Wirus przez link gg


(Gimeczek) #1

Witam. Widziałem że pomogliście poprzednikom. Proszę o pomoc. Bo mi się już momentami komp wiesza i nie uruchamia Windows.

Zaczęło się od tego że z kumpla nr gg cos wyslalo mi link i ja kliknalem. I się zaczęło. Pisze do kogoś a on tego nie widzi a ja widze co on do mnie pisze. Prawdopodobnie moje GG tez to rozsyla.

Prosze POMOCY! !!

Marcin

Logfile of HijackThis v1.99.1

Scan saved at 23:00:34, on 2006-12-27

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Ahead\InCD\InCDsrv.exe

D:\WINDOWS\system32\spoolsv.exe

D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

D:\WINDOWS\system32\svchost.exe

D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

D:\Program Files\Ahead\InCD\InCD.exe

D:\PROGRA~1\NEOSTR~1\CnxMon.exe

D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

D:\WINDOWS\system32\wscntfy.exe

D:\Program Files\Winamp\Winampa.exe

D:\Program Files\Common Files\Real\Update_OB\evntsvc.exe

D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

D:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe

D:\Program Files\VIA\RAID\raid_tool.exe

D:\Program Files\Corel\Graphics9\Register\Remind32.exe

G:\mksvir2006demo.exe

D:\DOCUME~1\Fares\USTAWI~1\Temp\RarSFX3\wincheck.exe

G:\mksvir2006demo.exe

D:\DOCUME~1\Fares\USTAWI~1\Temp\RarSFX4\wincheck.exe

D:\Program Files\Neostrada TP\NeostradaTP.exe

D:\Program Files\Neostrada TP\ComComp.exe

D:\Program Files\Neostrada TP\Watch.exe

D:\WINDOWS\system32\rundll32.exe

G:\mksvir2006demo.exe

D:\DOCUME~1\Fares\USTAWI~1\Temp\RarSFX5\wincheck.exe

D:\WINDOWS\system32\msiexec.exe

D:\Program Files\WinRAR\WinRAR.exe

D:\DOCUME~1\Fares\USTAWI~1\Temp\Rar$EX00.453\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.studniowka2007.republika.pl/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ATIPTA] "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [WooCnxMon] D:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\Winampa.exe"

O4 - HKLM\..\Run: [Easy-PrintToolBox] D:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [TkBellExe] D:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [ISUSPM Startup] "D:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Komunikator] "F:\Program Files\Tlen.pl\tlen.exe" 

O4 - Startup: Rejestrowanie produktów Corela.lnk = D:\Program Files\Corel\Graphics9\Register\Remind32.exe

O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = D:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe

O4 - Global Startup: VIA RAID TOOL.lnk = D:\Program Files\VIA\RAID\raid_tool.exe

O8 - Extra context menu item: Eksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167208814484

O17 - HKLM\System\CCS\Services\Tcpip\..\{D88F3DCE-B1B9-4623-9DAD-74186DCEB995}: NameServer = 194.204.152.34 217.98.63.164

O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

(adam9870) #2

Użyj ATF Cleaner i przeczyść Current User Temp oraz All Users Temp.

Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (wszystkie znaczki maja być na zielono, jeżeli któryś z nich będzie na żółto to go zostaw). Po użyciu narzędzia wymagany jest restart.

Po wykonaniu pokaż nowy log z hjt oraz SilentRunners.


(Gimeczek) #3

Pierwszy:

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "D:\WINDOWS\system32\ctfmon.exe" [MS]

"Komunikator" = ""F:\Program Files\Tlen.pl\tlen.exe" " ["o2.pl Sp. z o.o."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"ATIPTA" = ""D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."]

"RemoteControl" = ""D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]

"InCD" = "D:\Program Files\Ahead\InCD\InCD.exe" ["Nero AG"]

"NeroFilterCheck" = "D:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"WooCnxMon" = "D:\PROGRA~1\NEOSTR~1\CnxMon.exe" [empty string]

"SpeedTouch USB Diagnostics" = ""D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]

"WOOWATCH" = "D:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"]

"WOOTASKBARICON" = "D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" ["France Télécom R&D"]

"SunJavaUpdateSched" = ""D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"AVG7_CC" = "D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]

"WinampAgent" = ""D:\Program Files\Winamp\Winampa.exe"" [null data]

"Easy-PrintToolBox" = "D:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon" ["CANON INC."]

"TkBellExe" = "D:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot" ["RealNetworks, Inc."]

"ISUSPM Startup" = ""D:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup" ["Macrovision Corporation"]

"ISUSScheduler" = ""D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start" ["Macrovision Corporation"]

"QuickTime Task" = ""D:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

"UDC Integration" = "(empty string)" [file not found]

"KernelFaultCheck" = "D:\WINDOWS\system32\dumprep 0 -k"


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "AcroIEHlprObj Class"

                   \InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "D:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"

  -> {HKLM...CLSID} = "Shell Extension for CDRW"

                   \InProcServer32\(Default) = "D:\Program Files\Ahead\InCD\incdshx.dll" ["Nero AG"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

                   \InProcServer32\(Default) = "D:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "D:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

  -> {HKLM...CLSID} = "Portable Media Devices Menu"

                   \InProcServer32\(Default) = "D:\WINDOWS\system32\Audiodev.dll" [MS]

"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"

  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"

                   \InProcServer32\(Default) = "D:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"

  -> {HKLM...CLSID} = "AVG7 Find Extension Class"

                   \InProcServer32\(Default) = "D:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"

  -> {HKLM...CLSID} = "AlcoholShellEx"

                   \InProcServer32\(Default) = "D:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

  -> {HKLM...CLSID} = "RealOne Player Context Menu Class"

                   \InProcServer32\(Default) = "D:\Program Files\Real\RealOne Player\rpplugins\ierpplug.dll" ["RealNetworks"]

"{FED7043D-346A-414D-ACD7-550D052499A7}" = "dBpowerAMP Music Converter 1"

  -> {HKLM...CLSID} = "dBpShell Class"

                   \InProcServer32\(Default) = "D:\Program Files\Illustrate\dBpowerAMP\dBShell.dll" [empty string]

"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpowerAMP Music Converter"

  -> {HKLM...CLSID} = "dMCIShell Class"

                   \InProcServer32\(Default) = "D:\Program Files\Illustrate\dBpowerAMP\dMCShell.dll" [empty string]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]


HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{FED7043D-346A-414D-ACD7-550D052499A7}\(Default) = "dBpowerAMP Column Handler"

  -> {HKLM...CLSID} = "dBpShell Class"

                   \InProcServer32\(Default) = "D:\Program Files\Illustrate\dBpowerAMP\dBShell.dll" [empty string]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"

                   \InProcServer32\(Default) = "D:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"

                   \InProcServer32\(Default) = "D:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]



Group Policies {policy setting}:

--------------------------------


Note: detected settings may not have any effect.


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Devices: Allow undock without having to log on}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "D:\Documents and Settings\Fares\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Startup items in "Fares" & "All Users" startup folders:

-------------------------------------------------------


D:\Documents and Settings\Fares\Menu Start\Programy\Autostart

"Rejestrowanie produktów Corela" -> shortcut to: "D:\Program Files\Corel\Graphics9\Register\Remind32.exe" ["IntelliQuest Communications, Inc."]


D:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"Microsoft Office" -> shortcut to: "D:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]

"Ulead Photo Express 4.0 SE Calendar Checker " -> shortcut to: "D:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe" ["Ulead Systems, Inc."]

"VIA RAID TOOL" -> shortcut to: "D:\Program Files\VIA\RAID\raid_tool.exe" ["VIA"]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint"

  -> {HKLM...CLSID} = "Easy-WebPrint"

                   \InProcServer32\(Default) = "D:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data]


Explorer Bars


HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\


HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\(Default) = "Volet Wanadoo"

Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32\(Default) = "D:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]


HKLM\Software\Classes\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}\(Default) = "Easy-WebPrint"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "D:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data]


HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\(Default) = "ToolBand Class"

Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32\(Default) = "D:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]


HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\(Default) = "Volet Wanadoo"

Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32\(Default) = "D:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}"

  -> {HKCU...CLSID} = "Java Plug-in 1.5.0_09"

                   \InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]

  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_09"

                   \InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll" ["Sun Microsystems, Inc."]


{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "D:\Program Files\Messenger\msmsgs.exe" [MS]



Miscellaneous IE Hijack Points

------------------------------


HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

<> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)

  -> {HKLM...CLSID} = "Search Class"

                   \InProcServer32\(Default) = "D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


.NET Runtime Optimization Service v2.0.50727_X86, clr_optimization_v2.0.50727_32, "D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe" [MS]

Ati HotKey Poller, Ati HotKey Poller, "D:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]

AVG E-mail Scanner, AVGEMS, "D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]

AVG7 Alert Manager Server, Avg7Alrt, "D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]

AVG7 Update Service, Avg7UpdSvc, "D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]

InCD Helper, InCDsrv, "D:\Program Files\Ahead\InCD\InCDsrv.exe" ["Nero AG"]

StarWind iSCSI Service, StarWindService, "D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]

Sunbelt Kerio Personal Firewall 4, KPF4, ""D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"" ["Sunbelt Software"]

Ulead Burning Helper, UleadBurningHelper, "D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe" ["Ulead Systems, Inc."]

Windows User Mode Driver Framework, UMWdf, "D:\WINDOWS\system32\wdfmgr.exe" [MS]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

Canon BJ Language Monitor PIXMA iP2000\Driver = "CNMLM66.DLL" ["CANON INC."]

UDC\Driver = "udcpm.dll" ["fCoder Group, Inc."]



----------

<>: Suspicious data at a malware launch point.

<>: Suspicious data at a browser hijack point.


+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points, use the -supp parameter or answer "No" at the

  first message box and "Yes" at the second message box.

---------- (total run time: 54 seconds, including 9 seconds for message boxes)

i z hjt:

Logfile of HijackThis v1.99.1

Scan saved at 23:44:03, on 2006-12-27

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Ahead\InCD\InCDsrv.exe

D:\WINDOWS\system32\spoolsv.exe

D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

D:\WINDOWS\system32\svchost.exe

D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\system32\wscntfy.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

D:\WINDOWS\SOUNDMAN.EXE

D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

D:\Program Files\Ahead\InCD\InCD.exe

D:\PROGRA~1\NEOSTR~1\CnxMon.exe

D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

D:\Program Files\Winamp\Winampa.exe

D:\Program Files\Common Files\Real\Update_OB\evntsvc.exe

D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe

D:\Program Files\VIA\RAID\raid_tool.exe

D:\Program Files\Corel\Graphics9\Register\Remind32.exe

D:\Program Files\Neostrada TP\NeostradaTP.exe

D:\Program Files\Neostrada TP\ComComp.exe

D:\Program Files\Neostrada TP\Watch.exe

D:\Program Files\Opera\Opera.exe

D:\DOCUME~1\Fares\USTAWI~1\Temp\Rar$EX00.407\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.studniowka2007.republika.pl/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ATIPTA] "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [WooCnxMon] D:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\Winampa.exe"

O4 - HKLM\..\Run: [Easy-PrintToolBox] D:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [TkBellExe] D:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [ISUSPM Startup] "D:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Komunikator] "F:\Program Files\Tlen.pl\tlen.exe" 

O4 - Startup: Rejestrowanie produktów Corela.lnk = D:\Program Files\Corel\Graphics9\Register\Remind32.exe

O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = D:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe

O4 - Global Startup: VIA RAID TOOL.lnk = D:\Program Files\VIA\RAID\raid_tool.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167208814484

O17 - HKLM\System\CCS\Services\Tcpip\..\{D88F3DCE-B1B9-4623-9DAD-74186DCEB995}: NameServer = 194.204.152.34 217.98.63.164

O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

(adam9870) #4

Logi są ok.

Czy problemy, o których wspomniałeś w pierwszym poście ustąpiły?

Możesz zajrzeć: Optymalizacja i odchudzanie Windowsa XP.


(Gimeczek) #5

wlaczylem Tlen z GG i jak pisze do kogos na TLENIE to normalnie idzie rozmawiac. Ale GG dalej stoi. Jak ktoś do mnie pisze z GG to czytam a jak ja piszę komuś to on tego w ogóle nie dostaje.

Wysyłam jeszcze raz te logi:

Logfile of HijackThis v1.99.1

Scan saved at 00:05:13, on 2006-12-28

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Ahead\InCD\InCDsrv.exe

D:\WINDOWS\system32\spoolsv.exe

D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

D:\WINDOWS\SOUNDMAN.EXE

D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

D:\Program Files\Ahead\InCD\InCD.exe

D:\PROGRA~1\NEOSTR~1\CnxMon.exe

D:\WINDOWS\system32\wscntfy.exe

D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

D:\Program Files\Winamp\Winampa.exe

D:\Program Files\Common Files\Real\Update_OB\evntsvc.exe

D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe

D:\Program Files\VIA\RAID\raid_tool.exe

D:\Program Files\Corel\Graphics9\Register\Remind32.exe

D:\Program Files\Neostrada TP\NeostradaTP.exe

D:\Program Files\Neostrada TP\ComComp.exe

D:\Program Files\Neostrada TP\Watch.exe

F:\Program Files\Tlen.pl\tlen.exe

D:\Program Files\Opera\Opera.exe

D:\DOCUME~1\Fares\USTAWI~1\Temp\Rar$EX00.672\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.studniowka2007.republika.pl/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ATIPTA] "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [WooCnxMon] D:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\Winampa.exe"

O4 - HKLM\..\Run: [Easy-PrintToolBox] D:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [TkBellExe] D:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [ISUSPM Startup] "D:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Komunikator] "F:\Program Files\Tlen.pl\tlen.exe" 

O4 - Startup: Rejestrowanie produktów Corela.lnk = D:\Program Files\Corel\Graphics9\Register\Remind32.exe

O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = D:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe

O4 - Global Startup: VIA RAID TOOL.lnk = D:\Program Files\VIA\RAID\raid_tool.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167208814484

O17 - HKLM\System\CCS\Services\Tcpip\..\{D88F3DCE-B1B9-4623-9DAD-74186DCEB995}: NameServer = 194.204.152.34 217.98.63.164

O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

i drugi:

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "D:\WINDOWS\system32\ctfmon.exe" [MS]

"Komunikator" = ""F:\Program Files\Tlen.pl\tlen.exe" " ["o2.pl Sp. z o.o."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"ATIPTA" = ""D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."]

"RemoteControl" = ""D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]

"InCD" = "D:\Program Files\Ahead\InCD\InCD.exe" ["Nero AG"]

"NeroFilterCheck" = "D:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"WooCnxMon" = "D:\PROGRA~1\NEOSTR~1\CnxMon.exe" [empty string]

"SpeedTouch USB Diagnostics" = ""D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]

"WOOWATCH" = "D:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"]

"WOOTASKBARICON" = "D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" ["France Télécom R&D"]

"SunJavaUpdateSched" = ""D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"AVG7_CC" = "D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]

"WinampAgent" = ""D:\Program Files\Winamp\Winampa.exe"" [null data]

"Easy-PrintToolBox" = "D:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon" ["CANON INC."]

"TkBellExe" = "D:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot" ["RealNetworks, Inc."]

"ISUSPM Startup" = ""D:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup" ["Macrovision Corporation"]

"ISUSScheduler" = ""D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start" ["Macrovision Corporation"]

"QuickTime Task" = ""D:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

"UDC Integration" = "(empty string)" [file not found]

"KernelFaultCheck" = "D:\WINDOWS\system32\dumprep 0 -k"


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "AcroIEHlprObj Class"

                   \InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "D:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"

  -> {HKLM...CLSID} = "Shell Extension for CDRW"

                   \InProcServer32\(Default) = "D:\Program Files\Ahead\InCD\incdshx.dll" ["Nero AG"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

                   \InProcServer32\(Default) = "D:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "D:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

  -> {HKLM...CLSID} = "Portable Media Devices Menu"

                   \InProcServer32\(Default) = "D:\WINDOWS\system32\Audiodev.dll" [MS]

"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"

  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"

                   \InProcServer32\(Default) = "D:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"

  -> {HKLM...CLSID} = "AVG7 Find Extension Class"

                   \InProcServer32\(Default) = "D:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"

  -> {HKLM...CLSID} = "AlcoholShellEx"

                   \InProcServer32\(Default) = "D:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

  -> {HKLM...CLSID} = "RealOne Player Context Menu Class"

                   \InProcServer32\(Default) = "D:\Program Files\Real\RealOne Player\rpplugins\ierpplug.dll" ["RealNetworks"]

"{FED7043D-346A-414D-ACD7-550D052499A7}" = "dBpowerAMP Music Converter 1"

  -> {HKLM...CLSID} = "dBpShell Class"

                   \InProcServer32\(Default) = "D:\Program Files\Illustrate\dBpowerAMP\dBShell.dll" [empty string]

"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpowerAMP Music Converter"

  -> {HKLM...CLSID} = "dMCIShell Class"

                   \InProcServer32\(Default) = "D:\Program Files\Illustrate\dBpowerAMP\dMCShell.dll" [empty string]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]


HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{FED7043D-346A-414D-ACD7-550D052499A7}\(Default) = "dBpowerAMP Column Handler"

  -> {HKLM...CLSID} = "dBpShell Class"

                   \InProcServer32\(Default) = "D:\Program Files\Illustrate\dBpowerAMP\dBShell.dll" [empty string]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"

                   \InProcServer32\(Default) = "D:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"

                   \InProcServer32\(Default) = "D:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]



Group Policies {policy setting}:

--------------------------------


Note: detected settings may not have any effect.


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Devices: Allow undock without having to log on}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "D:\Documents and Settings\Fares\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Startup items in "Fares" & "All Users" startup folders:

-------------------------------------------------------


D:\Documents and Settings\Fares\Menu Start\Programy\Autostart

"Rejestrowanie produktów Corela" -> shortcut to: "D:\Program Files\Corel\Graphics9\Register\Remind32.exe" ["IntelliQuest Communications, Inc."]


D:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"Microsoft Office" -> shortcut to: "D:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]

"Ulead Photo Express 4.0 SE Calendar Checker " -> shortcut to: "D:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe" ["Ulead Systems, Inc."]

"VIA RAID TOOL" -> shortcut to: "D:\Program Files\VIA\RAID\raid_tool.exe" ["VIA"]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint"

  -> {HKLM...CLSID} = "Easy-WebPrint"

                   \InProcServer32\(Default) = "D:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data]


Explorer Bars


HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\


HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\(Default) = "Volet Wanadoo"

Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32\(Default) = "D:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]


HKLM\Software\Classes\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}\(Default) = "Easy-WebPrint"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "D:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data]


HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\(Default) = "ToolBand Class"

Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32\(Default) = "D:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]


HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\(Default) = "Volet Wanadoo"

Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32\(Default) = "D:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}"

  -> {HKCU...CLSID} = "Java Plug-in 1.5.0_09"

                   \InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]

  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_09"

                   \InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll" ["Sun Microsystems, Inc."]


{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "D:\Program Files\Messenger\msmsgs.exe" [MS]



Miscellaneous IE Hijack Points

------------------------------


HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

<> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)

  -> {HKLM...CLSID} = "Search Class"

                   \InProcServer32\(Default) = "D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


.NET Runtime Optimization Service v2.0.50727_X86, clr_optimization_v2.0.50727_32, "D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe" [MS]

Ati HotKey Poller, Ati HotKey Poller, "D:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]

AVG E-mail Scanner, AVGEMS, "D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]

AVG7 Alert Manager Server, Avg7Alrt, "D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]

AVG7 Update Service, Avg7UpdSvc, "D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]

InCD Helper, InCDsrv, "D:\Program Files\Ahead\InCD\InCDsrv.exe" ["Nero AG"]

StarWind iSCSI Service, StarWindService, "D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]

Sunbelt Kerio Personal Firewall 4, KPF4, ""D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"" ["Sunbelt Software"]

Ulead Burning Helper, UleadBurningHelper, "D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe" ["Ulead Systems, Inc."]

Windows User Mode Driver Framework, UMWdf, "D:\WINDOWS\system32\wdfmgr.exe" [MS]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

Canon BJ Language Monitor PIXMA iP2000\Driver = "CNMLM66.DLL" ["CANON INC."]

UDC\Driver = "udcpm.dll" ["fCoder Group, Inc."]



----------

<>: Suspicious data at a malware launch point.

<>: Suspicious data at a browser hijack point.


+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points, use the -supp parameter or answer "No" at the

  first message box and "Yes" at the second message box.

---------- (total run time: 45 seconds, including 2 seconds for message boxes)

MOŻE TRZEBA JESZCZE RAZ TLENA ŚCIĄGNĄĆ I ZAINSTALOWAĆ?

nie wiesz może co mi grozi jak złapałem ten syf? widze ze to popularne ostanio. Komp sie już nie muli przynajmniej. tylko to GG nie dziala dobrze


(Joan Sunshine) #6

Tak jak pisał Adam - czysto. Może masz tymczasowego bana na gg, musisz poczekać.

Przeczyść rejestr – użyj do tego jv16 PowerTools 2006 1.5.2.344.

Pozatym przejrzyj: Lista zbędników w autostarcie oraz Optymalizacja XP.

Wejdź: Start > uruchom > msconfig i w zakładce „Uruchamianie” odznacz, niepotrzebne według Ciebie, programy w autostarcie. :slight_smile:


(Gimeczek) #7

Dziekuje wam! Napisałem do admin GG zeby sprawdzili moj nr. Dzieki ze jestescie i pomagacie ludzia takim laikom jak ja! Ktoś mi kiedys powiedział: zanim zrobisz FORMAT C spróbuj walczyć i sie nie poddawaj.

JESZCZE RAZ DZIĘKI! !!