exe C:\WINDOWS\System32\wsync32.dll,start O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun O4 - HKCU…\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Link to MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll O17 - HKLM\System\CCS\Services\Tcpip…{724EB859-9296-4AF7-99B6-7F5D0F527869}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

“Silent Runners.vbs”, revision 45, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\System32\ctfmon.exe” [** WMI GetObject error **] “Free Download Manager” = “C:\Program Files\Free Download Manager\fdm.exe -autorun” [** WMI GetObject error **] “Gadwin PrintScreen 3.1” = “C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash” [** WMI GetObject error **] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [** WMI GetObject error **] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” [** WMI GetObject error **] “nwiz” = “nwiz.exe /install” [** WMI GetObject error **] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit” [** WMI GetObject error **] “SoundMan” = “SOUNDMAN.EXE” [** WMI GetObject error **] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [** WMI GetObject error **] “SunJavaUpdateSched” = “C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe” [** WMI GetObject error **] “WinDLL (wsync32.dll)” = “rundll32.exe C:\WINDOWS\System32\wsync32.dll,start” [** WMI GetObject error **] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) - {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [** WMI GetObject error **] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) - {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll” [** WMI GetObject error **] {EBE9E2B5-B526-48BC-AD46-687263EDCB0E}(Default) = “Kwyshell MidpX BHO” - {HKLM…CLSID} = “Kwyshell MidpX” \InProcServer32(Default) = “C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll” [** WMI GetObject error **] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{00022613-0000-0000-C000-000000000046}” = “Karta właściwości pliku multimedialnego” - {HKLM…CLSID} = “Karta właściwości pliku multimedialnego” \InProcServer32(Default) = “mmsys.cpl” [** WMI GetObject error **] “{176d6597-26d3-11d1-b350-080036a75b03}” = “Zarządzanie skanerem ICM” - {HKLM…CLSID} = “Zarządzanie skanerem ICM” \InProcServer32(Default) = “icmui.dll” [** WMI GetObject error **] “{1F2E5C40-9550-11CE-99D2-00AA006E086C}” = “Strona zabezpieczeń NTFS” - {HKLM…CLSID} = “Rozszerzenie powłoki zabezpieczeń” \InProcServer32(Default) = “rshx32.dll” [** WMI GetObject error **] “{3EA48300-8CF6-101B-84FB-666CCB9BCD32}” = “Strona właściwości OLE Docfile” - {HKLM…CLSID} = “Strona właściwości OLE Docfile” \InProcServer32(Default) = “docprop.dll” [** WMI GetObject error **] “{40dd6e20-7c17-11ce-a804-00aa003ca9f6}” = “Rozszerzenia powłoki dla udostępniania zasobów” - {HKLM…CLSID} = “Rozszerzenia powłoki dla udostępniania zasobów” \InProcServer32(Default) = “ntshrui.dll” [** WMI GetObject error **] “{41E300E0-78B6-11ce-849B-444553540000}” = “PlusPack CPL Extension” - {HKLM…CLSID} = “Rozszerzenie CPL pakietu PlusPack” \InProcServer32(Default) = “C:\WINDOWS\System32\themeui.dll” [** WMI GetObject error **] “{42071712-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL karty graficznej” - {HKLM…CLSID} = “Rozszerzenie CPL karty graficznej” \InProcServer32(Default) = “deskadp.dll” [** WMI GetObject error **] “{42071713-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL monitora wyświetlania” - {HKLM…CLSID} = “Rozszerzenie CPL monitora wyświetlania” \InProcServer32(Default) = “deskmon.dll” [** WMI GetObject error **] “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” - {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{4E40F770-369C-11d0-8922-00A024AB2DBB}” = “Strona zabezpieczeń usługi DS” - {HKLM…CLSID} = “Rozszerzenie powłoki zabezpieczeń” \InProcServer32(Default) = “dssec.dll” [** WMI GetObject error **] “{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}” = “Strona zgodności” - {HKLM…CLSID} = “Strona zgodności” \InProcServer32(Default) = “SlayerXP.dll” [** WMI GetObject error **] “{56117100-C0CD-101B-81E2-00AA004AE837}” = “Program obsługi danych wycinkowych powłoki” - {HKLM…CLSID} = “Program obsługi danych wycinkowych powłoki” \InProcServer32(Default) = “shscrap.dll” [** WMI GetObject error **] “{59099400-57FF-11CE-BD94-0020AF85B590}” = “Rozszerzenie Disc Copy” - {HKLM…CLSID} = “Rozszerzenie Disc Copy” \InProcServer32(Default) = “diskcopy.dll” [** WMI GetObject error **] “{59be4990-f85c-11ce-aff7-00aa003ca9f6}” = “Rozszerzenia powłoki dla obiektów Microsoft Windows Network” - {HKLM…CLSID} = “Rozszerzenia powłoki dla obiektów Microsoft Windows Network” \InProcServer32(Default) = “ntlanui2.dll” [** WMI GetObject error **] “{5DB2625A-54DF-11D0-B6C4-0800091AA605}” = “Zarządzanie monitorem ICM” - {HKLM…CLSID} = “Zarządzanie monitorem ICM” \InProcServer32(Default) = “C:\WINDOWS\System32\icmui.dll” [** WMI GetObject error **] “{675F097E-4C4D-11D0-B6C1-0800091AA605}” = “Zarządzanie drukarką ICM” - {HKLM…CLSID} = “Zarządzanie drukarką ICM” \InProcServer32(Default) = “C:\WINDOWS\system32\icmui.dll” [** WMI GetObject error **] “{77597368-7b15-11d0-a0c2-080036af3f03}” = “Rozszerzenie powłoki drukarek sieci Web” - {HKLM…CLSID} = “Rozszerzenie powłoki drukarek sieci Web” \InProcServer32(Default) = “printui.dll” [** WMI GetObject error **] “{7988B573-EC89-11cf-9C00-00AA00A14F56}” = “Disk Quota UI” - {HKLM…CLSID} = “Microsoft Disk Quota UI” \InProcServer32(Default) = “dskquoui.dll” [** WMI GetObject error **] “{85BBD920-42A0-1069-A2E4-08002B30309D}” = “Aktówka” - {HKLM…CLSID} = “Aktówka” \InProcServer32(Default) = “syncui.dll” [** WMI GetObject error **] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” - {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [** WMI GetObject error **] “{BD84B380-8CA2-1069-AB1D-08000948F534}” = “Fonts” - {HKLM…CLSID} = “Fonts” \InProcServer32(Default) = “fontext.dll” [** WMI GetObject error **] “{DBCE2480-C732-101B-BE72-BA78E9AD5B27}” = “Profil ICC” - {HKLM…CLSID} = “Profil ICC” \InProcServer32(Default) = “C:\WINDOWS\system32\icmui.dll” [** WMI GetObject error **] “{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}” = “Strona zabezpieczeń drukarek” - {HKLM…CLSID} = “Rozszerzenie powłoki zabezpieczeń” \InProcServer32(Default) = “rshx32.dll” [** WMI GetObject error **] “{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}” = “Rozszerzenia powłoki dla udostępniania zasobów” - {HKLM…CLSID} = “Rozszerzenia powłoki dla udostępniania zasobów” \InProcServer32(Default) = “ntshrui.dll” [** WMI GetObject error **] “{f92e8c40-3d33-11d2-b1aa-080036a75b03}” = “Display TroubleShoot CPL Extension” - {HKLM…CLSID} = “Display TroubleShoot CPL Extension” \InProcServer32(Default) = “deskperf.dll” [** WMI GetObject error **] “{7444C717-39BF-11D1-8CD9-00C04FC29D45}” = “Rozszerzenie Crypto PKO” - {HKLM…CLSID} = “CryptPKO Class” \InProcServer32(Default) = “C:\WINDOWS\system32\cryptext.dll” [** WMI GetObject error **] “{7444C719-39BF-11D1-8CD9-00C04FC29D45}” = “Rozszerzenie Crypto Sign” - {HKLM…CLSID} = “CryptSig Class” \InProcServer32(Default) = “C:\WINDOWS\system32\cryptext.dll” [** WMI GetObject error **] “{7007ACC7-3202-11D1-AAD2-00805FC1270E}” = “Połączenia sieciowe” - {HKLM…CLSID} = “Połączenia sieciowe” \InProcServer32(Default) = “C:\WINDOWS\system32\NETSHELL.dll” [** WMI GetObject error **] “{992CFFA0-F557-101A-88EC-00DD010CCC48}” = “Połączenia sieciowe” - {HKLM…CLSID} = “Połączenia sieciowe” \InProcServer32(Default) = “C:\WINDOWS\system32\NETSHELL.dll” [** WMI GetObject error **] “{E211B736-43FD-11D1-9EFB-0000F8757FCD}” = “Skanery i aparaty fotograficzne” - {HKLM…CLSID} = “Skanery i aparaty fotograficzne” \InProcServer32(Default) = “wiashext.dll” [** WMI GetObject error **] “{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}” = “Skanery i aparaty fotograficzne” - {HKLM…CLSID} = “Skanery i aparaty fotograficzne” \InProcServer32(Default) = “wiashext.dll” [** WMI GetObject error **] “{905667aa-acd6-11d2-8080-00805f6596d2}” = “Skanery i aparaty fotograficzne” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “wiashext.dll” [** WMI GetObject error **] “{3F953603-1008-4f6e-A73A-04AAC7A992F1}” = “Skanery i aparaty fotograficzne” - {HKLM…CLSID} = “Skanery i aparaty fotograficzne” \InProcServer32(Default) = “wiashext.dll” [** WMI GetObject error **] “{83bbcbf3-b28a-4919-a5aa-73027445d672}” = “Skanery i aparaty fotograficzne” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “wiashext.dll” [** WMI GetObject error **] “{F0152790-D56E-4445-850E-4F3117DB740C}” = “Remote Sessions CPL Extension” - {HKLM…CLSID} = “Remote Sessions CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\System32\remotepg.dll” [** WMI GetObject error **] “{5F327514-6C5E-4d60-8F16-D07FA08A78ED}” = “Auto Update Property Sheet Extension” - {HKLM…CLSID} = “Auto Update Property Sheet Extension” \InProcServer32(Default) = “C:\WINDOWS\System32\wuaueng.dll” [** WMI GetObject error **] “{60254CA5-953B-11CF-8C96-00AA00B8708C}” = “Rozszerzenia powłoki dla hosta skryptów systemu Windows” - {HKLM…CLSID} = “Shell Extension For Windows Script Host” \InProcServer32(Default) = “C:\WINDOWS\System32\wshext.dll” [** WMI GetObject error **] “{2206CDB2-19C1-11D1-89E0-00C04FD7A829}” = “Microsoft Data Link” - {HKLM…CLSID} = “Microsoft OLE DB Service Component Data Links” \InProcServer32(Default) = “C:\Program Files\Common Files\System\Ole DB\oledb32.dll” [** WMI GetObject error **] “{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}” = “Tasks Folder Icon Handler” - {HKLM…CLSID} = “Scheduling UI icon handler” \InProcServer32(Default) = “C:\WINDOWS\System32\mstask.dll” [** WMI GetObject error **] “{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}” = “Tasks Folder Shell Extension” - {HKLM…CLSID} = “Scheduling UI property sheet handler” \InProcServer32(Default) = “C:\WINDOWS\System32\mstask.dll” [** WMI GetObject error **] “{D6277990-4C6A-11CF-8D87-00AA0060F5BF}” = “Zaplanowane zadania” - {HKLM…CLSID} = “Zaplanowane zadania” \InProcServer32(Default) = “C:\WINDOWS\System32\mstask.dll” [** WMI GetObject error **] “{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}” = “Wyszukaj” - {HKLM…CLSID} = “Wyszukaj” \InProcServer32(Default) = “C:\WINDOWS\system32\shdocvw.dll” [** WMI GetObject error **] “{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}” = “Pomoc i obsługa techniczna” - {HKLM…CLSID} = “Pomoc i obsługa techniczna” \InProcServer32(Default) = “C:\WINDOWS\system32\shdocvw.dll” [** WMI GetObject error **] “{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}” = “Pomoc i obsługa techniczna” - {HKLM…CLSID} = “Zabezpieczenia systemu Windows” \InProcServer32(Default) = “C:\WINDOWS\system32\shdocvw.dll” [** WMI GetObject error **] “{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}” = “Uruchom…” - {HKLM…CLSID} = “Uruchom…” \InProcServer32(Default) = “C:\WINDOWS\system32\shdocvw.dll” [** WMI GetObject error **] “{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}” = “Internet” - {HKLM…CLSID} = “Internet” \InProcServer32(Default) = “C:\WINDOWS\system32\shdocvw.dll” [** WMI GetObject error **] “{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}” = “E-mail” - {HKLM…CLSID} = “E-mail” \InProcServer32(Default) = “C:\WINDOWS\system32\shdocvw.dll” [** WMI GetObject error **] “{D20EA4E1-3957-11d2-A40B-0C5020524152}” = “Czcionki” - {HKLM…CLSID} = “Czcionki” \InProcServer32(Default) = “C:\WINDOWS\system32\shdocvw.dll” [** WMI GetObject error **] “{D20EA4E1-3957-11d2-A40B-0C5020524153}” = “Narzędzia administracyjne” - {HKLM…CLSID} = “Narzędzia administracyjne” \InProcServer32(Default) = “C:\WINDOWS\system32\shdocvw.dll” [** WMI GetObject error **] “{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}” = “Audio Media Properties Handler” - {HKLM…CLSID} = “Audio Media Properties Handler” \InProcServer32(Default) = “C:\WINDOWS\System32\shmedia.dll” [** WMI GetObject error **] “{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}” = “Video Media Properties Handler” - {HKLM…CLSID} = “Video Media Properties Handler” \InProcServer32(Default) = “C:\WINDOWS\System32\shmedia.dll” [** WMI GetObject error **] “{E4B29F9D-D390-480b-92FD-7DDB47101D71}” = “Wav Properties Handler” - {HKLM…CLSID} = “Wav Properties Handler” \InProcServer32(Default) = “C:\WINDOWS\System32\shmedia.dll” [** WMI GetObject error **] “{87D62D94-71B3-4b9a-9489-5FE6850DC73E}” = “Avi Properties Handler” - {HKLM…CLSID} = “Avi Properties Handler” \InProcServer32(Default) = “C:\WINDOWS\System32\shmedia.dll” [** WMI GetObject error **] “{A6FD9E45-6E44-43f9-8644-08598F5A74D9}” = “Midi Properties Handler” - {HKLM…CLSID} = “Midi Properties Handler” \InProcServer32(Default) = “C:\WINDOWS\System32\shmedia.dll” [** WMI GetObject error **] “{c5a40261-cd64-4ccf-84cb-c394da41d590}” = “Video Thumbnail Extractor” - {HKLM…CLSID} = “Video Thumbnail Extractor” \InProcServer32(Default) = “C:\WINDOWS\System32\shmedia.dll” [** WMI GetObject error **] “{5E6AB780-7743-11CF-A12B-00AA004AE837}” = “Pasek narzędzi programu Microsoft Internet” - {HKLM…CLSID} = “Pasek narzędzi programu Microsoft Internet” \InProcServer32(Default) = “C:\WINDOWS\System32\browseui.dll” [** WMI GetObject error **] “{22BF0C20-6DA7-11D0-B373-00A0C9034938}” = “Stan pobierania” - {HKLM…CLSID} = “Stan pobierania” \InProcServer32(Default) = “C:\WINDOWS\System32\browseui.dll” [** WMI GetObject error **] “{91EA3F8B-C99B-11d0-9815-00C04FD91972}” = “Folder powłoki zwiększonej” - {HKLM…CLSID} = “Folder powłoki zwiększonej” \InProcServer32(Default) = “C:\WINDOWS\System32\browseui.dll” [** WMI GetObject error **] “{6413BA2C-B461-11d1-A18A-080036B11A03}” = “Folder powłoki zwiększonej 2” - {HKLM…CLSID} = “Folder powłoki zwiększonej 2” \InProcServer32(Default) = “C:\WINDOWS\System32\browseui.dll” [** WMI GetObject error **] “{F61FFEC1-754F-11d0-80CA-00AA005B4383}” = “BandProxy” - {HKLM…CLSID} = “BandProxy” \InProcServer32(Default) = “C:\WINDOWS\System32\browseui.dll” [** WMI GetObject error **] “{7BA4C742-9E81-11CF-99D3-00AA004AE837}” = “Pasek przeglądarki Microsoft” - {HKLM…CLSID} = “Pasek przeglądarki Microsoft” \InProcServer32(Default) = “C:\WINDOWS\System32\browseui.dll” [** WMI GetObject error **] “{30D02401-6A81-11d0-8274-00C04FD5AE38}” = “Pasek wyszukiwania” - {HKLM…CLSID} = “Pasek wyszukiwania” \InProcServer32(Default) = “C:\WINDOWS\System32\browseui.dll” [** WMI GetObject error **] “{32683183-48a0-441b-a342-7c2a440a9478}” = “Pasek multimediów” - {HKLM…CLSID} = “Pasek multimediów” \InProcServer32(Default) = “C:\WINDOWS\System32\browseui.dll” [** WMI GetObject error **] “{169A0691-8DF9-11d1-A1C4-00C04FD75D13}” = “Wyszukiwanie w okienku” - {HKLM…CLSID} = “Wyszukiwanie w okienku” \InProcServer32(Default) = “C:\WINDOWS\System32\browseui.dll” [** WMI GetObject error **] “{07798131-AF23-11d1-9111-00A0C98BA67D}” = “Wyszukiwanie w sieci Web” - {HKLM…CLSID} = “Wyszukiwanie w sieci Web” \InProcServer32(Default) = “C:\WINDOWS\System32\browseui.dll” [** WMI GetObject error **] “{AF4F6510-F982-11d0-8595-00AA004CD6D8}” = “Narzędzie opcji drzewa rejestru” - {HKLM…CLSID} = “Narzędzie opcji drzewa rejestru” \InProcServer32(Default) = “C:\WINDOWS\System32\browseui.dll” [** WMI GetObject error **] “{01E04581-4EEE-11d0-BFE9-00AA005B4383}” = “Adres” - {HKLM…CLSID} = “Adres” \InProcServer32(Default) = “C:\WINDOWS\System32\browseui.dll” [** WMI GetObject error **] “{A08C11D2-A228-11d0-825B-00AA005B4383}” = “Pole edycji adresu” - {HKLM…CLSID} = “Pole edycji adresu” \InProcServer32(Default) = “C:\WINDOWS\System32\browseui.dll” [** WMI GetObject error **] “{00BB2763-6A77-11D0-A535-00C04FD7D062}” = “Autouzupełnianie Microsoft” - {HKLM…CLSID} = “Autouzupełnianie Microsoft” \InProcServer32(Default) = “C:\WINDOWS\System32\browseui.dll” [** WMI GetObject error **] “{7376D660-C583-11d0-A3A5-00C04FD706EC}” = “Wyodrębnianie obrazów Trident” - {HKLM…CLSID} = “Wyodrębnianie obrazów Trident” \InProcServer32(Default) = “C:\WINDOWS\System32\browseui.dll” [** WMI GetObject error **] “{6756A641-DE71-11d0-831B-00AA005B4383}” = “Lista autouzupełniania MRU” - {HKLM…CLSID} = “Lista autouzupełniania MRU” \InProcServer32(Default) = “C:\WINDOWS\System32\browseui.dll” [** WMI GetObject error **] “{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}” = “Niestandardowa lista autouzupełniania MRU” - {HKLM…CLSID} = “Niestandardowa lista autouzupełniania MRU” \InProcServer32(Default) = “C:\WINDOWS\System32\browseui.dll” [** WMI GetObject error **] “{7e653215-fa25-46bd-a339-34a2790f3cb7}” = “Dostępny” - {HKLM…CLSID} = “Dostępny” \InProcServer32(Default) = “C:\WINDOWS\System32\browseui.dll” [** WMI GetObject error **] “{acf35015-526e-4230-9596-becbe19f0ac9}” = “Pasek podręczny śledzenia” - {HKLM…CLSID} = “Pasek podręczny śledzenia” \InProcServer32(Default) = “C:\WINDOWS\System32\browseui.dll” [** WMI GetObject error **] “{E0E11A09-5CB8-4B6C-8332-E00720A168F2}” = “Analizator paska adresu” - {HKLM…CLSID} = “Analizator paska adresu” \InProcServer32(Default) = “C:\WINDOWS\System32\browseui.dll” [** WMI GetObject error **] “{00BB2764-6A77-11D0-A535-00C04FD7D062}” = “Lista autouzupełniania historii Microsoft” - {HKLM…CLSID} = “Lista autouzupełniania historii Microsoft” \InProcServer32(Default) = “C:\WINDOWS\System32\browseui.dll” [** WMI GetObject error **] “{03C036F1-A186-11D0-824A-00AA005B4383}” = “Lista autouzupełniania folderu powłoki Microsoft” - {HKLM…CLSID} = “Lista autouzupełniania folderu powłoki Microsoft” \InProcServer32(Default) = “C:\WINDOWS\System32\browseui.dll” [** WMI GetObject error **] “{00BB2765-6A77-11D0-A535-00C04FD7D062}” = “Kontener wielu list autouzupełniania Microsoft” - {HKLM…CLSID} = “Kontener wielu list autouzupełniania Microsoft” \InProcServer32(Default) = “C:\WINDOWS\System32\browseui.dll” [** WMI GetObject error **] “{ECD4FC4E-521C-11D0-B792-00A0C90312E1}” = “Menu witryny paska powłoki” - {HKLM…CLSID} = “Menu witryny paska powłoki” \InProcServer32(Default) = “C:\WINDOWS\System32\browseui.dll” [** WMI GetObject error **] “{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}” = “Shell DeskBarApp” - {HKLM…CLSID} = “Shell DeskBarApp” \InProcServer32(Default) = “C:\WINDOWS\System32\browseui.dll” [** WMI GetObject error **] “{ECD4FC4C-521C-11D0-B792-00A0C90312E1}” = “Pasek pulpitu powłoki” - {HKLM…CLSID} = “Pasek pulpitu powłoki” \InProcServer32(Default) = “C:\WINDOWS\System32\browseui.dll” [** WMI GetObject error **] “{ECD4FC4D-521C-11D0-B792-00A0C90312E1}” = “Shell Rebar BandSite” - {HKLM…CLSID} = “Shell Rebar BandSite” \InProcServer32(Default) = “C:\WINDOWS\System32\browseui.dll” [** WMI GetObject error **] “{DD313E04-FEFF-11d1-8ECD-0000F87A470C}” = “Pomoc dla użytkownika” - {HKLM…CLSID} = “Pomoc dla użytkownika” \InProcServer32(Default) = “C:\WINDOWS\System32\browseui.dll” [** WMI GetObject error **] “{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}” = “Globalne ustawienia folderów” - {HKLM…CLSID} = “Globalne ustawienia folderów” \InProcServer32(Default) = “C:\WINDOWS\System32\browseui.dll” [** WMI GetObject error **] “{EFA24E61-B078-11d0-89E4-00C04FC9E26E}” = “Favorites Band” - {HKLM…CLSID} = “Favorites Band” \InProcServer32(Default) = “C:\WINDOWS\System32\shdocvw.dll” [** WMI GetObject error **] “{0A89A860-D7B1-11CE-8350-444553540000}” = “Shell Automation Inproc Service” - {HKLM…CLSID} = “Shell Automation Inproc Service” \InProcServer32(Default) = “C:\WINDOWS\System32\shdocvw.dll” [** WMI GetObject error **] “{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}” = “Shell DocObject Viewer” - {HKLM…CLSID} = “Shell DocObject Viewer” \InProcServer32(Default) = “C:\WINDOWS\System32\shdocvw.dll” [** WMI GetObject error **] “{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}” = “Microsoft Browser Architecture” - {HKLM…CLSID} = “Microsoft Browser Architecture” \InProcServer32(Default) = “C:\WINDOWS\System32\shdocvw.dll” [** WMI GetObject error **] “{FBF23B40-E3F0-101B-8488-00AA003E56F8}” = “InternetShortcut” - {HKLM…CLSID} = “Skrót internetowy” \InProcServer32(Default) = “shdocvw.dll” [** WMI GetObject error **] “{3C374A40-BAE4-11CF-BF7D-00AA006946EE}” = “Microsoft Url History Service” - {HKLM…CLSID} = “Microsoft Url History Service” \InProcServer32(Default) = “C:\WINDOWS\System32\shdocvw.dll” [** WMI GetObject error **] “{FF393560-C2A7-11CF-BFF4-444553540000}” = “Historia” - {HKLM…CLSID} = “Historia” \InProcServer32(Default) = “C:\WINDOWS\System32\shdocvw.dll” [** WMI GetObject error **] “{7BD29E00-76C1-11CF-9DD0-00A0C9034933}” = “Tymczasowe pliki internetowe” - {HKLM…CLSID} = “Tymczasowe pliki internetowe” \InProcServer32(Default) = “C:\WINDOWS\System32\shdocvw.dll” [** WMI GetObject error **] “{7BD29E01-76C1-11CF-9DD0-00A0C9034933}” = “Tymczasowe pliki internetowe” - {HKLM…CLSID} = “Tymczasowe pliki internetowe” \InProcServer32(Default) = “C:\WINDOWS\System32\shdocvw.dll” [** WMI GetObject error **] “{CFBFAE00-17A6-11D0-99CB-00C04FD64497}” = “Microsoft Url Search Hook” - {HKLM…CLSID} = “Microsoft Url Search Hook” \InProcServer32(Default) = “C:\WINDOWS\System32\shdocvw.dll” [** WMI GetObject error **] “{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}” = “Ekran powitalny pakietu IE4” - {HKLM…CLSID} = “Ekran powitalny pakietu IE4” \InProcServer32(Default) = “C:\WINDOWS\System32\shdocvw.dll” [** WMI GetObject error **] “{67EA19A0-CCEF-11d0-8024-00C04FD75D13}” = “CDF Extension Copy Hook” - {HKLM…CLSID} = “CDF Extension Copy Hook” \InProcServer32(Default) = “C:\WINDOWS\System32\shdocvw.dll” [** WMI GetObject error **] “{131A6951-7F78-11D0-A979-00C04FD705A2}” = “ISFBand OC” - {HKLM…CLSID} = “ISFBand OC” \InProcServer32(Default) = “C:\WINDOWS\System32\shdocvw.dll” [** WMI GetObject error **] “{9461b922-3c5a-11d2-bf8b-00c04fb93661}” = “Search Assistant OC” - {HKLM…CLSID} = “Search Assistant OC” \InProcServer32(Default) = “C:\WINDOWS\System32\shdocvw.dll” [** WMI GetObject error **] “{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}” = “Internet” - {HKLM…CLSID} = “Internet” \InProcServer32(Default) = “C:\WINDOWS\System32\shdocvw.dll” [** WMI GetObject error **] “{871C5380-42A0-1069-A2EA-08002B30309D}” = “Internet Name Space” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\shdocvw.dll” [** WMI GetObject error **] “{EFA24E64-B078-11d0-89E4-00C04FC9E26E}” = “Pasek eksploratora” - {HKLM…CLSID} = “Pasek eksploratora” \InProcServer32(Default) = “C:\WINDOWS\System32\shdocvw.dll” [** WMI GetObject error **] “{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}” = “Sendmail service” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\sendmail.dll” [** WMI GetObject error **] “{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}” = “Sendmail service” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\sendmail.dll” [** WMI GetObject error **] “{88C6C381-2E85-11D0-94DE-444553540000}” = “Folder pamięci podręcznej ActiveX” - {HKLM…CLSID} = “Folder pamięci podręcznej ActiveX” \InProcServer32(Default) = “C:\WINDOWS\System32\occache.dll” [** WMI GetObject error **] “{E6FB5E20-DE35-11CF-9C87-00AA005127ED}” = “WebCheck” - {HKLM…CLSID} = “WebCheck” \InProcServer32(Default) = “C:\WINDOWS\System32\webcheck.dll” [** WMI GetObject error **] “{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}” = “Subscription Mgr” - {HKLM…CLSID} = “Subscription Mgr” \InProcServer32(Default) = “C:\WINDOWS\System32\webcheck.dll” [** WMI GetObject error **] “{F5175861-2688-11d0-9C5E-00AA00A45957}” = “Folder subskrypcji” - {HKLM…CLSID} = “Folder subskrypcji” \InProcServer32(Default) = “C:\WINDOWS\System32\webcheck.dll” [** WMI GetObject error **] “{08165EA0-E946-11CF-9C87-00AA005127ED}” = “WebCheckWebCrawler” - {HKLM…CLSID} = “WebCheckWebCrawler” \InProcServer32(Default) = “C:\WINDOWS\System32\webcheck.dll” [** WMI GetObject error **] “{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}” = “WebCheckChannelAgent” - {HKLM…CLSID} = “WebCheckChannelAgent” \InProcServer32(Default) = “C:\WINDOWS\System32\webcheck.dll” [** WMI GetObject error **] “{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}” = “TrayAgent” - {HKLM…CLSID} = “TrayAgent” \InProcServer32(Default) = “C:\WINDOWS\System32\webcheck.dll” [** WMI GetObject error **] “{7D559C10-9FE9-11d0-93F7-00AA0059CE02}” = “Code Download Agent” - {HKLM…CLSID} = “Code Download Agent” \InProcServer32(Default) = “C:\WINDOWS\System32\webcheck.dll” [** WMI GetObject error **] “{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}” = “ConnectionAgent” - {HKLM…CLSID} = “ConnectionAgent” \InProcServer32(Default) = “C:\WINDOWS\System32\webcheck.dll” [** WMI GetObject error **] “{D8BD2030-6FC9-11D0-864F-00AA006809D9}” = “PostAgent” - {HKLM…CLSID} = “PostAgent” \InProcServer32(Default) = “C:\WINDOWS\System32\webcheck.dll” [** WMI GetObject error **] “{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}” = “WebCheck SyncMgr Handler” - {HKLM…CLSID} = “WebCheck SyncMgr Handler” \InProcServer32(Default) = “C:\WINDOWS\System32\webcheck.dll” [** WMI GetObject error **] “{352EC2B7-8B9A-11D1-B8AE-006008059382}” = “Menedżer aplikacji powłoki” - {HKLM…CLSID} = “Menedżer aplikacji powłoki” \InProcServer32(Default) = “C:\WINDOWS\System32\appwiz.cpl” [** WMI GetObject error **] “{0B124F8F-91F0-11D1-B8B5-006008059382}” = “Wyliczanie zainstalowanych aplikacji” - {HKLM…CLSID} = “Wyliczanie zainstalowanych aplikacji” \InProcServer32(Default) = “C:\WINDOWS\System32\appwiz.cpl” [** WMI GetObject error **] “{CFCCC7A0-A282-11D1-9082-006008059382}” = “Publikator aplikacji Darwin” - {HKLM…CLSID} = “Publikator aplikacji Darwin” \InProcServer32(Default) = “C:\WINDOWS\System32\appwiz.cpl” [** WMI GetObject error **] “{e84fda7c-1d6a-45f6-b725-cb260c236066}” = “Shell Image Verbs” - {HKLM…CLSID} = “Shell Image Verbs” \InProcServer32(Default) = “C:\WINDOWS\System32\shimgvw.dll” [** WMI GetObject error **] “{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}” = “Shell Image Data Factory” - {HKLM…CLSID} = “Shell Image Data Factory” \InProcServer32(Default) = “C:\WINDOWS\System32\shimgvw.dll” [** WMI GetObject error **] “{3F30C968-480A-4C6C-862D-EFC0897BB84B}” = “GDI+program wyodrębniający miniatury plików” - {HKLM…CLSID} = “GDI+program wyodrębniający miniatury plików” \InProcServer32(Default) = “C:\WINDOWS\System32\shimgvw.dll” [** WMI GetObject error **] “{9DBD2C50-62AD-11d0-B806-00C04FD706EC}” = “Informacje podsumowujące obsługi miniatur (DOCFILES)” - {HKLM…CLSID} = “Informacje podsumowujące obsługi miniatur (DOCFILES)” \InProcServer32(Default) = “C:\WINDOWS\System32\shimgvw.dll” [** WMI GetObject error **] “{EAB841A0-9550-11cf-8C16-00805F1408F3}” = “Wyodrębnianie miniatur HTML” - {HKLM…CLSID} = “Wyodrębnianie miniatur HTML” \InProcServer32(Default) = “C:\WINDOWS\System32\shimgvw.dll” [** WMI GetObject error **] “{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}” = “Shell Image Property Handler” - {HKLM…CLSID} = “Shell Image Property Handler” \InProcServer32(Default) = “C:\WINDOWS\System32\shimgvw.dll” [** WMI GetObject error **] “{CC6EEFFB-43F6-46c5-9619-51D571967F7D}” = “Kreator publikacji w sieci Web” - {HKLM…CLSID} = “Kreator publikacji w sieci Web” \InProcServer32(Default) = “C:\WINDOWS\System32\netplwiz.dll” [** WMI GetObject error **] “{add36aa8-751a-4579-a266-d66f5202ccbb}” = “Zamawianie odbitek w sieci Web” - {HKLM…CLSID} = “Zamawianie odbitek w sieci Web” \InProcServer32(Default) = “C:\WINDOWS\System32\netplwiz.dll” [** WMI GetObject error **] “{6b33163c-76a5-4b6c-bf21-45de9cd503a1}” = “Obiekt powłoki kreatora publikacji” - {HKLM…CLSID} = “Obiekt powłoki kreatora publikacji” \InProcServer32(Default) = “C:\WINDOWS\System32\netplwiz.dll” [** WMI GetObject error **] “{58f1f272-9240-4f51-b6d4-fd63d1618591}” = “Kreator uzyskiwania profilu usługi Passport” - {HKLM…CLSID} = “Kreator uzyskiwania profilu usługi Passport” \InProcServer32(Default) = “C:\WINDOWS\System32\netplwiz.dll” [** WMI GetObject error **] “{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}” = “Folder skompresowany (zip)” - {HKLM…CLSID} = “CompressedFolder” \InProcServer32(Default) = “C:\WINDOWS\System32\zipfldr.dll” [** WMI GetObject error **] “{BD472F60-27FA-11cf-B8B4-444553540000}” = “Compressed (zipped) Folder Right Drag Handler” - {HKLM…CLSID} = “Compressed (zipped) Folder Right Drag Handler” \InProcServer32(Default) = “C:\WINDOWS\System32\zipfldr.dll” [** WMI GetObject error **] “{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}” = “Compressed (zipped) Folder SendTo Target” - {HKLM…CLSID} = “Compressed (zipped) Folder SendTo Target” \InProcServer32(Default) = “C:\WINDOWS\System32\zipfldr.dll” [** WMI GetObject error **] “{f39a0dc0-9cc8-11d0-a599-00c04fd64433}” = “Plik kanału” - {HKLM…CLSID} = “Channel” \InProcServer32(Default) = “C:\WINDOWS\System32\cdfview.dll” [** WMI GetObject error **] “{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}” = “Skrót kanału” - {HKLM…CLSID} = “Skrót kanału” \InProcServer32(Default) = “C:\WINDOWS\System32\cdfview.dll” [** WMI GetObject error **] “{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}” = “Obiekt obsługi kanału” - {HKLM…CLSID} = “Obiekt obsługi kanału” \InProcServer32(Default) = “C:\WINDOWS\System32\cdfview.dll” [** WMI GetObject error **] “{f3da0dc0-9cc8-11d0-a599-00c04fd64437}” = “Channel Menu” - {HKLM…CLSID} = “Channel Menu Handler Object” \InProcServer32(Default) = “C:\WINDOWS\System32\cdfview.dll” [** WMI GetObject error **] “{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}” = “Channel Properties” - {HKLM…CLSID} = “Channel Shortcut Property Pages” \InProcServer32(Default) = “C:\WINDOWS\System32\cdfview.dll” [** WMI GetObject error **] “{63da6ec0-2e98-11cf-8d82-444553540000}” = “FTP Folders Webview” - {HKLM…CLSID} = “Microsoft FTP Folder” \InProcServer32(Default) = “C:\WINDOWS\System32\msieftp.dll” [** WMI GetObject error **] “{883373C3-BF89-11D1-BE35-080036B11A03}” = “Microsoft DocProp Shell Ext” - {HKLM…CLSID} = “Microsoft DocProp Shell Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\docprop2.dll” [** WMI GetObject error **] “{A9CF0EAE-901A-4739-A481-E35B73E47F6D}” = “Microsoft DocProp Inplace Edit Box Control” - {HKLM…CLSID} = “Microsoft DocProp Inplace Edit Box Control” \InProcServer32(Default) = “C:\WINDOWS\System32\docprop2.dll” [** WMI GetObject error **] “{8EE97210-FD1F-4B19-91DA-67914005F020}” = “Microsoft DocProp Inplace ML Edit Box Control” - {HKLM…CLSID} = “Microsoft DocProp Inplace ML Edit Box Control” \InProcServer32(Default) = “C:\WINDOWS\System32\docprop2.dll” [** WMI GetObject error **] “{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}” = “Microsoft DocProp Inplace Droplist Combo Control” - {HKLM…CLSID} = “Microsoft DocProp Inplace Droplist Combo Control” \InProcServer32(Default) = “C:\WINDOWS\System32\docprop2.dll” [** WMI GetObject error **] “{6A205B57-2567-4A2C-B881-F787FAB579A3}” = “Microsoft DocProp Inplace Calendar Control” - {HKLM…CLSID} = “Microsoft DocProp Inplace Calendar Control” \InProcServer32(Default) = “C:\WINDOWS\System32\docprop2.dll” [** WMI GetObject error **] “{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}” = “Microsoft DocProp Inplace Time Control” - {HKLM…CLSID} = “Microsoft DocProp Inplace Time Control” \InProcServer32(Default) = “C:\WINDOWS\System32\docprop2.dll” [** WMI GetObject error **] “{8A23E65E-31C2-11d0-891C-00A024AB2DBB}” = “Directory Query UI” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\dsquery.dll” [** WMI GetObject error **] “{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}” = “Shell properties for a DS object” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\dsquery.dll” [** WMI GetObject error **] “{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}” = “Directory Object Find” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\dsquery.dll” [** WMI GetObject error **] “{F020E586-5264-11d1-A532-0000F8757D7E}” = “Directory Start/Search Find” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\dsquery.dll” [** WMI GetObject error **] “{0D45D530-764B-11d0-A1CA-00AA00C16E65}” = “Directory Property UI” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\dsuiext.dll” [** WMI GetObject error **] “{62AE1F9A-126A-11D0-A14B-0800361B1103}” = “Directory Context Menu Verbs” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\dsuiext.dll” [** WMI GetObject error **] “{ECF03A33-103D-11d2-854D-006008059367}” = “MyDocs Copy Hook” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\mydocs.dll” [** WMI GetObject error **] “{ECF03A32-103D-11d2-854D-006008059367}” = “MyDocs Drop Target” - {HKLM…CLSID} = “MyDocs Drop Target” \InProcServer32(Default) = “C:\WINDOWS\System32\mydocs.dll” [** WMI GetObject error **] “{4a7ded0a-ad25-11d0-98a8-0800361b1103}” = “MyDocs Properties” - {HKLM…CLSID} = “MyDocs menu and properties” \InProcServer32(Default) = “C:\WINDOWS\System32\mydocs.dll” [** WMI GetObject error **] “{750fdf0e-2a26-11d1-a3ea-080036587f03}” = “Offline Files Menu” - {HKLM…CLSID} = “Offline Files Menu” \InProcServer32(Default) = “C:\WINDOWS\System32\cscui.dll” [** WMI GetObject error **] “{10CFC467-4392-11d2-8DB4-00C04FA31A66}” = “Offline Files Folder Options” - {HKLM…CLSID} = “Offline Files Folder Options” \InProcServer32(Default) = “C:\WINDOWS\System32\cscui.dll” [** WMI GetObject error **] “{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}” = “Folder plików trybu offline” - {HKLM…CLSID} = “Folder plików trybu offline” \InProcServer32(Default) = “C:\WINDOWS\System32\cscui.dll” [** WMI GetObject error **] “{143A62C8-C33B-11D1-84FE-00C04FA34A14}” = “Microsoft Agent Character Property Sheet Handler” - {HKLM…CLSID} = “Microsoft Agent Character Property Sheet Handler” \InProcServer32(Default) = “C:\WINDOWS\msagent\agentpsh.dll” [** WMI GetObject error **] “{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}” = “DfsShell” - {HKLM…CLSID} = “DfsShell Class” \InProcServer32(Default) = “C:\WINDOWS\System32\dfsshlex.dll” [** WMI GetObject error **] “{60fd46de-f830-4894-a628-6fa81bc0190d}” = “%DESC_PublishDropTarget%” - {HKLM…CLSID} = “Obiekt DropTarget dla Kreatora drukowania fotografii” \InProcServer32(Default) = “C:\WINDOWS\System32\photowiz.dll” [** WMI GetObject error **] “{7A80E4A8-8005-11D2-BCF8-00C04F72C717}” = “MMC Icon Handler” - {HKLM…CLSID} = “ExtractIcon Class” \InProcServer32(Default) = “C:\WINDOWS\System32\mmcshext.dll” [** WMI GetObject error **] “{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}” = “.CAB file viewer” - {HKLM…CLSID} = “Plik cabinet” \InProcServer32(Default) = “cabview.dll” [** WMI GetObject error **] “{32714800-2E5F-11d0-8B85-00AA0044F941}” = “Do osób…” - {HKLM…CLSID} = “Do osób…” \InProcServer32(Default) = “C:\Program Files\Outlook Express\wabfind.dll” [** WMI GetObject error **] “{8DD448E6-C188-4aed-AF92-44956194EB1F}” = “Windows Media Player Play as Playlist Context Menu Handler” - {HKLM…CLSID} = “WMP Burn Audio CD Launcher” \InProcServer32(Default) = “C:\WINDOWS\System32\wmpshell.dll” [** WMI GetObject error **] “{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}” = “Windows Media Player Burn Audio CD Context Menu Handler” - {HKLM…CLSID} = “WMP Play As Playlist Launcher” \InProcServer32(Default) = “C:\WINDOWS\System32\wmpshell.dll” [** WMI GetObject error **] “{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}” = “Windows Media Player Add to Playlist Context Menu Handler” - {HKLM…CLSID} = “WMP Add To Playlist Launcher” \InProcServer32(Default) = “C:\WINDOWS\System32\wmpshell.dll” [** WMI GetObject error **] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” - {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [** WMI GetObject error **] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” - {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [** WMI GetObject error **] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” - {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [** WMI GetObject error **] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” - {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [** WMI GetObject error **] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [** WMI GetObject error **] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” - {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [** WMI GetObject error **] “{23170F69-40C1-278A-1000-000100020000}” = “7-Zip Shell Extension” - {HKLM…CLSID} = “7-Zip Shell Extension” \InProcServer32(Default) = “C:\Program Files\7-Zip\7-zip.dll” [** WMI GetObject error **] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\ INFECTION WARNING! “{438755C2-A8BA-11D1-B96B-00A0C90312E1}” = “Moduł wstępnego ładowania interfejsu Browseui” - {HKLM…CLSID} = “Moduł wstępnego ładowania interfejsu Browseui” \InProcServer32(Default) = “C:\WINDOWS\System32\browseui.dll” [** WMI GetObject error **] INFECTION WARNING! “{8C7461EF-2B13-11d2-BE35-3078302C2030}” = “Demon buforu kategorii składników” - {HKLM…CLSID} = “Demon buforu kategorii składników” \InProcServer32(Default) = “C:\WINDOWS\System32\browseui.dll” [** WMI GetObject error **] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! “{AEB6717E-7E19-11d0-97EE-00C04FD91972}” = (no title provided) - {HKLM…CLSID} = “URL Exec Hook” \InProcServer32(Default) = “shell32.dll” [** WMI GetObject error **] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “PostBootReminder” = “{7849596a-48ea-486e-8937-a2a3009f31a9}” - {HKLM…CLSID} = “Obiekt PostBootReminder” \InProcServer32(Default) = “C:\WINDOWS\system32\SHELL32.dll” [** WMI GetObject error **] “CDBurn” = “{fbeb8a05-beee-4442-804e-409d6c4515e9}” - {HKLM…CLSID} = “Folder powłoki dla nagrywania dysków CD” \InProcServer32(Default) = “C:\WINDOWS\system32\SHELL32.dll” [** WMI GetObject error **] “WebCheck” = “{E6FB5E20-DE35-11CF-9C87-00AA005127ED}” - {HKLM…CLSID} = “WebCheck” \InProcServer32(Default) = “C:\WINDOWS\System32\webcheck.dll” [** WMI GetObject error **] “SysTray” = “{35CEC8A3-2BE6-11D2-8773-92E220524153}” - {HKLM…CLSID} = “SysTray” \InProcServer32(Default) = “C:\WINDOWS\System32\stobject.dll” [** WMI GetObject error **] HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ INFECTION WARNING! “load” = “C:\YDPDict\watch.exe” [** WMI GetObject error **] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! Class Install Handler\CLSID = “{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}” - {HKLM…CLSID} = “AP Class Install Handler filter” \InProcServer32(Default) = “C:\WINDOWS\system32\urlmon.dll” [** WMI GetObject error **] INFECTION WARNING! deflate\CLSID = “{8f6b0360-b80d-11d0-a9b3-006097942311}” - {HKLM…CLSID} = “AP lzdhtml encoding/decoding Filter” \InProcServer32(Default) = “C:\WINDOWS\system32\urlmon.dll” [** WMI GetObject error **] INFECTION WARNING! gzip\CLSID = “{8f6b0360-b80d-11d0-a9b3-006097942311}” - {HKLM…CLSID} = “AP lzdhtml encoding/decoding Filter” \InProcServer32(Default) = “C:\WINDOWS\system32\urlmon.dll” [** WMI GetObject error **] INFECTION WARNING! lzdhtml\CLSID = “{8f6b0360-b80d-11d0-a9b3-006097942311}” - {HKLM…CLSID} = “AP lzdhtml encoding/decoding Filter” \InProcServer32(Default) = “C:\WINDOWS\system32\urlmon.dll” [** WMI GetObject error **] INFECTION WARNING! text/webviewhtml\CLSID = “{733AC4CB-F1A4-11d0-B951-00A0C90312E1}” - {HKLM…CLSID} = “WebView MIME Filter” \InProcServer32(Default) = “C:\WINDOWS\system32\SHELL32.dll” [** WMI GetObject error **] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {0D2E74C4-3C34-11d2-A27E-00C04FC30871}(Default) = (no title provided) - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\SHELL32.dll” [** WMI GetObject error **] {24F14F01-7B1C-11d1-838f-0000F80461CF}(Default) = (no title provided) - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\SHELL32.dll” [** WMI GetObject error **] {24F14F02-7B1C-11d1-838f-0000F80461CF}(Default) = (no title provided) - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\SHELL32.dll” [** WMI GetObject error **] {66742402-F9B9-11D1-A202-0000F81FEDEE}(Default) = (no title provided) - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\SHELL32.dll” [** WMI GetObject error **] {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” - {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [** WMI GetObject error **] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ 7-Zip(Default) = “{23170F69-40C1-278A-1000-000100020000}” - {HKLM…CLSID} = “7-Zip Shell Extension” \InProcServer32(Default) = “C:\Program Files\7-Zip\7-zip.dll” [** WMI GetObject error **] avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” - {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [** WMI GetObject error **] Offline Files(Default) = “{750fdf0e-2a26-11d1-a3ea-080036587f03}” - {HKLM…CLSID} = “Offline Files Menu” \InProcServer32(Default) = “C:\WINDOWS\System32\cscui.dll” [** WMI GetObject error **] Open With(Default) = “{09799AFB-AD67-11d1-ABCD-00C04FC30936}” - {HKLM…CLSID} = “Open With Context Menu Handler” \InProcServer32(Default) = “C:\WINDOWS\system32\SHELL32.dll” [** WMI GetObject error **] Open With EncryptionMenu(Default) = “{A470F8CF-A1E8-4f65-8335-227475AA5C46}” - {HKLM…CLSID} = “Menu kontekstowe szyfrowania” \InProcServer32(Default) = “C:\WINDOWS\system32\SHELL32.dll” [** WMI GetObject error **] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ 7-Zip(Default) = “{23170F69-40C1-278A-1000-000100020000}” - {HKLM…CLSID} = “7-Zip Shell Extension” \InProcServer32(Default) = “C:\Program Files\7-Zip\7-zip.dll” [** WMI GetObject error **] EncryptionMenu(Default) = “{A470F8CF-A1E8-4f65-8335-227475AA5C46}” - {HKLM…CLSID} = “Menu kontekstowe szyfrowania” \InProcServer32(Default) = “C:\WINDOWS\system32\SHELL32.dll” [** WMI GetObject error **] Offline Files(Default) = “{750fdf0e-2a26-11d1-a3ea-080036587f03}” - {HKLM…CLSID} = “Offline Files Menu” \InProcServer32(Default) = “C:\WINDOWS\System32\cscui.dll” [** WMI GetObject error **] Sharing(Default) = “{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}” - {HKLM…CLSID} = “Rozszerzenia powłoki dla udostępniania zasobów” \InProcServer32(Default) = “ntshrui.dll” [** WMI GetObject error **] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” - {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [** WMI GetObject error **] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Witkowscy\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Startup items in “Witkowscy” “All Users” startup folders: ----------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “DSLMON” - shortcut to: “C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe” [** WMI GetObject error **] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [** WMI GetObject error **] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [** WMI GetObject error **] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [** WMI GetObject error **] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [** WMI GetObject error **], 01 - 03, 06 - 14 %SystemRoot%\system32\rsvpsp.dll [** WMI GetObject error **], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ “{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}” - {HKLM…CLSID} = “Kwyshell MidpX” \InProcServer32(Default) = “C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll” [** WMI GetObject error **] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}” = “Kwyshell MidpX” - {HKLM…CLSID} = “Kwyshell MidpX” \InProcServer32(Default) = “C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll” [** WMI GetObject error **] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}” - {HKLM…CLSID} = “Java Plug-in 1.5.0_07” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll” [** WMI GetObject error **] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ INFECTION WARNING! The running services cannot be counted. Presence of a spyware service is suspected. The script has been forced to exit. ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer “No” at the first message box. ---------- (total run time: 58 seconds, including 4 seconds for message boxes)

Widze, ze nieźle syfu w tym logu…

Gutek · 13 Lipiec 2006 11:47

Start >>> Uruchom >>> msconfig >>> w zakładce Uruchamianie wyłącz ten wpis.

Start >>>Uruchom>>> regsvr32 /u wsync32.dll

upx32 · 13 Lipiec 2006 15:10

W zakładce Uruchamianie nie ma takiego wpisu.

To nie działa

Złączono Posta : 13.07.2006 (Czw) 20:00

ok, już się nie silcie.

Doszłem do wniosku że najlepiej będzie jak zrobię formata.

Ale chciałbym wam bardzo podziękować za fachową pomoc.

Pozdrawiam

Gutek · 13 Lipiec 2006 20:48

Otwórz notatnik i wklej:

Plik >>> Zapisz jako >>> Ustaw rozszerzenie z TXT na Wszystkie pliki >>> zapisz pod nazwą FIX.REG >>> kliknij podwójnie zrobiony plik i potwierdź >>> reset kompa