Wirus przez link gg

Witam. Widziałem że pomogliście poprzednikom. Proszę o pomoc. Bo mi się już momentami komp wiesza i nie uruchamia Windows.

Zaczęło się od tego że z kumpla nr gg cos wyslalo mi link i ja kliknalem. I się zaczęło. Pisze do kogoś a on tego nie widzi a ja widze co on do mnie pisze. Prawdopodobnie moje GG tez to rozsyla.

Prosze POMOCY! !!

Marcin

Logfile of HijackThis v1.99.1

Scan saved at 23:00:34, on 2006-12-27

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Ahead\InCD\InCDsrv.exe

D:\WINDOWS\system32\spoolsv.exe

D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

D:\WINDOWS\system32\svchost.exe

D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

D:\Program Files\Ahead\InCD\InCD.exe

D:\PROGRA~1\NEOSTR~1\CnxMon.exe

D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

D:\WINDOWS\system32\wscntfy.exe

D:\Program Files\Winamp\Winampa.exe

D:\Program Files\Common Files\Real\Update_OB\evntsvc.exe

D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

D:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe

D:\Program Files\VIA\RAID\raid_tool.exe

D:\Program Files\Corel\Graphics9\Register\Remind32.exe

G:\mksvir2006demo.exe

D:\DOCUME~1\Fares\USTAWI~1\Temp\RarSFX3\wincheck.exe

G:\mksvir2006demo.exe

D:\DOCUME~1\Fares\USTAWI~1\Temp\RarSFX4\wincheck.exe

D:\Program Files\Neostrada TP\NeostradaTP.exe

D:\Program Files\Neostrada TP\ComComp.exe

D:\Program Files\Neostrada TP\Watch.exe

D:\WINDOWS\system32\rundll32.exe

G:\mksvir2006demo.exe

D:\DOCUME~1\Fares\USTAWI~1\Temp\RarSFX5\wincheck.exe

D:\WINDOWS\system32\msiexec.exe

D:\Program Files\WinRAR\WinRAR.exe

D:\DOCUME~1\Fares\USTAWI~1\Temp\Rar$EX00.453\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.studniowka2007.republika.pl/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ATIPTA] "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [WooCnxMon] D:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\Winampa.exe"

O4 - HKLM\..\Run: [Easy-PrintToolBox] D:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [TkBellExe] D:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [ISUSPM Startup] "D:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Komunikator] "F:\Program Files\Tlen.pl\tlen.exe" 

O4 - Startup: Rejestrowanie produktów Corela.lnk = D:\Program Files\Corel\Graphics9\Register\Remind32.exe

O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = D:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe

O4 - Global Startup: VIA RAID TOOL.lnk = D:\Program Files\VIA\RAID\raid_tool.exe

O8 - Extra context menu item: Eksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167208814484

O17 - HKLM\System\CCS\Services\Tcpip\..\{D88F3DCE-B1B9-4623-9DAD-74186DCEB995}: NameServer = 194.204.152.34 217.98.63.164

O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Użyj ATF Cleaner i przeczyść Current User Temp oraz All Users Temp.

Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (wszystkie znaczki maja być na zielono, jeżeli któryś z nich będzie na żółto to go zostaw). Po użyciu narzędzia wymagany jest restart.

Po wykonaniu pokaż nowy log z hjt oraz SilentRunners.

Pierwszy:

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "D:\WINDOWS\system32\ctfmon.exe" [MS]

"Komunikator" = ""F:\Program Files\Tlen.pl\tlen.exe" " ["o2.pl Sp. z o.o."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"ATIPTA" = ""D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."]

"RemoteControl" = ""D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]

"InCD" = "D:\Program Files\Ahead\InCD\InCD.exe" ["Nero AG"]

"NeroFilterCheck" = "D:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"WooCnxMon" = "D:\PROGRA~1\NEOSTR~1\CnxMon.exe" [empty string]

"SpeedTouch USB Diagnostics" = ""D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]

"WOOWATCH" = "D:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"]

"WOOTASKBARICON" = "D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" ["France Télécom R&D"]

"SunJavaUpdateSched" = ""D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"AVG7_CC" = "D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]

"WinampAgent" = ""D:\Program Files\Winamp\Winampa.exe"" [null data]

"Easy-PrintToolBox" = "D:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon" ["CANON INC."]

"TkBellExe" = "D:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot" ["RealNetworks, Inc."]

"ISUSPM Startup" = ""D:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup" ["Macrovision Corporation"]

"ISUSScheduler" = ""D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start" ["Macrovision Corporation"]

"QuickTime Task" = ""D:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

"UDC Integration" = "(empty string)" [file not found]

"KernelFaultCheck" = "D:\WINDOWS\system32\dumprep 0 -k"


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "AcroIEHlprObj Class"

                   \InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "D:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"

  -> {HKLM...CLSID} = "Shell Extension for CDRW"

                   \InProcServer32\(Default) = "D:\Program Files\Ahead\InCD\incdshx.dll" ["Nero AG"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

                   \InProcServer32\(Default) = "D:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "D:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

  -> {HKLM...CLSID} = "Portable Media Devices Menu"

                   \InProcServer32\(Default) = "D:\WINDOWS\system32\Audiodev.dll" [MS]

"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"

  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"

                   \InProcServer32\(Default) = "D:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"

  -> {HKLM...CLSID} = "AVG7 Find Extension Class"

                   \InProcServer32\(Default) = "D:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"

  -> {HKLM...CLSID} = "AlcoholShellEx"

                   \InProcServer32\(Default) = "D:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

  -> {HKLM...CLSID} = "RealOne Player Context Menu Class"

                   \InProcServer32\(Default) = "D:\Program Files\Real\RealOne Player\rpplugins\ierpplug.dll" ["RealNetworks"]

"{FED7043D-346A-414D-ACD7-550D052499A7}" = "dBpowerAMP Music Converter 1"

  -> {HKLM...CLSID} = "dBpShell Class"

                   \InProcServer32\(Default) = "D:\Program Files\Illustrate\dBpowerAMP\dBShell.dll" [empty string]

"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpowerAMP Music Converter"

  -> {HKLM...CLSID} = "dMCIShell Class"

                   \InProcServer32\(Default) = "D:\Program Files\Illustrate\dBpowerAMP\dMCShell.dll" [empty string]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]


HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{FED7043D-346A-414D-ACD7-550D052499A7}\(Default) = "dBpowerAMP Column Handler"

  -> {HKLM...CLSID} = "dBpShell Class"

                   \InProcServer32\(Default) = "D:\Program Files\Illustrate\dBpowerAMP\dBShell.dll" [empty string]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"

                   \InProcServer32\(Default) = "D:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"

                   \InProcServer32\(Default) = "D:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]



Group Policies {policy setting}:

--------------------------------


Note: detected settings may not have any effect.


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Devices: Allow undock without having to log on}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "D:\Documents and Settings\Fares\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Startup items in "Fares" & "All Users" startup folders:

-------------------------------------------------------


D:\Documents and Settings\Fares\Menu Start\Programy\Autostart

"Rejestrowanie produktów Corela" -> shortcut to: "D:\Program Files\Corel\Graphics9\Register\Remind32.exe" ["IntelliQuest Communications, Inc."]


D:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"Microsoft Office" -> shortcut to: "D:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]

"Ulead Photo Express 4.0 SE Calendar Checker " -> shortcut to: "D:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe" ["Ulead Systems, Inc."]

"VIA RAID TOOL" -> shortcut to: "D:\Program Files\VIA\RAID\raid_tool.exe" ["VIA"]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint"

  -> {HKLM...CLSID} = "Easy-WebPrint"

                   \InProcServer32\(Default) = "D:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data]


Explorer Bars


HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\


HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\(Default) = "Volet Wanadoo"

Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32\(Default) = "D:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]


HKLM\Software\Classes\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}\(Default) = "Easy-WebPrint"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "D:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data]


HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\(Default) = "ToolBand Class"

Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32\(Default) = "D:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]


HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\(Default) = "Volet Wanadoo"

Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32\(Default) = "D:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}"

  -> {HKCU...CLSID} = "Java Plug-in 1.5.0_09"

                   \InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]

  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_09"

                   \InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll" ["Sun Microsystems, Inc."]


{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "D:\Program Files\Messenger\msmsgs.exe" [MS]



Miscellaneous IE Hijack Points

------------------------------


HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

<> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)

  -> {HKLM...CLSID} = "Search Class"

                   \InProcServer32\(Default) = "D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


.NET Runtime Optimization Service v2.0.50727_X86, clr_optimization_v2.0.50727_32, "D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe" [MS]

Ati HotKey Poller, Ati HotKey Poller, "D:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]

AVG E-mail Scanner, AVGEMS, "D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]

AVG7 Alert Manager Server, Avg7Alrt, "D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]

AVG7 Update Service, Avg7UpdSvc, "D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]

InCD Helper, InCDsrv, "D:\Program Files\Ahead\InCD\InCDsrv.exe" ["Nero AG"]

StarWind iSCSI Service, StarWindService, "D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]

Sunbelt Kerio Personal Firewall 4, KPF4, ""D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"" ["Sunbelt Software"]

Ulead Burning Helper, UleadBurningHelper, "D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe" ["Ulead Systems, Inc."]

Windows User Mode Driver Framework, UMWdf, "D:\WINDOWS\system32\wdfmgr.exe" [MS]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

Canon BJ Language Monitor PIXMA iP2000\Driver = "CNMLM66.DLL" ["CANON INC."]

UDC\Driver = "udcpm.dll" ["fCoder Group, Inc."]



----------

<>: Suspicious data at a malware launch point.

<>: Suspicious data at a browser hijack point.


+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points, use the -supp parameter or answer "No" at the

  first message box and "Yes" at the second message box.

---------- (total run time: 54 seconds, including 9 seconds for message boxes)

i z hjt:

Logfile of HijackThis v1.99.1

Scan saved at 23:44:03, on 2006-12-27

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Ahead\InCD\InCDsrv.exe

D:\WINDOWS\system32\spoolsv.exe

D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

D:\WINDOWS\system32\svchost.exe

D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\system32\wscntfy.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

D:\WINDOWS\SOUNDMAN.EXE

D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

D:\Program Files\Ahead\InCD\InCD.exe

D:\PROGRA~1\NEOSTR~1\CnxMon.exe

D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

D:\Program Files\Winamp\Winampa.exe

D:\Program Files\Common Files\Real\Update_OB\evntsvc.exe

D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe

D:\Program Files\VIA\RAID\raid_tool.exe

D:\Program Files\Corel\Graphics9\Register\Remind32.exe

D:\Program Files\Neostrada TP\NeostradaTP.exe

D:\Program Files\Neostrada TP\ComComp.exe

D:\Program Files\Neostrada TP\Watch.exe

D:\Program Files\Opera\Opera.exe

D:\DOCUME~1\Fares\USTAWI~1\Temp\Rar$EX00.407\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.studniowka2007.republika.pl/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ATIPTA] "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [WooCnxMon] D:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\Winampa.exe"

O4 - HKLM\..\Run: [Easy-PrintToolBox] D:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [TkBellExe] D:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [ISUSPM Startup] "D:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Komunikator] "F:\Program Files\Tlen.pl\tlen.exe" 

O4 - Startup: Rejestrowanie produktów Corela.lnk = D:\Program Files\Corel\Graphics9\Register\Remind32.exe

O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = D:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe

O4 - Global Startup: VIA RAID TOOL.lnk = D:\Program Files\VIA\RAID\raid_tool.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167208814484

O17 - HKLM\System\CCS\Services\Tcpip\..\{D88F3DCE-B1B9-4623-9DAD-74186DCEB995}: NameServer = 194.204.152.34 217.98.63.164

O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Logi są ok.

Czy problemy, o których wspomniałeś w pierwszym poście ustąpiły?

Możesz zajrzeć: Optymalizacja i odchudzanie Windowsa XP.

wlaczylem Tlen z GG i jak pisze do kogos na TLENIE to normalnie idzie rozmawiac. Ale GG dalej stoi. Jak ktoś do mnie pisze z GG to czytam a jak ja piszę komuś to on tego w ogóle nie dostaje.

Wysyłam jeszcze raz te logi:

Logfile of HijackThis v1.99.1

Scan saved at 00:05:13, on 2006-12-28

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Ahead\InCD\InCDsrv.exe

D:\WINDOWS\system32\spoolsv.exe

D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

D:\WINDOWS\SOUNDMAN.EXE

D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

D:\Program Files\Ahead\InCD\InCD.exe

D:\PROGRA~1\NEOSTR~1\CnxMon.exe

D:\WINDOWS\system32\wscntfy.exe

D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

D:\Program Files\Winamp\Winampa.exe

D:\Program Files\Common Files\Real\Update_OB\evntsvc.exe

D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe

D:\Program Files\VIA\RAID\raid_tool.exe

D:\Program Files\Corel\Graphics9\Register\Remind32.exe

D:\Program Files\Neostrada TP\NeostradaTP.exe

D:\Program Files\Neostrada TP\ComComp.exe

D:\Program Files\Neostrada TP\Watch.exe

F:\Program Files\Tlen.pl\tlen.exe

D:\Program Files\Opera\Opera.exe

D:\DOCUME~1\Fares\USTAWI~1\Temp\Rar$EX00.672\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.studniowka2007.republika.pl/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ATIPTA] "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [WooCnxMon] D:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\Winampa.exe"

O4 - HKLM\..\Run: [Easy-PrintToolBox] D:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [TkBellExe] D:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [ISUSPM Startup] "D:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Komunikator] "F:\Program Files\Tlen.pl\tlen.exe" 

O4 - Startup: Rejestrowanie produktów Corela.lnk = D:\Program Files\Corel\Graphics9\Register\Remind32.exe

O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = D:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe

O4 - Global Startup: VIA RAID TOOL.lnk = D:\Program Files\VIA\RAID\raid_tool.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167208814484

O17 - HKLM\System\CCS\Services\Tcpip\..\{D88F3DCE-B1B9-4623-9DAD-74186DCEB995}: NameServer = 194.204.152.34 217.98.63.164

O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

i drugi:

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "D:\WINDOWS\system32\ctfmon.exe" [MS]

"Komunikator" = ""F:\Program Files\Tlen.pl\tlen.exe" " ["o2.pl Sp. z o.o."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"ATIPTA" = ""D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."]

"RemoteControl" = ""D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]

"InCD" = "D:\Program Files\Ahead\InCD\InCD.exe" ["Nero AG"]

"NeroFilterCheck" = "D:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"WooCnxMon" = "D:\PROGRA~1\NEOSTR~1\CnxMon.exe" [empty string]

"SpeedTouch USB Diagnostics" = ""D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]

"WOOWATCH" = "D:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"]

"WOOTASKBARICON" = "D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" ["France Télécom R&D"]

"SunJavaUpdateSched" = ""D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"AVG7_CC" = "D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]

"WinampAgent" = ""D:\Program Files\Winamp\Winampa.exe"" [null data]

"Easy-PrintToolBox" = "D:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon" ["CANON INC."]

"TkBellExe" = "D:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot" ["RealNetworks, Inc."]

"ISUSPM Startup" = ""D:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup" ["Macrovision Corporation"]

"ISUSScheduler" = ""D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start" ["Macrovision Corporation"]

"QuickTime Task" = ""D:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

"UDC Integration" = "(empty string)" [file not found]

"KernelFaultCheck" = "D:\WINDOWS\system32\dumprep 0 -k"


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "AcroIEHlprObj Class"

                   \InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "D:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"

  -> {HKLM...CLSID} = "Shell Extension for CDRW"

                   \InProcServer32\(Default) = "D:\Program Files\Ahead\InCD\incdshx.dll" ["Nero AG"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

                   \InProcServer32\(Default) = "D:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "D:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

  -> {HKLM...CLSID} = "Portable Media Devices Menu"

                   \InProcServer32\(Default) = "D:\WINDOWS\system32\Audiodev.dll" [MS]

"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"

  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"

                   \InProcServer32\(Default) = "D:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"

  -> {HKLM...CLSID} = "AVG7 Find Extension Class"

                   \InProcServer32\(Default) = "D:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"

  -> {HKLM...CLSID} = "AlcoholShellEx"

                   \InProcServer32\(Default) = "D:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

  -> {HKLM...CLSID} = "RealOne Player Context Menu Class"

                   \InProcServer32\(Default) = "D:\Program Files\Real\RealOne Player\rpplugins\ierpplug.dll" ["RealNetworks"]

"{FED7043D-346A-414D-ACD7-550D052499A7}" = "dBpowerAMP Music Converter 1"

  -> {HKLM...CLSID} = "dBpShell Class"

                   \InProcServer32\(Default) = "D:\Program Files\Illustrate\dBpowerAMP\dBShell.dll" [empty string]

"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpowerAMP Music Converter"

  -> {HKLM...CLSID} = "dMCIShell Class"

                   \InProcServer32\(Default) = "D:\Program Files\Illustrate\dBpowerAMP\dMCShell.dll" [empty string]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]


HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{FED7043D-346A-414D-ACD7-550D052499A7}\(Default) = "dBpowerAMP Column Handler"

  -> {HKLM...CLSID} = "dBpShell Class"

                   \InProcServer32\(Default) = "D:\Program Files\Illustrate\dBpowerAMP\dBShell.dll" [empty string]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"

                   \InProcServer32\(Default) = "D:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"

                   \InProcServer32\(Default) = "D:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]



Group Policies {policy setting}:

--------------------------------


Note: detected settings may not have any effect.


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Devices: Allow undock without having to log on}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "D:\Documents and Settings\Fares\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Startup items in "Fares" & "All Users" startup folders:

-------------------------------------------------------


D:\Documents and Settings\Fares\Menu Start\Programy\Autostart

"Rejestrowanie produktów Corela" -> shortcut to: "D:\Program Files\Corel\Graphics9\Register\Remind32.exe" ["IntelliQuest Communications, Inc."]


D:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"Microsoft Office" -> shortcut to: "D:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]

"Ulead Photo Express 4.0 SE Calendar Checker " -> shortcut to: "D:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe" ["Ulead Systems, Inc."]

"VIA RAID TOOL" -> shortcut to: "D:\Program Files\VIA\RAID\raid_tool.exe" ["VIA"]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint"

  -> {HKLM...CLSID} = "Easy-WebPrint"

                   \InProcServer32\(Default) = "D:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data]


Explorer Bars


HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\


HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\(Default) = "Volet Wanadoo"

Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32\(Default) = "D:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]


HKLM\Software\Classes\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}\(Default) = "Easy-WebPrint"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "D:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data]


HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\(Default) = "ToolBand Class"

Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32\(Default) = "D:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]


HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\(Default) = "Volet Wanadoo"

Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32\(Default) = "D:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}"

  -> {HKCU...CLSID} = "Java Plug-in 1.5.0_09"

                   \InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]

  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_09"

                   \InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll" ["Sun Microsystems, Inc."]


{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "D:\Program Files\Messenger\msmsgs.exe" [MS]



Miscellaneous IE Hijack Points

------------------------------


HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

<> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)

  -> {HKLM...CLSID} = "Search Class"

                   \InProcServer32\(Default) = "D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


.NET Runtime Optimization Service v2.0.50727_X86, clr_optimization_v2.0.50727_32, "D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe" [MS]

Ati HotKey Poller, Ati HotKey Poller, "D:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]

AVG E-mail Scanner, AVGEMS, "D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]

AVG7 Alert Manager Server, Avg7Alrt, "D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]

AVG7 Update Service, Avg7UpdSvc, "D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]

InCD Helper, InCDsrv, "D:\Program Files\Ahead\InCD\InCDsrv.exe" ["Nero AG"]

StarWind iSCSI Service, StarWindService, "D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]

Sunbelt Kerio Personal Firewall 4, KPF4, ""D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"" ["Sunbelt Software"]

Ulead Burning Helper, UleadBurningHelper, "D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe" ["Ulead Systems, Inc."]

Windows User Mode Driver Framework, UMWdf, "D:\WINDOWS\system32\wdfmgr.exe" [MS]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

Canon BJ Language Monitor PIXMA iP2000\Driver = "CNMLM66.DLL" ["CANON INC."]

UDC\Driver = "udcpm.dll" ["fCoder Group, Inc."]



----------

<>: Suspicious data at a malware launch point.

<>: Suspicious data at a browser hijack point.


+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points, use the -supp parameter or answer "No" at the

  first message box and "Yes" at the second message box.

---------- (total run time: 45 seconds, including 2 seconds for message boxes)

MOŻE TRZEBA JESZCZE RAZ TLENA ŚCIĄGNĄĆ I ZAINSTALOWAĆ?

nie wiesz może co mi grozi jak złapałem ten syf? widze ze to popularne ostanio. Komp sie już nie muli przynajmniej. tylko to GG nie dziala dobrze

Tak jak pisał Adam - czysto. Może masz tymczasowego bana na gg, musisz poczekać.

Przeczyść rejestr – użyj do tego jv16 PowerTools 2006 1.5.2.344.

Pozatym przejrzyj: Lista zbędników w autostarcie oraz Optymalizacja XP.

Wejdź: Start > uruchom > msconfig i w zakładce „Uruchamianie” odznacz, niepotrzebne według Ciebie, programy w autostarcie. :slight_smile:

Dziekuje wam! Napisałem do admin GG zeby sprawdzili moj nr. Dzieki ze jestescie i pomagacie ludzia takim laikom jak ja! Ktoś mi kiedys powiedział: zanim zrobisz FORMAT C spróbuj walczyć i sie nie poddawaj.

JESZCZE RAZ DZIĘKI! !!