Trojan win32.agent jak usunąć?

avenger63 · 13 Sierpień 2007 05:24

Witam

Potrzebuję pomocy, pomimo antywira złapałem wirusa który zmienił mi ustawienia komputera, blokuje dostęp do menagera zadań(pewnie też przy okazji robi inne brzydkie rzeczy o których nie wiem).

Próbowałem skanować kompa ale niestety niektóre pliki mają odmowę dostepu i pewnie tam ten paskud rezyduje.

Poniżej wklejam pliki z silent runners oraz hijacka

Za wszelką pomoc w usunięciu tego szkodnika z góry dziękuje.

“Silent Runners.vbs”, revision 52, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by “{++}”

Startup items buried in registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS]

“ctfmon.exe” = “C:\WINDOWS\system32\ctfmon.exe” [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“Adobe Photo Downloader” = ““C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe”” [“Adobe Systems Incorporated”]

“nod32kui” = ““C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE” ["Eset "]

“NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS]

“CloneCDTray” = ““C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” /s” [“SlySoft, Inc.”]

“Launch PC Probe II” = ““C:\Program Files\ASUS\PC Probe II\Probe2.exe” 1” [“ASUS”]

“RTHDCPL” = “RTHDCPL.EXE” [“Realtek Semiconductor Corp.”]

“Alcmtr” = “ALCMTR.EXE” [“Realtek Semiconductor Corp.”]

“QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”]

“NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”]

“TrojanScanner” = “C:\Program Files\Trojan Remover\Trjscan.exe” [“Simply Super Software”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM…CLSID} = “AcroIEHlprObj Class”

\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”

-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”

\InProcServer32(Default) = “deskpan.dll” [file not found]

“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”

-> {HKLM…CLSID} = “HyperTerminal Icon Ext”

\InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”]

“{EFA24E62-B078-11d0-89E4-00C04FC9E26E}” = “History Band”

-> {HKLM…CLSID} = “History Band”

\InProcServer32(Default) = “C:\WINDOWS\system32\shdocvw.dll” [MS]

“{B327765E-D724-4347-8B16-78AE18552FC3}” = “NeroDigitalIconHandler”

-> {HKLM…CLSID} = “NeroDigitalIconHandler Class”

\InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [file not found]

“{7F1CF152-04F8-453A-B34C-E609530A9DC8}” = “NeroDigitalPropSheetHandler”

-> {HKLM…CLSID} = “NeroDigitalPropSheetHandler Class”

\InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [file not found]

“{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class”

-> {HKLM…CLSID} = “DesktopContext Class”

\InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”]

“{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper”

-> {HKLM…CLSID} = “NVIDIA CPL Extension”

\InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”]

“{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer”

-> {HKLM…CLSID} = “Desktop Explorer”

\InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”]

“{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”]

“{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu”

-> {HKLM…CLSID} = “nView Desktop Context Menu”

\InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”]

“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

“{DBD8E168-244D-448C-9922-25508950D1DC}” = “Ulead UDF Driver”

-> {HKLM…CLSID} = “USIShellExt Class”

\InProcServer32(Default) = “C:\Program Files\Common Files\Ulead Systems\DVD\USIShex.dll” [“Ulead Systems, Inc.”]

“{B089FE88-FB52-11D3-BDF1-0050DA34150D}” = “NOD32 Context Menu Shell Extension”

-> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension”

\InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” [null data]

“{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler”

-> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook”

\InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL” [MS]

“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\msohev.dll” [MS]

“{1DCD19FE-51F1-44BF-90F7-26F4D1944755}” = “Direct Audio Converter & CD Ripper Menu Shell Extension”

-> {HKLM…CLSID} = “Direct Audio Converter & CD Ripper Menu Shell Extension”

\InProcServer32(Default) = “C:\PROGRA~1\DIRECT~1\cmenu1.dll” [null data]

“{52B87208-9CCF-42C9-B88E-069281105805}” = “Trojan Remover Shell Extension”

-> {HKLM…CLSID} = “Trojan Remover Shell Extension”

\InProcServer32(Default) = “C:\PROGRA~1\TROJAN~1\Trshlex.dll” [“Simply Super Software”]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

“WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}”

-> {HKLM…CLSID} = “WPDShServiceObj Class”

\InProcServer32(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll” [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{7D4D6379-F301-4311-BEBA-E26EB0561882}(Default) = “NeroDigitalExt.NeroDigitalColumnHandler”

-> {HKLM…CLSID} = “NeroDigitalColumnHandler Class”

\InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [file not found]

{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info”

-> {HKLM…CLSID} = “PDF Shell Extension”

\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11D3-BDF1-0050DA34150D}”

-> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension”

\InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” [null data]

Trojan Remover(Default) = “{52B87208-9CCF-42C9-B88E-069281105805}”

-> {HKLM…CLSID} = “Trojan Remover Shell Extension”

\InProcServer32(Default) = “C:\PROGRA~1\TROJAN~1\Trshlex.dll” [“Simply Super Software”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11D3-BDF1-0050DA34150D}”

-> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension”

\InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” [null data]

Trojan Remover(Default) = “{52B87208-9CCF-42C9-B88E-069281105805}”

-> {HKLM…CLSID} = “Trojan Remover Shell Extension”

\InProcServer32(Default) = “C:\PROGRA~1\TROJAN~1\Trshlex.dll” [“Simply Super Software”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

Group Policies {policy setting}:

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

“NoChangeStartMenu” = (REG_DWORD) hex:0x00000001

{unrecognized setting}

“NoClose” = (REG_DWORD) hex:0x00000001

{unrecognized setting}

“NoLogOff” = (REG_DWORD) hex:0x00000001

{Disable Logoff}

“NoRun” = (REG_DWORD) hex:0x00000001

{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

“DisableTaskMgr” = (REG_DWORD) hex:0x00000001

{Remove Task Manager}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001

{Shutdown: Allow system to be shut down without having to log on}

“undockwithoutlogon” = (REG_DWORD) hex:0x00000001

{Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

“Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

“Wallpaper” = “C:\Documents and Settings\MY\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”

Enabled Screen Saver:

HKCU\Control Panel\Desktop\

“SCRNSAVE.EXE” = “C:\WINDOWS\system32\POLKOM~1.SCR” (PolKompJe.scr) [null data]

Startup items in “MY” & “All Users” startup folders:

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

“Adobe Reader Speed Launch” -> shortcut to: “C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”]

“Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l” [MS]

Winsock2 Service Provider DLLs:

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]

000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 21

%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 20

%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10

Toolbars, Explorer Bars, Extensions:

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

“{F2CF5485-4E02-4F68-819C-B92DE9277049}”

-> {HKLM…CLSID} = “&Links”

\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{E2E2DD38-D088-4134-82B7-F2BA38496583}\

“MenuText” = “@xpsp3res.dll,-20001”

“Exec” = “%windir%\Network Diagnostic\xpnetdiag.exe” [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

“ButtonText” = “Messenger”

“MenuText” = “Windows Messenger”

“Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):

Adobe Active File Monitor V5, AdobeActiveFileMonitor5.0, “C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe” [null data]

ATK Keyboard Service, ATKKeyboardService, “C:\WINDOWS\ATKKBService.exe” [“ASUSTeK COMPUTER INC.”]

Karta wydajności WMI, WmiApSrv, “C:\WINDOWS\system32\wbem\wmiapsrv.exe” [MS]

LightScribeService Direct Disc Labeling Service, LightScribeService, ““C:\Program Files\Common Files\LightScribe\LSSrvc.exe”” [“Hewlett-Packard Company”]

Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe”” [MS]

NOD32 Kernel Service, NOD32krn, ““C:\Program Files\Eset\nod32krn.exe”” ["Eset "]

nTune Service, nTuneService, “C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe /StartService” [“NVIDIA”]

NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”]

Ulead Burning Helper, UleadBurningHelper, “C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe” [“Ulead Systems, Inc.”]

---------- (launch time: 2007-08-13 07:20:43)

This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer “No” at the

first message box and “Yes” at the second message box.

---------- (total run time: 27 seconds, including 6 seconds for message boxes)

Logfile of HijackThis v1.99.1 Scan saved at 07:22:57, on 2007-08-13 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\explorer.exe C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\Program Files\ASUS\PC Probe II\Probe2.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\ASUS\AASP\1.00.32\aaCenter.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\winlogon.exe C:\Documents and Settings\MY\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F2 - REG:system.ini: Shell=explorer.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM…\Run: [Adobe Photo Downloader] “C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe” O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [CloneCDTray] “C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” /s O4 - HKLM…\Run: [Launch PC Probe II] “C:\Program Files\ASUS\PC Probe II\Probe2.exe” 1 O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

qrczak13 · 13 Sierpień 2007 19:51

Usuń w HJT.

Daj jeszcze log z ComboFix (opis zrobienia loga na samym dole).

avenger63 · 14 Sierpień 2007 08:14

Witam

Wywaliłem te dwa wpisy

poniżej log z ComboFix

Mam nadzieję że uda się go wywalić, jest bardzo cwany, blokuje managera zadań a także programy antywirusowe które działają podczas uruchamiania windows, przy normalnym skanowaniu blokuje dostęp do plików, ktoś nieżle go zabezpieczył.

Jestem bliski formatu partycji myślę że to go wykurzy

Pozdrawiam

ComboFix 07-08-14.4 - “MY” 2007-08-14 10:05:45.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1261 [GMT 2:00] ((((((((((((((((((((((((( Files Created from 2007-07-14 to 2007-08-14 ))))))))))))))))))))))))))))))) 2007-08-14 09:56 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-14 09:21 79,622 --a------ C:\WINDOWS\system32\EBPMON24.DLL 2007-08-14 09:21 64,000 --a------ C:\WINDOWS\system32\ECBTEG.DLL 2007-08-14 09:21 34,304 --a------ C:\WINDOWS\system32\EBPCHP.DLL 2007-08-14 09:21 31,744 --a------ C:\WINDOWS\system32\E_DCINST.DLL 2007-08-14 09:21 2007-08-14 09:20 2007-08-14 09:20 2007-08-13 17:20 49,664 --a------ C:\WINDOWS\unvise32.exe 2007-08-13 17:20 2007-08-13 16:54 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-08-13 16:54 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-08-13 16:54 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-08-13 16:54 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys 2007-08-13 16:54 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-08-13 16:54 2007-08-13 16:54 2007-08-13 16:53 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-08-13 15:47 249,856 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-08-13 15:47 2007-08-13 15:47 2007-08-13 15:47 2007-08-13 15:47 2007-08-13 15:47 2007-08-13 15:47 2007-08-13 15:47 2007-08-13 10:24 2007-08-13 09:46 2007-08-13 09:25 2007-08-13 09:12 2007-08-13 08:01 2007-08-13 06:34 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe 2007-08-13 06:34 9,006 --a------ C:\clean.bat 2007-08-13 06:34 53,248 --a------ C:\WINDOWS\system32\process.exe 2007-08-13 06:34 4,096 --a------ C:\WINDOWS\system32\reboot.exe 2007-08-12 18:13 2007-08-12 13:34 2007-08-12 13:34 2007-08-12 13:34 2007-08-12 13:05 2007-08-12 12:53 23 --ahs---- C:\WINDOWS\system32\cbeacefc7_r.dll 2007-08-12 12:53 2007-08-12 12:50 2007-08-12 12:47 2007-08-12 11:01 1,310,720 --ah----- C:\DOCUME~1\admin\NTUSER.DAT 2007-08-12 11:01 2007-08-12 11:01 2007-08-12 11:01 2007-08-12 11:01 2007-08-12 11:01 2007-08-12 11:01 2007-08-12 11:01 2007-08-11 10:14 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-08-11 10:14 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-08-11 10:14 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2007-08-08 09:12 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys 2007-08-08 09:12 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll 2007-08-08 09:12 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll 2007-08-08 09:12 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll 2007-08-08 09:12 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-08-08 09:12 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys 2007-08-08 09:12 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2007-08-08 09:12 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll 2007-08-08 09:12 2007-08-06 19:38 2007-08-05 10:54 2007-08-05 10:10 2007-08-04 15:28 2007-08-04 12:56 2007-08-04 11:02 0 --a------ C:\WINDOWS\system32\UTSCSI.EXE 2007-08-04 11:01 2007-08-04 11:01 2007-08-04 11:01 2007-08-04 01:44 24,904 --------- C:\WINDOWS\system32\drivers\ElbyCDIO.sys 2007-08-02 15:27 93,128 --------- C:\WINDOWS\system32\ElbyCDIO.dll 2007-07-31 21:21 62,592 --a------ C:\WINDOWS\system32\drivers\moufiltr.sys 2007-07-31 21:21 2007-07-31 19:53 327,168 --a------ C:\WINDOWS\IsUn0415.exe 2007-07-31 16:37 2007-07-31 16:35 2007-07-31 16:32 2007-07-31 07:42 2007-07-31 07:03 2007-07-31 06:14 2007-07-31 06:13 2007-07-31 06:13 2007-07-31 06:04 2007-07-31 06:01 2007-07-30 21:53 69,632 -r------- C:\WINDOWS\Alcmtr.exe 2007-07-30 21:34 2007-07-30 20:57 2007-07-30 20:57 2007-07-29 18:53 25,856 --a–c— C:\WINDOWS\system32\dllcache\usbprint.sys 2007-07-29 18:53 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-07-19 16:04 2007-07-19 15:57 2007-07-19 15:55 2007-07-19 15:50 81,920 --a------ C:\DOCUME~1\MY\DANEAP~1\ezpinst.exe 2007-07-19 15:50 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2007-07-19 15:50 47,360 --a------ C:\DOCUME~1\MY\DANEAP~1\pcouffin.sys (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-13 16:30 --------- d-------- C:\Program Files\DaemonTools_WhenUSave_Installer 2007-08-13 16:30 --------- d-------- C:\Program Files\DAEMON Tools 2007-08-12 11:08 --------- d-------- C:\DOCUME~1\MY\DANEAP~1\AdobeUM 2007-08-08 09:12 --------- d-------- C:\Program Files\Common Files\Ahead 2007-08-07 20:17 196608 --a------ C:\WINDOWS\system32\drivers\nStandard.bin 2007-08-07 20:17 --------- d-------- C:\DOCUME~1\MY\DANEAP~1\Ahead 2007-08-05 10:50 359808 --a–c— C:\WINDOWS\system32\dllcache\tcpip.sys 2007-08-05 10:50 359808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys 2007-07-31 08:00 --------- d-------- C:\Program Files\Messenger 2007-07-30 21:53 --------- d-------- C:\Program Files\Realtek 2007-07-30 21:34 --------- d–h----- C:\Program Files\InstallShield Installation Information 2007-07-15 13:56 --------- d-------- C:\Program Files\AdorageI-SAL 2007-07-15 13:20 --------- d-------- C:\Program Files\Common Files\InstallShield 2007-07-13 18:25 --------- d-------- C:\DOCUME~1\MY\DANEAP~1\Apple Computer 2007-07-13 09:53 --------- d-------- C:\Program Files\InterVideo 2007-07-12 21:10 --------- d-------- C:\Program Files\Common Files\Canopus Shared 2007-07-12 21:10 --------- d-------- C:\Program Files\AdorageI-GfxDatas 2007-07-12 16:37 --------- d-------- C:\DOCUME~1\MY\DANEAP~1\Canopus 2007-07-12 15:27 --------- d-------- C:\Program Files\QuickTime 2007-07-12 15:10 --------- d-------- C:\Program Files\ASUS 2007-07-11 19:26 --------- d-------- C:\Program Files\Photomatix 2007-07-09 19:16 --------- d-------- C:\DOCUME~1\MY\DANEAP~1\WinRAR 2007-07-09 19:14 682232 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-07-08 20:13 --------- d-------- C:\Program Files\Common Files\LightScribe 2007-07-08 18:26 --------- d-------- C:\Program Files\GameFace Messenger 2007-07-08 18:05 737280 --a------ C:\WINDOWS\iun6002.exe 2007-07-08 18:04 --------- d-------- C:\Program Files\My Company Name 2007-07-08 17:53 --------- d-------- C:\Program Files\Nero 2007-07-08 16:24 8972 --a------ C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin 2007-07-08 16:24 2378 --a------ C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin 2007-07-08 16:05 --------- d-------- C:\Program Files\Attansic 2007-07-08 16:02 315392 --a------ C:\WINDOWS\HideWin.exe 2007-07-08 15:55 --------- d-------- C:\Program Files\Intel 2007-07-04 05:21 --------- d-------- C:\Program Files\Common Files\ODBC 2007-07-04 05:20 --------- d-------- C:\Program Files\Common Files\SpeechEngines 2007-07-03 21:33 0 -rahs---- C:\MSDOS.SYS 2007-07-03 21:33 0 -rahs---- C:\IO.SYS 2007-07-03 21:33 0 --a------ C:\CONFIG.SYS 2007-07-03 21:33 0 --a------ C:\AUTOEXEC.BAT 2007-07-03 21:33 --------- d-------- C:\Program Files\microsoft frontpage 2007-07-03 21:32 --------- d–h----- C:\Program Files\WindowsUpdate 2007-07-03 21:31 --------- d-------- C:\Program Files\Movie Maker 2007-07-03 21:31 --------- d-------- C:\Program Files\Common Files\MSSoap 2007-07-03 21:30 --------- d-------- C:\Program Files\Windows NT 2007-07-03 21:30 --------- d-------- C:\Program Files\MSN Gaming Zone 2007-06-19 09:22 43528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-06-19 09:22 118520 --------- C:\WINDOWS\system32\pxinsi64.exe 2007-06-19 09:22 118056 --------- C:\WINDOWS\system32\pxcpyi64.exe 2007-05-24 05:06 6144 --a------ C:\WINDOWS\system32\MksIdsa.sys 2007-05-24 05:06 15360 --a------ C:\WINDOWS\system32\MksFwallt.sys 2007-05-24 05:06 13312 --a------ C:\WINDOWS\system32\MksFwallf.sys 2007-05-24 05:06 11776 --a------ C:\WINDOWS\system32\MksIdsf.sys 2007-05-16 17:19 85504 --a–c— C:\WINDOWS\system32\dllcache\wabimp.dll 2007-05-16 17:19 510976 --a–c— C:\WINDOWS\system32\dllcache\wab32.dll 2007-05-16 17:19 1314816 --a–c— C:\WINDOWS\system32\dllcache\msoe.dll 2007-05-16 17:18 86528 --a–c— C:\WINDOWS\system32\dllcache\directdb.dll 2007-05-16 17:18 683520 --a–c— C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-05-16 17:18 683520 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-06-24 00:48 32768 -ra------ C:\WINDOWS\inf\UpdateUSB.exe --------- C:\Program Files\Usługi online ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Adobe Photo Downloader”=“C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe” [2006-09-14 07:55] “nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-03-22 04:50] “CloneCDTray”=“C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” [2005-05-19 15:47] “Launch PC Probe II”=“C:\Program Files\ASUS\PC Probe II\Probe2.exe” [2007-05-09 10:38] “RTHDCPL”=“RTHDCPL.EXE” [2007-03-21 16:49 C:\WINDOWS\RTHDCPL.exe] “QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-07-12 15:27] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50] “TrojanScanner”=“C:\Program Files\Trojan Remover\Trjscan.exe” [] “mkstray”=“C:\Program Files\mks_vir_2007\bin\mkstray.exe” [2007-08-13 09:41] “mks_mail”=“C:\Program Files\mks_vir_2007\bin\mks_mail.exe” [2007-05-24 05:06] “MKSRegmon”=“C:\Program Files\mks_vir_2007\bin\mksregmon.exe” [2007-05-24 05:06] “SDTray”=“C:\Program Files\Spyware Doctor\SDTrayApp.exe” [2007-08-13 16:57] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2006-03-02 14:00] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoChangeStartMenu”=1 (0x1) “NoClose”=1 (0x1) “NoLogOff”=1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MkS_Scan] @=“service” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" R0 iviVD;iviVD;C:\WINDOWS\system32\DRIVERS\iviVD.sys R0 JGOGO;JMicron Hot-Plug Driver;C:\WINDOWS\system32\DRIVERS\JGOGO.sys R0 JRAID;JRAID;C:\WINDOWS\system32\DRIVERS\jraid.sys R0 mksidsa;mksidsa;C:\WINDOWS\system32\mksidsa.sys R0 speedfan;speedfan;C:\WINDOWS\system32\speedfan.sys R1 cdrblock;cdrblock;C:\WINDOWS\system32\DRIVERS\cdrblock.sys R1 cdrport;cdrport;C:\WINDOWS\system32\DRIVERS\cdrport.sys R1 mksfwallt;mksfwallt;??\C:\WINDOWS\system32\mksfwallt.sys R2 MksFwall;MksFwall;“C:\Program Files\mks_vir_2007\bin\MksFwall.exe” R2 MksPC;MksPC;“C:\Program Files\mks_vir_2007\bin\MksPC.exe” R2 MksUpdate;MksUpdate;“C:\Program Files\mks_vir_2007\bin\mksupdate.exe” R3 ASUSVRC;ASUSTeK Virtual Capture Device;C:\WINDOWS\system32\DRIVERS\AsusVRC.sys R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys R3 mksfwallf;mksfwallf;??\C:\WINDOWS\system32\mksfwallf.sys R3 mksidsf;mksidsf;??\C:\WINDOWS\system32\mksidsf.sys R3 MksMonEn;MksMonEn;??\C:\Program Files\mks_vir_2007\bin\MksMonEn.sys R3 MksMonEv;MksMonEv;??\C:\Program Files\mks_vir_2007\bin\MksMonEv.sys R3 MksMonFd;MksMonFd;??\C:\Program Files\mks_vir_2007\bin\MksMonFd.sys R3 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\moufiltr.sys R3 NVR0Dev;NVR0Dev;??\C:\WINDOWS\nvoclock.sys R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys S1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb32.sys S3 AVCSTRM;AVC Streaming Filter Driver;C:\WINDOWS\system32\DRIVERS\avcstrm.sys S3 MSTAPE;Microsoft AV/C Tape Subunit Device;C:\WINDOWS\system32\DRIVERS\mstape.sys S3 SIWIO;SIWIO;??\C:\WINDOWS\TEMP\SiwIo.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{efee550e-2d7a-11dc-8347-001bfc535db8}] AutoRun\command- O:\USBNB.exe *Newly Created Service* - CATCHME ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-14 10:06:18 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-14 10:06:41 C:\ComboFix2.txt … 2007-08-14 09:58 — E O F —

jessica · 14 Sierpień 2007 08:51

Ja nie widzę w logu nic podejrzanego.

W poprzednim logu z Sillenta był ten w/w wpis.

Spróbujemy to naprawić, ale raczej się nie uda, bo ten napis “Remove Task Manager” sugeruje, że w ogóle nie masz już Managera Zadań.

Do Notatnika wklej:

Windows Registry Editor Version 5.00 


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] 

"DisableTaskMgr"=dword:00000000 


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System] 

"DisableTaskMgr"=dword:00000000 

"**del.DisableTaskMgr"=" " 


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] 

"DisableTaskMgr"=dword:00000000

Z menu Notatnika >>> Plik >>> Zapisz jako >>> Ustaw rozszerzenie na Wszystkie pliki >>> Zapisz jako FIX.REG >>>

plik uruchom (dwuklik i OK).

Zrestartuj komputer.

Daj nowy log z Sillenta lub napisz, czy działa Manager Zadań.

.

avenger63 · 14 Sierpień 2007 11:27

Dzieki task manager pojawił się

Jeszcze tylko muszę zmienić denerwującą muzyczkę przy logowaniu i wszystko jeszcze raz przeskanować

Przesyłam silent runnera dla potwierdzenia czy wszystko jest Ok

Pozdrawiam i dzięki za pomoc

“Silent Runners.vbs”, revision 52, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS] “ctfmon.exe” = “C:\WINDOWS\system32\ctfmon.exe” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Adobe Photo Downloader” = ““C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe”” [“Adobe Systems Incorporated”] “nod32kui” = ““C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE” [file not found] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “CloneCDTray” = ““C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” /s” [“SlySoft, Inc.”] “Launch PC Probe II” = ““C:\Program Files\ASUS\PC Probe II\Probe2.exe” 1” [“ASUS”] “RTHDCPL” = “RTHDCPL.EXE” [“Realtek Semiconductor Corp.”] “QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “TrojanScanner” = “C:\Program Files\Trojan Remover\Trjscan.exe” [file not found] “mkstray” = “C:\Program Files\mks_vir_2007\bin\mkstray.exe” [“MKS Sp z o.o.”] “mks_mail” = “C:\Program Files\mks_vir_2007\bin\mks_mail.exe” [“MkS Sp. z o.o.”] “MKSRegmon” = “C:\Program Files\mks_vir_2007\bin\mksregmon.exe” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{EFA24E62-B078-11d0-89E4-00C04FC9E26E}” = “History Band” -> {HKLM…CLSID} = “History Band” \InProcServer32(Default) = “C:\WINDOWS\system32\shdocvw.dll” [MS] “{B327765E-D724-4347-8B16-78AE18552FC3}” = “NeroDigitalIconHandler” -> {HKLM…CLSID} = “NeroDigitalIconHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [file not found] “{7F1CF152-04F8-453A-B34C-E609530A9DC8}” = “NeroDigitalPropSheetHandler” -> {HKLM…CLSID} = “NeroDigitalPropSheetHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [file not found] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{DBD8E168-244D-448C-9922-25508950D1DC}” = “Ulead UDF Driver” -> {HKLM…CLSID} = “USIShellExt Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ulead Systems\DVD\USIShex.dll” [“Ulead Systems, Inc.”] “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” = “NOD32 Context Menu Shell Extension” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” [file not found] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\msohev.dll” [MS] “{1DCD19FE-51F1-44BF-90F7-26F4D1944755}” = “Direct Audio Converter & CD Ripper Menu Shell Extension” -> {HKLM…CLSID} = “Direct Audio Converter & CD Ripper Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\DIRECT~1\cmenu1.dll” [null data] “{52B87208-9CCF-42C9-B88E-069281105805}” = “Trojan Remover Shell Extension” -> {HKLM…CLSID} = “Trojan Remover Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\TROJAN~1\Trshlex.dll” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}” -> {HKLM…CLSID} = “WPDShServiceObj Class” \InProcServer32(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}(Default) = “NeroDigitalExt.NeroDigitalColumnHandler” -> {HKLM…CLSID} = “NeroDigitalColumnHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [file not found] {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ MkS_Vir(Default) = “{E64226E0-9DA1-479E-8265-8D65BA327BD4}” -> {HKLM…CLSID} = “MkS_Vir Shell Extension” \InProcServer32(Default) = “C:\Program Files\mks_vir_2007\bin\mksshell.dll” [null data] NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” [file not found] Trojan Remover(Default) = “{52B87208-9CCF-42C9-B88E-069281105805}” -> {HKLM…CLSID} = “Trojan Remover Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\TROJAN~1\Trshlex.dll” [file not found] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ MkS_Vir(Default) = “{E64226E0-9DA1-479E-8265-8D65BA327BD4}” -> {HKLM…CLSID} = “MkS_Vir Shell Extension” \InProcServer32(Default) = “C:\Program Files\mks_vir_2007\bin\mksshell.dll” [null data] NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” [file not found] Trojan Remover(Default) = “{52B87208-9CCF-42C9-B88E-069281105805}” -> {HKLM…CLSID} = “Trojan Remover Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\TROJAN~1\Trshlex.dll” [file not found] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “NoChangeStartMenu” = (REG_DWORD) hex:0x00000001 {unrecognized setting} “NoClose” = (REG_DWORD) hex:0x00000001 {unrecognized setting} “NoLogOff” = (REG_DWORD) hex:0x00000001 {Disable Logoff} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “DisableTaskMgr” = (REG_DWORD) hex:0x00000000 {Remove Task Manager} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} “DisableTaskMgr” = (REG_DWORD) hex:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\MY\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Startup items in “MY” & “All Users” startup folders: ---------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Reader Speed Launch” -> shortcut to: “C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] “Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\Program Files\mks_vir_2007\bin\mkslsp.dll [null data], 01 - 03, 19 %SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 09 - 18 %SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08 C:\WINDOWS\system32\imon.dll ["Eset "], 20 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{F2CF5485-4E02-4F68-819C-B92DE9277049}” -> {HKLM…CLSID} = “&Links” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {E2E2DD38-D088-4134-82B7-F2BA38496583}\ “MenuText” = “@xpsp3res.dll,-20001” “Exec” = “%windir%\Network Diagnostic\xpnetdiag.exe” [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Adobe Active File Monitor V5, AdobeActiveFileMonitor5.0, “C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe” [null data] ATK Keyboard Service, ATKKeyboardService, “C:\WINDOWS\ATKKBService.exe” [“ASUSTeK COMPUTER INC.”] Karta wydajności WMI, WmiApSrv, “C:\WINDOWS\system32\wbem\wmiapsrv.exe” [MS] LightScribeService Direct Disc Labeling Service, LightScribeService, ““C:\Program Files\Common Files\LightScribe\LSSrvc.exe”” [“Hewlett-Packard Company”] Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe”” [MS] MkS_Scan, MkS_Scan, “C:\Program Files\mks_vir_2007\bin\mks_scan.exe” [empty string] mks_vir file monitor, MksVirMonSvc, “C:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe” [null data] MksFwall, MksFwall, ““C:\Program Files\mks_vir_2007\bin\MksFwall.exe”” [“MKS Sp z o.o.”] MksPC, MksPC, ““C:\Program Files\mks_vir_2007\bin\MksPC.exe”” [null data] MksUpdate, MksUpdate, ““C:\Program Files\mks_vir_2007\bin\mksupdate.exe”” [“MKS Sp. z o. o.”] nTune Service, nTuneService, “C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe /StartService” [“NVIDIA”] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] Ulead Burning Helper, UleadBurningHelper, “C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe” [“Ulead Systems, Inc.”] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ EPSON V6 2KMonitor\Driver = “EBPMON24.DLL” [“SEIKO EPSON CORPORATION”] ---------- (launch time: 2007-08-14 13:24:23) + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 34 seconds, including 18 seconds for message boxes) Pozdrawiam

jessica · 14 Sierpień 2007 11:38

Tak, log z Sillenta to potwierdza, że “Manager” jest już OK.

Natomiast nie potrafię dostrzec, co powoduje pozostałe Twoje problemy.

.

qrczak13 · 14 Sierpień 2007 22:00

Jeszcze skan AVG AntySpyware 7.5 po update, wklej raport ze skanowania.