Spybot zawieszony, ewido nie ma, smitfraud nie odpala się

komputer jest zamulony, spybot sie zatrzymuje podczas win32.spoler, ewido nie ma do Win Me, smitfraud się nie odpala, czym to wszytsko posprzątac? bo trochę syfu jest :frowning:

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows Me (Millennium Edition)

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"ScanRegistry" = "C:\WINDOWS\scanregw.exe /autorun" [MS]

"TaskMonitor" = "C:\WINDOWS\taskmon.exe" [MS]

"PCHealth" = "C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s" [MS]

"SystemTray" = "SysTray.Exe" [MS]

"LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]

"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer" ["Symantec Corporation"]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"URLLSTCK.exe" = "C:\Program Files\Norton Internet Security\UrlLstCk.exe" ["Symantec Corporation"]

"WheelMouse" = "C:\PROGRA~1\A4TECH\MOUSE\AMOUMAIN.EXE" ["A4Tech Co.,Ltd."]

"sxmvcder.exe" = "C:\WINDOWS\SYSTEM\sxmvcder.exe" [null data]

"srejuxef.exe" = "C:\WINDOWS\SYSTEM\srejuxef.exe" [null data]

"sjgtizcd.exe" = "C:\WINDOWS\SYSTEM\sjgtizcd.exe" [null data]

"szgpklaj.exe" = "C:\WINDOWS\SYSTEM\szgpklaj.exe" [null data]

"sfkpajmd.exe" = "C:\WINDOWS\SYSTEM\sfkpajmd.exe" [null data]

"shonejkr.exe" = "C:\WINDOWS\SYSTEM\shonejkr.exe" [null data]

"lylahszw.exe" = "C:\WINDOWS\SYSTEM\lylahszw.exe" [null data]

"Afctirkr.exe" = "C:\WINDOWS\SYSTEM\afctirkr.exe" [null data]

"Afmryzax.exe" = "C:\WINDOWS\SYSTEM\afmryzax.exe" [null data]

"Ahmtklyr.exe" = "C:\WINDOWS\SYSTEM\ahmtklyr.exe" [null data]

"Aranwlkr.exe" = "C:\WINDOWS\SYSTEM\aranwlkr.exe" [null data]

"Arelalsv.exe" = "C:\WINDOWS\SYSTEM\arelalsv.exe" [null data]

"Bstihibm.exe" = "C:\WINDOWS\SYSTEM\bstihibm.exe" [null data]

"Bsxipwna.exe" = "C:\WINDOWS\SYSTEM\bsxipwna.exe" [null data]

"Byjqpmna.exe" = "C:\WINDOWS\SYSTEM\byjqpmna.exe" [null data]

"Cbudsvaf.exe" = "C:\WINDOWS\SYSTEM\cbudsvaf.exe" [null data]

"CcApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]

"Cdezabar.exe" = "C:\WINDOWS\SYSTEM\cdezabar.exe" [null data]

"Cjgtqbwt.exe" = "C:\WINDOWS\SYSTEM\cjgtqbwt.exe" [null data]

"Cjkdspuj.exe" = "C:\WINDOWS\SYSTEM\cjkdspuj.exe" [null data]

"Clgjovgx.exe" = "C:\WINDOWS\SYSTEM\clgjovgx.exe" [null data]

"Cnitmpip.exe" = "C:\WINDOWS\SYSTEM\cnitmpip.exe" [null data]

"Ctaxojyz.exe" = "C:\WINDOWS\SYSTEM\ctaxojyz.exe" [null data]

"Cvgbyfct.exe" = "C:\WINDOWS\SYSTEM\cvgbyfct.exe" [null data]

"Cvyravul.exe" = "C:\WINDOWS\SYSTEM\cvyravul.exe" [null data]

"Dibgbkje.exe" = "C:\WINDOWS\SYSTEM\dibgbkje.exe" [null data]

"Dihwpolq.exe" = "C:\WINDOWS\SYSTEM\dihwpolq.exe" [null data]

"Dknqpqxc.exe" = "C:\WINDOWS\SYSTEM\dknqpqxc.exe" [null data]

"Dozcfkfq.exe" = "C:\WINDOWS\SYSTEM\dozcfkfq.exe" [null data]

"Dqbghyhc.exe" = "C:\WINDOWS\SYSTEM\dqbghyhc.exe" [null data]

"Dsbuvofi.exe" = "C:\WINDOWS\SYSTEM\dsbuvofi.exe" [null data]

"Duhazofy.exe" = "C:\WINDOWS\SYSTEM\duhazofy.exe" [null data]

"Ebcnojiv.exe" = "C:\WINDOWS\SYSTEM\ebcnojiv.exe" [null data]

"Edqhybul.exe" = "C:\WINDOWS\SYSTEM\edqhybul.exe" [null data]

"Ehqbazwh.exe" = "C:\WINDOWS\SYSTEM\ehqbazwh.exe" [null data]

"Ejapcfcp.exe" = "C:\WINDOWS\SYSTEM\ejapcfcp.exe" [null data]

"Encnyfsr.exe" = "C:\WINDOWS\SYSTEM\encnyfsr.exe" [null data]

"Engjyvsz.exe" = "C:\WINDOWS\SYSTEM\engjyvsz.exe" [null data]

"Enizalgv.exe" = "C:\WINDOWS\SYSTEM\enizalgv.exe" [null data]

"Enofotwn.exe" = "C:\WINDOWS\SYSTEM\enofotwn.exe" [null data]

"Erkrczip.exe" = "C:\WINDOWS\SYSTEM\erkrczip.exe" [null data]

"Evavebkb.exe" = "C:\WINDOWS\SYSTEM\evavebkb.exe" [null data]

"Evotgdip.exe" = "C:\WINDOWS\SYSTEM\evotgdip.exe" [null data]

"Exqxcxoh.exe" = "C:\WINDOWS\SYSTEM\exqxcxoh.exe" [null data]

"Fcdclolw.exe" = "C:\WINDOWS\SYSTEM\fcdclolw.exe" [null data]

"Fehcjarg.exe" = "C:\WINDOWS\SYSTEM\fehcjarg.exe" [null data]

"Fkdyhixo.exe" = "C:\WINDOWS\SYSTEM\fkdyhixo.exe" [null data]

"Afehwrqh.exe" = "C:\WINDOWS\SYSTEM\afehwrqh.exe" [null data]

"Fojazudm.exe" = "C:\WINDOWS\SYSTEM\fojazudm.exe" [null data]

"Foxshije.exe" = "C:\WINDOWS\SYSTEM\foxshije.exe" [null data]

"Glgtkvit.exe" = "C:\WINDOWS\SYSTEM\glgtkvit.exe" [null data]

"Gnotstud.exe" = "C:\WINDOWS\SYSTEM\gnotstud.exe" [null data]

"Gpwfkzqd.exe" = "C:\WINDOWS\SYSTEM\gpwfkzqd.exe" [null data]

"Gzajgxsx.exe" = "C:\WINDOWS\SYSTEM\gzajgxsx.exe" [null data]

"Harqryzu.exe" = "C:\WINDOWS\SYSTEM\harqryzu.exe" [null data]

"Hcharmfi.exe" = "C:\WINDOWS\SYSTEM\hcharmfi.exe" [null data]

"Hctspiji.exe" = "C:\WINDOWS\SYSTEM\hctspiji.exe" [null data]

"Hmpsdato.exe" = "C:\WINDOWS\SYSTEM\hmpsdato.exe" [null data]

"Horghohc.exe" = "C:\WINDOWS\SYSTEM\horghohc.exe" [null data]

"Hyngfmna.exe" = "C:\WINDOWS\SYSTEM\hyngfmna.exe" [null data]

"Ifuduhav.exe" = "C:\WINDOWS\SYSTEM\ifuduhav.exe" [null data]

"Ihwlqxwz.exe" = "C:\WINDOWS\SYSTEM\ihwlqxwz.exe" [null data]

"Ipsrctyt.exe" = "C:\WINDOWS\SYSTEM\ipsrctyt.exe" [null data]

"Ipybapkf.exe" = "C:\WINDOWS\SYSTEM\ipybapkf.exe" [null data]

"Irofqhcp.exe" = "C:\WINDOWS\SYSTEM\irofqhcp.exe" [null data]

"Ivatmjap.exe" = "C:\WINDOWS\SYSTEM\ivatmjap.exe" [null data]

"Ixulszwr.exe" = "C:\WINDOWS\SYSTEM\ixulszwr.exe" [null data]

"Izebsfoj.exe" = "C:\WINDOWS\SYSTEM\izebsfoj.exe" [null data]

"Izmzmtib.exe" = "C:\WINDOWS\SYSTEM\izmzmtib.exe" [null data]

"Jabedunu.exe" = "C:\WINDOWS\SYSTEM\jabedunu.exe" [null data]

"Jajcnqtg.exe" = "C:\WINDOWS\SYSTEM\jajcnqtg.exe" [null data]

"Jaxyleby.exe" = "C:\WINDOWS\SYSTEM\jaxyleby.exe" [null data]

"Jglwpkjs.exe" = "C:\WINDOWS\SYSTEM\jglwpkjs.exe" [null data]

"Jslsrmbc.exe" = "C:\WINDOWS\SYSTEM\jslsrmbc.exe" [null data]

"Jybivize.exe" = "C:\WINDOWS\SYSTEM\jybivize.exe" [null data]

"Kdqzwhaz.exe" = "C:\WINDOWS\SYSTEM\kdqzwhaz.exe" [null data]

"Kdtig.exe" = "C:\WINDOWS\SYSTEM\kdtig.exe" [file not found]

"Kfqtspkv.exe" = "C:\WINDOWS\SYSTEM\kfqtspkv.exe" [null data]

"Kpalqpkf.exe" = "C:\WINDOWS\SYSTEM\kpalqpkf.exe" [null data]

"Kpelujax.exe" = "C:\WINDOWS\SYSTEM\kpelujax.exe" [null data]

"Krefkpsz.exe" = "C:\WINDOWS\SYSTEM\krefkpsz.exe" [null data]

"Kretuhsr.exe" = "C:\WINDOWS\SYSTEM\kretuhsr.exe" [null data]

"Ktmdazub.exe" = "C:\WINDOWS\SYSTEM\ktmdazub.exe" [null data]

"Ktotuzkp.exe" = "C:\WINDOWS\SYSTEM\ktotuzkp.exe" [null data]

"Ktufgdyn.exe" = "C:\WINDOWS\SYSTEM\ktufgdyn.exe" [null data]

"Kvcdydcn.exe" = "C:\WINDOWS\SYSTEM\kvcdydcn.exe" [null data]

"Kvebcpyf.exe" = "C:\WINDOWS\SYSTEM\kvebcpyf.exe" [null data]

"Kxorufoh.exe" = "C:\WINDOWS\SYSTEM\kxorufoh.exe" [null data]

"Ilolknan.exe" = "C:\WINDOWS\SYSTEM\ilolknan.exe" [null data]

"Kxufafyt.exe" = "C:\WINDOWS\SYSTEM\kxufafyt.exe" [null data]

"Lahinazu.exe" = "C:\WINDOWS\SYSTEM\lahinazu.exe" [null data]

"Lavcpshm.exe" = "C:\WINDOWS\SYSTEM\lavcpshm.exe" [null data]

"Lezyxwpq.exe" = "C:\WINDOWS\SYSTEM\lezyxwpq.exe" [null data]

"Lktunyzs.exe" = "C:\WINDOWS\SYSTEM\lktunyzs.exe" [null data]

"Lshavopg.exe" = "C:\WINDOWS\SYSTEM\lshavopg.exe" [null data]

"Lsziloda.exe" = "C:\WINDOWS\SYSTEM\lsziloda.exe" [null data]

"Lynsxgji.exe" = "C:\WINDOWS\SYSTEM\lynsxgji.exe" [null data]

"Mbgbidsj.exe" = "C:\WINDOWS\SYSTEM\mbgbidsj.exe" [null data]

"Mbybglyt.exe" = "C:\WINDOWS\SYSTEM\mbybglyt.exe" [null data]

"Mdaxobyj.exe" = "C:\WINDOWS\SYSTEM\mdaxobyj.exe" [null data]

"Mfchynwz.exe" = "C:\WINDOWS\SYSTEM\mfchynwz.exe" [null data]

"Mfmjmbin.exe" = "C:\WINDOWS\SYSTEM\mfmjmbin.exe" [null data]

"Mfmpefkn.exe" = "C:\WINDOWS\SYSTEM\mfmpefkn.exe" [null data]

"Mhcdutsv.exe" = "C:\WINDOWS\SYSTEM\mhcdutsv.exe" [null data]

"Mhghktcv.exe" = "C:\WINDOWS\SYSTEM\mhghktcv.exe" [null data]

"Mlqfqfml.exe" = "C:\WINDOWS\SYSTEM\mlqfqfml.exe" [null data]

"Mpmdmjit.exe" = "C:\WINDOWS\SYSTEM\mpmdmjit.exe" [null data]

"Mrgfedep.exe" = "C:\WINDOWS\SYSTEM\mrgfedep.exe" [null data]

"Mrorizej.exe" = "C:\WINDOWS\SYSTEM\mrorizej.exe" [null data]

"Mxaxkbgv.exe" = "C:\WINDOWS\SYSTEM\mxaxkbgv.exe" [null data]

"Mzklwpqt.exe" = "C:\WINDOWS\SYSTEM\mzklwpqt.exe" [null data]

"Ncxsluza.exe" = "C:\WINDOWS\SYSTEM\ncxsluza.exe" [null data]

"Neryzupo.exe" = "C:\WINDOWS\SYSTEM\neryzupo.exe" [null data]

"Nijibana.exe" = "C:\WINDOWS\SYSTEM\nijibana.exe" [null data]

"Nipotulw.exe" = "C:\WINDOWS\SYSTEM\nipotulw.exe" [null data]

"Nizsvinc.exe" = "C:\WINDOWS\SYSTEM\nizsvinc.exe" [null data]

"Nmjyxinc.exe" = "C:\WINDOWS\SYSTEM\nmjyxinc.exe" [null data]

"Nmvupunu.exe" = "C:\WINDOWS\SYSTEM\nmvupunu.exe" [null data]

"Nojuvoxq.exe" = "C:\WINDOWS\SYSTEM\nojuvoxq.exe" [null data]

"Nopwlmzw.exe" = "C:\WINDOWS\SYSTEM\nopwlmzw.exe" [null data]

"Nsdefavc.exe" = "C:\WINDOWS\SYSTEM\nsdefavc.exe" [null data]

"Nujqlare.exe" = "C:\WINDOWS\SYSTEM\nujqlare.exe" [null data]

"Obotwlqh.exe" = "C:\WINDOWS\SYSTEM\obotwlqh.exe" [null data]

"Olabinwx.exe" = "C:\WINDOWS\SYSTEM\olabinwx.exe" [null data]

"Olwzczid.exe" = "C:\WINDOWS\SYSTEM\olwzczid.exe" [null data]

"Onqrcnqf.exe" = "C:\WINDOWS\SYSTEM\onqrcnqf.exe" [null data]

"Otgxwfil.exe" = "C:\WINDOWS\SYSTEM\otgxwfil.exe" [null data]

"Ovkdexyf.exe" = "C:\WINDOWS\SYSTEM\ovkdexyf.exe" [null data]

"Ovqzivmv.exe" = "C:\WINDOWS\SYSTEM\ovqzivmv.exe" [null data]

"Ozkbaput.exe" = "C:\WINDOWS\SYSTEM\ozkbaput.exe" [null data]

"Palmpgtu.exe" = "C:\WINDOWS\SYSTEM\palmpgtu.exe" [null data]

"Panmhmti.exe" = "C:\WINDOWS\SYSTEM\panmhmti.exe" [null data]

"Paxutife.exe" = "C:\WINDOWS\SYSTEM\paxutife.exe" [null data]

"Personal Security Center Monitor" = "C:\WINDOWS\SYSTEM\isc_ui.exe" [null data]

"Pglmzazs.exe" = "C:\WINDOWS\SYSTEM\pglmzazs.exe" [null data]

"Pqdepgfg.exe" = "C:\WINDOWS\SYSTEM\pqdepgfg.exe" [null data]

"Pqxerkrs.exe" = "C:\WINDOWS\SYSTEM\pqxerkrs.exe" [null data]

"Protections" = "C:\WINDOWS\SYSTEM\ProtEX32.exe" [null data]

"Pwrwbivy.exe" = "C:\WINDOWS\SYSTEM\pwrwbivy.exe" [null data]

"Pybqdutg.exe" = "C:\WINDOWS\SYSTEM\pybqdutg.exe" [null data]

"Qdqxkdiv.exe" = "C:\WINDOWS\SYSTEM\qdqxkdiv.exe" [null data]

"Qfwnmvgp.exe" = "C:\WINDOWS\SYSTEM\qfwnmvgp.exe" [null data]

"Qhizmzgz.exe" = "C:\WINDOWS\SYSTEM\qhizmzgz.exe" [null data]

"Qhqdkvsl.exe" = "C:\WINDOWS\SYSTEM\qhqdkvsl.exe" [null data]

"Qjslcvwv.exe" = "C:\WINDOWS\SYSTEM\qjslcvwv.exe" [null data]

"Qncrmhuj.exe" = "C:\WINDOWS\SYSTEM\qncrmhuj.exe" [null data]

"Qpgfkpet.exe" = "C:\WINDOWS\SYSTEM\qpgfkpet.exe" [null data]

"Qpsrsreb.exe" = "C:\WINDOWS\SYSTEM\qpsrsreb.exe" [null data]

"Qxgrspef.exe" = "C:\WINDOWS\SYSTEM\qxgrspef.exe" [null data]

"Qxuvsjqb.exe" = "C:\WINDOWS\SYSTEM\qxuvsjqb.exe" [null data]

"Rgbadufk.exe" = "C:\WINDOWS\SYSTEM\rgbadufk.exe" [null data]

"Rgdqhwpk.exe" = "C:\WINDOWS\SYSTEM\rgdqhwpk.exe" [null data]

"Rivijire.exe" = "C:\WINDOWS\SYSTEM\rivijire.exe" [null data]

"Rmvmlelm.exe" = "C:\WINDOWS\SYSTEM\rmvmlelm.exe" [null data]

"Rqzehihs.exe" = "C:\WINDOWS\SYSTEM\rqzehihs.exe" [null data]

"Rsjelchi.exe" = "C:\WINDOWS\SYSTEM\rsjelchi.exe" [null data]

"Rupqvyxy.exe" = "C:\WINDOWS\SYSTEM\rupqvyxy.exe" [null data]

"Sbsnqfov.exe" = "C:\WINDOWS\SYSTEM\sbsnqfov.exe" [null data]

"Tedctafo.exe" = "C:\WINDOWS\SYSTEM\tedctafo.exe" [null data]

"Tehwbehe.exe" = "C:\WINDOWS\SYSTEM\tehwbehe.exe" [null data]

"Tkbwvujq.exe" = "C:\WINDOWS\SYSTEM\tkbwvujq.exe" [null data]

"Tkhyzobw.exe" = "C:\WINDOWS\SYSTEM\tkhyzobw.exe" [null data]

"Tmxmlibo.exe" = "C:\WINDOWS\SYSTEM\tmxmlibo.exe" [null data]

"Ubifcnoj.exe" = "C:\WINDOWS\SYSTEM\ubifcnoj.exe" [null data]

"Ubwjovyv.exe" = "C:\WINDOWS\SYSTEM\ubwjovyv.exe" [null data]

"Udwhivqn.exe" = "C:\WINDOWS\SYSTEM\udwhivqn.exe" [null data]

"Ujgncdeh.exe" = "C:\WINDOWS\SYSTEM\ujgncdeh.exe" [null data]

"Ulefivmb.exe" = "C:\WINDOWS\SYSTEM\ulefivmb.exe" [null data]

"Ungpixat.exe" = "C:\WINDOWS\SYSTEM\ungpixat.exe" [null data]

"Utsxgtkj.exe" = "C:\WINDOWS\SYSTEM\utsxgtkj.exe" [null data]

"Uvinituf.exe" = "C:\WINDOWS\SYSTEM\uvinituf.exe" [null data]

"Uxapcbgp.exe" = "C:\WINDOWS\SYSTEM\uxapcbgp.exe" [null data]

"Uxolmrgt.exe" = "C:\WINDOWS\SYSTEM\uxolmrgt.exe" [null data]

"Uxqpmxyj.exe" = "C:\WINDOWS\SYSTEM\uxqpmxyj.exe" [null data]

"Uxyfyrqr.exe" = "C:\WINDOWS\SYSTEM\uxyfyrqr.exe" [null data]

"Uzerqbmp.exe" = "C:\WINDOWS\SYSTEM\uzerqbmp.exe" [null data]

"Uzuhqlwt.exe" = "C:\WINDOWS\SYSTEM\uzuhqlwt.exe" [null data]

"Vevohurs.exe" = "C:\WINDOWS\SYSTEM\vevohurs.exe" [null data]

"Vipuzyjk.exe" = "C:\WINDOWS\SYSTEM\vipuzyjk.exe" [null data]

"Vmpypqpk.exe" = "C:\WINDOWS\SYSTEM\vmpypqpk.exe" [null data]

"Vopyjgli.exe" = "C:\WINDOWS\SYSTEM\vopyjgli.exe" [null data]

"Vsjstwzw.exe" = "C:\WINDOWS\SYSTEM\vsjstwzw.exe" [null data]

"Vwhcbwre.exe" = "C:\WINDOWS\SYSTEM\vwhcbwre.exe" [null data]

"Vwjmhgna.exe" = "C:\WINDOWS\SYSTEM\vwjmhgna.exe" [null data]

"Vwxmtirs.exe" = "C:\WINDOWS\SYSTEM\vwxmtirs.exe" [null data]

"Wbuzyfmz.exe" = "C:\WINDOWS\SYSTEM\wbuzyfmz.exe" [null data]

"Wfojcncr.exe" = "C:\WINDOWS\SYSTEM\wfojcncr.exe" [null data]

"Whgdangb.exe" = "C:\WINDOWS\SYSTEM\whgdangb.exe" [null data]

"Wnsjofqp.exe" = "C:\WINDOWS\SYSTEM\wnsjofqp.exe" [null data]

"Wpwjcncl.exe" = "C:\WINDOWS\SYSTEM\wpwjcncl.exe" [null data]

"Wrcjqxuf.exe" = "C:\WINDOWS\SYSTEM\wrcjqxuf.exe" [null data]

"Wrizyzwx.exe" = "C:\WINDOWS\SYSTEM\wrizyzwx.exe" [null data]

"Wruvsxsz.exe" = "C:\WINDOWS\SYSTEM\wruvsxsz.exe" [null data]

"Wtopcvcn.exe" = "C:\WINDOWS\SYSTEM\wtopcvcn.exe" [null data]

"Wvyhobaf.exe" = "C:\WINDOWS\SYSTEM\wvyhobaf.exe" [null data]

"Xanqdwts.exe" = "C:\WINDOWS\SYSTEM\xanqdwts.exe" [null data]

"Xaxwhmzg.exe" = "C:\WINDOWS\SYSTEM\xaxwhmzg.exe" [null data]

"Xcncrwns.exe" = "C:\WINDOWS\SYSTEM\xcncrwns.exe" [null data]

"Xebancnm.exe" = "C:\WINDOWS\SYSTEM\xebancnm.exe" [null data]

"Xihijwtu.exe" = "C:\WINDOWS\SYSTEM\xihijwtu.exe" [null data]

"Xizchmtu.exe" = "C:\WINDOWS\SYSTEM\xizchmtu.exe" [null data]

"Xorahovu.exe" = "C:\WINDOWS\SYSTEM\xorahovu.exe" [null data]

"Xwnmjwzq.exe" = "C:\WINDOWS\SYSTEM\xwnmjwzq.exe" [null data]

"Xylutubi.exe" = "C:\WINDOWS\SYSTEM\xylutubi.exe" [null data]

"Ynyrclgz.exe" = "C:\WINDOWS\SYSTEM\ynyrclgz.exe" [null data]

"Yrgpifuv.exe" = "C:\WINDOWS\SYSTEM\yrgpifuv.exe" [null data]

"Yzmxezsn.exe" = "C:\WINDOWS\SYSTEM\yzmxezsn.exe" [null data]

"Zevsfkni.exe" = "C:\WINDOWS\SYSTEM\zevsfkni.exe" [null data]

"Zgzqdonq.exe" = "C:\WINDOWS\SYSTEM\zgzqdonq.exe" [null data]

"Zojetkdk.exe" = "C:\WINDOWS\SYSTEM\zojetkdk.exe" [null data]

"ngvazqro.exe" = "C:\WINDOWS\SYSTEM\ngvazqro.exe" [null data]

"poncfsze.exe" = "C:\WINDOWS\SYSTEM\poncfsze.exe" [null data]


HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\ {++}

"LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]

"SchedulingAgent" = "mstask.exe" [MS]

"KB918547" = "C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE" [MS]

"KB891711" = "C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE" [MS]

"SndSrvc" = "C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE" ["Symantec Corporation"]

"StillImageMonitor" = "C:\WINDOWS\SYSTEM\STIMON.EXE" [MS]

"ccEvtMgr" = ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]

"ccSetMgr" = ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]

"ScriptBlocking" = ""C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg" ["Symantec Corporation"]

"ccProxy" = "C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE" ["Symantec Corporation"]

"*StateMgr" = "C:\WINDOWS\System\Restore\StateMgr.exe" [MS]


HKLM\Software\Microsoft\Active Setup\Installed Components\

PerUser_CVT_Inis\(Default) = "Instalator systemu Windows — Konwerter FAT32"

                 \StubPath = "rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "AcroIEHlprObj Class"

                   \InProcServer32\(Default) = "C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX" ["("]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL" ["Safer Networking Limited"]

{9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = "Web assistant"

  -> {HKLM...CLSID} = "CNisExtBho Class"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"

  -> {HKLM...CLSID} = "CNavExtBho Class"

                   \InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\PROGRAM FILES\WINRAR\rarext.dll" [null data]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Eksplorator pulpitów"

  -> {HKLM...CLSID} = "Eksplorator pulpitów"

                   \InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\NVSHELL.DLL" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\NVSHELL.DLL" ["NVIDIA Corporation"]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\PROGRAM FILES\WINRAR\rarext.dll" [null data]

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"

  -> {HKLM...CLSID} = "IEContextMenu Class"

                   \InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\PROGRAM FILES\WINRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\PROGRAM FILES\WINRAR\rarext.dll" [null data]

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"

  -> {HKLM...CLSID} = "IEContextMenu Class"

                   \InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]



System Policies {policy setting}:

---------------------------------


Note: detected settings may not have any effect.


HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\


"CDRAutoRun" = (REG_BINARY) hex:00 00 00 00

{unrecognized setting}


"NoHelp" = (REG_DWORD) hex:0x00000001

{unrecognized setting}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by System Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\Moje dokumenty\Moje obrazy\80a9acc6ea0dfbefded8eaa211c5a680,14,1.jpg"



Enabled Scheduled Tasks:

------------------------


"Rozpoczęcie aplikacji dostrajania" -> launches: "walign" [MS]

"Harmonogram programu PCHealth dla zbierania danych" -> launches: "C:\WINDOWS\PCHEALTH\SUPPORT\PCHSCHD.EXE -c" [MS]

"Symantec NetDetect" -> launches: "C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\NDETECT.EXE" ["Symantec Corporation"]

"Norton AntiVirus - Skanuj komputer" -> launches: "C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe /task:"C:\WINDOWS\All Users\Dane aplikacji\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]

"FRU Task #Hewlett-Packard#hp psc 1200 series#1166901862" -> launches: "C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\hpqfrucl.exe -I "#Hewlett-Packard#hp psc 1200 series#1166901862"" ["0"]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "C:\WINDOWS\SYSTEM\rnr20.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range:

C:\WINDOWS\SYSTEM\mswsosp.dll [MS], 1

C:\WINDOWS\SYSTEM\msafd.dll [MS], 2 - 4

C:\WINDOWS\SYSTEM\rsvpsp.dll [MS], 5 - 6



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}"

  -> {HKLM...CLSID} = "Web assistant"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"

  -> {HKLM...CLSID} = "Norton AntiVirus"

                   \InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]


HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"

  -> {HKLM...CLSID} = "Norton AntiVirus"

                   \InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]


HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Web assistant"

  -> {HKLM...CLSID} = "Web assistant"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"

  -> {HKLM...CLSID} = "Norton AntiVirus"

                   \InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "MSN Messenger Service"

"Exec" = "C:\PROGRA~1\MESSEN~1\MSMSGS.EXE" [MS]



Miscellaneous IE Hijack Points

------------------------------


HKLM\Software\Microsoft\Internet Explorer\Version = (invalid data)

The Internet Explorer version cannot be found!


C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

The contents of IERESET.INF cannot be reliably checked!


Added lines (compared with English-language version):

[Strings]: START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome"

[Strings]: MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome"


Missing lines (compared with English-language version):

[Strings]: 2 lines



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

hpzs9x07\Driver = "hpzs9x07.dll" ["HP"]



----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 92 seconds.

---------- (total run time: 291 seconds)

http://www.ewido.net/en/onlinescan/ przeskanuj nim kompa

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.BAT

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG

Przejdź do trybu awaryjnego i uruchom utworzone pliki.

Usuń wpisy HJT jeśli będą.

Użyj narzędzia FixWareOut.

Po wykonaniu wklej nowy log z HJT, Silenta plus zawartość pliku c:\fixwareout\report.txt

fix.reg nie chciał sie uruchomić bo było napisane, że niewłaściwy jest plik rejestru i można importować tylko pliki rejestru

Fixwareout Last edited 4/5/2007

Post this report in the forums please 


Random Runs removed from HKLM 



We recommend getting a free online scan 

Computer Associates eTrust AV Web Scanner: http://www3.ca.com/virusinfo/virusscan.aspx


Hosts file was reset, If you use a custom hosts file please replace it.

Złączono Posta : 07.04.2007 (Sob) 20:03

Win32.Sober

na tym spybot się zatrzymuje, nawet po reinstalu

FIX.REG zapewne nie chciał się przyjąć ponieważ zamiast nagłówka:

dałem:

Ale w tej chwili nie jest to ważne, ponieważ logi są w porządku.

Dobrze, ale proszę podać dokładną lokalizację do znajdowanego zainfekowanego pliku.

Dodatkowo przeskanuj system którymś ze skanerów on-line przedstawionych w tym temacie:

http://cybertrash.netarteria.pl/cyber/i … 324.0.html

lokalizacji nie ma, zatrzymuje sie miejscu wyszukuję szkodniki

skan kasperskym tylko wystarczy? czy każdym z wymienionych?

A nie pokazuje Ci się żaden raport z tego skanowania w programie, a jeśli tak to czy mógłbyś go pokazać?

Jak chcesz. Jeden skaner może nie znaleźć czegoś, co inny by znalazł. Tak więc Kaspersky może nie znaleźć czegoś, co znalazł by Symantec, czy Trend Micro i odwrotnie dlatego proponowałbym przeskanować system kilkoma skanerami.