WWDC [Pytanie]


(JARO 33) #1

Przy włączeni tego programu wyskakuje mi coś takiego.Czy to zna czy że mam "wirusa"

wwdc6ze.th.jpg

wwdc20kv.th.jpg

Powidzcie mi jeszcze czy takie ustawieni są dobre:

wwdc36zq.th.jpg


(El Presidento) #2

Z pierwszego komunikatu wygląda na to ze twój system moze być zainfekowany, najlepiej zrobisz jak wklejisz loga hijackthis.

Ustawienia masz dobre.


(Gutek) #3

Aby wyjasnic ten komunikat zerknij w linka. Nie mamy żadnej pewności że jest infekcja, to ładnie opisała Pica - http://www.searchengines.pl/phpbb203/in ... opic=29031

Proponuję na wszelki wypadek: użyć skanerów online - Scanery do wyboru


(JARO 33) #4

Oto log:

====================================

Ostatni raz zwracam ci uwagę:

Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Proponuje poczytać TEN temat i zobacz jaka jest prośba do userów wklejających loga.

Pozdrawiam kuz5


(Gutek) #5

Czysto, jedynie może zastanawiać:

to jest znak errora, który u ciebie nastąpił. Wejście nieszkodliwe. Ten KernelFaultCheck możesz usunąć Hijackiem i całkowicie zapobiec powstawaniu tego wpisu poprzez:

Panel sterowania >>> System >>> Zaawansowne >>> Uruchamianie i odzyskiwanie

Klikasz Ustawienia i w sekcji Zapisywanie informacji o debugowaniu ustaw opcję na Brak.


(JARO 33) #6

Dzieki.Mam jeszcze jedno pytanie w rejestrze mam jakieś dziwne wpisy:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mchInjDrv

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv

Od czego one są i jak się ich pozbyć?


(Gutek) #7

o syf w katalogu C:\WINDOWS\TEMP\ może być plik mniej wiecej taki: mc2A.tmp albo mc21.tmp podobne mc2..tmp - zasada

Jak tak to w trybie awaryjnym oczyść C:\WINDOWS\ TEMP wszystko co w środku leci oraz usuń ręcznie klucze

Log z silenta proszę Silent opis: http://www.searchengines.pl/phpbb203/in ... opic=15989


(JARO 33) #8

Oto log:

"Silent Runners.vbs", revision 41, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"AutoConnect" = "C:\Program Files\AutoConnect\AutoConnect.exe" ["http://autoconnect.prv.pl"]

"SkinClock" = "C:\Program Files\Clock Tray Skins\ClockTraySkins.exe" [null data]

"SpySweeper" = ""C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0" ["Webroot Software, Inc."]

"IncrediMail" = "C:\Program Files\IncrediMail\bin\IncMail.exe /c" ["IncrediMail, Ltd."]

"SystemSafetyMonitor" = "C:\Program Files\System Safety Monitor\SYSSAFE.exe" ["System Safety"]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"SystemTray" = "SysTray.Exe" [MS]

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

"BDMCon" = "C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" ["SOFTWIN S.R.L."]

"BDOESRV" = ""C:\Program Files\Softwin\BitDefender8\bdoesrv.exe"" ["SOFTWIN SRL"]

"BDNewsAgent" = ""C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"" [null data]

"cFosSpeed" = "C:\Program Files\cFosSpeed\LoveSpeed.exe" ["Copyright @ 2000 - 2005 =NF=LOVE[BCG]"]

"TrayFactory" = "C:\Program Files\PS Tray Factory\PSTrayFactory.EXE /silent" ["PS Soft Lab"]

"tguard" = "C:\Program Files\Beniamin\tguard.exe" ["AKKORP"]

"gcasServ" = ""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" [MS]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}

"TrayFactory" = "C:\Program Files\PS Tray Factory\PSTrayFactory.exe /start" ["PS Soft Lab"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{31FF080D-12A3-439A-A2EF-4BA95A3148E8}\(Default) = "bho2gr Class" [from CLSID]

  -> {CLSID}\InProcServer32\(Default) = "F:\TATA\PROGRAMY [instalki]\GetRight\xx2gr.dll" ["Headlight Software, Inc."]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = "SSVHelper Class" [from CLSID]

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{5b4dae26-b807-11d0-9815-00c04fd91972}" = "Menu Band"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]

"{8278F931-2A3E-11d2-838F-00C04FD918D0}" = "Tracking Shell Menu"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]

"{E13EF4E4-D2F2-11d0-9816-00C04FD91972}" = "Menu Site"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]

"{ECD4FC4F-521C-11D0-B792-00A0C90312E1}" = "Menu Desk Bar"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]

"{D82BE2B0-5764-11D0-A96E-00C04FD705A2}" = "IShellFolderBand"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]

"{0E5CBF21-D15F-11d0-8301-00AA005B4383}" = "Łą&cza"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]

"{7487cd30-f71a-11d0-9ea7-00805f714772}" = "Thumbnail Image"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {CLSID}\InProcServer32\(Default) = "F:\TATA\PROGRAMY [instalki]\WinRAR\rarext.dll" [null data]

"{D653647D-D607-4DF6-A5B8-48D2BA195F7B}" = "BitDefender Antivirus v8"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Softwin\BitDefender8\bdshelxt.dll" ["SOFTWIN S.R.L."]

"{51131DA7-1D24-40e5-AE07-5E3750F5DE3C}" = "ContextMenuExt Extension"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\ContextMenuExt.dll" [null data]

"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]

"{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]

"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]

"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension"

  -> {CLSID}\InProcServer32\(Default) = ""C:\Program Files\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]

"{ABC70703-32AF-11d4-90C4-D483A70F4825}" = "CMenuExtender"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll" ["Revenger inc."]

"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"

  -> {CLSID}\InProcServer32\(Default) = "F:\TATA\PROGRA~2\Alcochol\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real Alternative\rpshell.dll" ["RealNetworks, Inc."]

"{2B3453E4-49DF-11D3-8229-0080BE509050}" = "GMail Drive"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"]

"{2B3453E4-49DF-11D3-8229-0080BE509052}" = "GMailFS Property Sheet"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"]

"{2B3453E4-49DF-11D3-8229-0080BE509054}" = "GMailFS Drop Handler"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"]

"{2B3453E4-49DF-11D3-8229-0080BE509056}" = "GMailFS Context Menu"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

  -> {CLSID}\InProcServer32\(Default) = "F:\TATA\PROGRAMY [instalki]\Microsoft Office Pro 2003\OFFICE11\msohev.dll" [MS]

"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{19F500E0-9964-11cf-B63D-08002B317C03}" = "Desktop Icon Layout"

  -> {CLSID}\InProcServer32\(Default) = "Layout.dll" ["Microsoft"]

"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"

  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]

"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS]


HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\

INFECTION WARNING! "AppInit_DLLs" = "sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll" [null data]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! RegCompact\DLLName = "RegCompact.dll" ["AMUST Software"]


HKLM\Software\Classes\PROTOCOLS\Filter\

INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

BitDefender Antivirus v8\(Default) = "{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Softwin\BitDefender8\bdshelxt.dll" ["SOFTWIN S.R.L."]

CopyMoveTo\(Default) = "{51131DA7-1D24-40e5-AE07-5E3750F5DE3C}"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\ContextMenuExt.dll" [null data]

IMMenuShellExt\(Default) = "{F8984111-38B6-11D5-8725-0050DA2761C4}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\IncrediMail\bin\IMShExt.dll" ["IncrediMail, Ltd."]

TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"

  -> {CLSID}\InProcServer32\(Default) = ""C:\Program Files\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "F:\TATA\PROGRAMY [instalki]\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

AgentRansackHere\(Default) = "{6646F704-1528-4B5C-BAB7-176FA4B5F80A}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Mythicsoft\Agent Ransack\arshellext.dll" [empty string]

CMenuExtender\(Default) = "{ABC70703-32AF-11d4-90C4-D483A70F4825}"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll" ["Revenger inc."]

CopyMoveTo\(Default) = "{51131DA7-1D24-40e5-AE07-5E3750F5DE3C}"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\ContextMenuExt.dll" [null data]

TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"

  -> {CLSID}\InProcServer32\(Default) = ""C:\Program Files\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "F:\TATA\PROGRAMY [instalki]\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

BitDefender Antivirus v8\(Default) = "{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Softwin\BitDefender8\bdshelxt.dll" ["SOFTWIN S.R.L."]

CopyMoveTo\(Default) = "{51131DA7-1D24-40e5-AE07-5E3750F5DE3C}"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\ContextMenuExt.dll" [null data]

IconLayout\(Default) = "{19F500E0-9964-11cf-B63D-08002B317C03}"

  -> {CLSID}\InProcServer32\(Default) = "Layout.dll" ["Microsoft"]

SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"

  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]

UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "F:\TATA\PROGRAMY [instalki]\WinRAR\rarext.dll" [null data]



Active Desktop and Wallpaper:

-----------------------------


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Jarek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]



Startup items in "Jarek" & "All Users" startup folders:

-------------------------------------------------------


C:\Documents and Settings\Jarek\Menu Start\Programy\Autostart

"Rainlendar" -> shortcut to: "C:\Program Files\Rainlendar\Rainlendar.exe" ["Rainy"]

"Stardock ObjectDock" -> shortcut to: "C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe" ["Stardock"]

"UberIcon" -> shortcut to: "C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe" [null data]

"Y'z ToolBar" -> shortcut to: "C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe" ["Y'z@Home"]


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe" [empty string]



Enabled Scheduled Tasks:

------------------------


"Rozpoczęcie aplikacji dostrajania" -> launches: "walign" [file not found]

"1-Click Maintenance" -> launches: "C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]

"Jarek backup" -> launches: "C:\Program Files\AMUST\Registry Cleaner\RegCleaner.exe -BACKUP" ["AMUST Software"]

"Jarek scan and fix" -> launches: "C:\Program Files\AMUST\Registry Cleaner\RegCleaner.exe -SCANFIX" ["AMUST Software"]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SYSTEMROOT%\system32\bnmndrv.dll [null data], 01 - 06, 13

%SystemRoot%\system32\mswsock.dll [MS], 07 - 10

%SystemRoot%\system32\rsvpsp.dll [MS], 11 - 12



Toolbars, Explorer Bars, Extensions:

------------------------------------


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]


{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Badanie"



Miscellaneous IE Hijack Points

------------------------------


HKLM\Software\Microsoft\Internet Explorer\AboutURLs\


Missing lines (compared with English-language version):

HIJACK WARNING! "TuneUp" = "file://C|/Documents and Settings/All Users/Dane aplikacji/TuneUp Software/Common/base.css" [file not found]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


BitDefender Communicator, XCOMM, ""C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service" ["Softwin"]

BitDefender Scan Server, bdss, ""C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service" [null data]

BitDefender Virus Shield, VSSERV, ""C:\Program Files\Softwin\BitDefender8\vsserv.exe" /service" ["SOFTWIN S.R.L."]

cFosSpeed System Service, cFosSpeedS, ""C:\Program Files\cFosSpeed\spd.exe" -service" ["cFos Software GmbH"]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

TuneUp WinStyler Theme Service, TUWinStylerThemeSvc, ""C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe"" ["TuneUp Software GmbH"]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]



----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

  use the -supp parameter or answer "No" at the first message box.

---------- (total run time: 27 seconds, including 4 seconds for message boxes)

(Gutek) #9

No jest Ok


(JARO 33) #10

Ale co mam zrobić z tymi wpisami w rejestrze:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mchInjDrv

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MCHINJDRV

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mchInjDrv

Mimo że je usuwam to po restarcie znowu się pojawiają w rejestrze.


(Gutek) #11

Nie usunołeś końcówek w tych kluczach -LEGACY_MCHINJDRV, mchInjDrv ?


(JARO 33) #12

Jesli możesz to bardo proszę żebys mi to wytłumaczył dokładniej.Jakie końcówki mam usunąć np.:

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV]

co mam usunąć s tego wpisu? :oops: :oops:

Złączono Posta : 20.12.2005 (Wto) 17:06

Które końcówki pousować?? :oops:


(Gutek) #13

strat>>>uruchom>>>regedit i przejdź do klucza: [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root obok zobaczysz LEGACY_MCHINJDRV prawoklik i usuń :wink: i tak z każdym: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services i usuń z prawokliku mchInjDrv itd.


(JARO 33) #14

Właśnie w ten sposób je wsuwam,ale po restarcie one znowu tam są.


(Gutek) #15

Przeczyściłeś tego TEMPA - C:\WINDOWS\TEMP\ usunołeś wszystko w trybie awaryjny z niego?

Nie możesz usunać(wraca) bo jakiś strażnik chroni rejestr? Np. SpySweeper wyłacz programy chroniące zmiany rejestru uwal te klucze co wyżej pokazałem :wink:


(JARO 33) #16

W trybie awaryjnym opróżniłem folder TEMP.

Wyłączyłem program Spy Sweeper i inne tego typu programy,usunąłem wpisy w rejestrze,zrestartowałem komputer i wpisy znowu są.

W trybie awaryjnym tych wpisów nie ma w rejestrze.


(Gutek) #17

A jesteś w awaryjnym jako Ty czy administrator?