Zamulony internet


(Chris Kotlowski) #1

Jestem nowy i chciałem tagże poprosić o sprawdzenie loga bo ostatnio strasznie zamulił mi się internet :frowning: proszę o proste wskazówki ponieważ jestem strasznie zielony w temacie. :frowning: A to mój log: z góry dziękuję.

"Silent Runners.vbs", revision 43, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"Spyware Doctor" = ""D:\Spyware Doctor\swdoctor.exe" /Q" ["PC Tools Research Pty Ltd"]

"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]

"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"C-Media Mixer" = "Mixer.exe /startup" ["C-Media Electronic Inc. (http://www.cmedia.com.tw)"]

"AVGCtrl" = ""C:\Program Files\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"]

"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{0055C089-8582-441B-A0BF-17B458C2A3A8}(Default) = "IDM Helper"

-> {CLSID}\InProcServer32(Default) = "D:\program files\Internet Download Manager\IDMIECC.dll" ["Internet Download Manager Corp., Tonec Inc."]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = "AcroIEHlprObj Class" [from CLSID]

-> {CLSID}\InProcServer32(Default) = "D:\Programy\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}(Default) = "PCTools Site Guard" [from CLSID]

-> {CLSID}\InProcServer32(Default) = "D:\SPYWAR~1\tools\iesdsg.dll" ["PC Tools"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = "SSVHelper Class" [from CLSID]

-> {CLSID}\InProcServer32(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

{B56A7D7D-6927-48C8-A975-17DF180C71AC}(Default) = "PCTools Browser Monitor" [from CLSID]

-> {CLSID}\InProcServer32(Default) = "D:\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

-> {CLSID}\InProcServer32(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

-> {CLSID}\InProcServer32(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

-> {CLSID}\InProcServer32(Default) = "D:\Programy\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {CLSID}\InProcServer32(Default) = "D:\programy\Microsoft Office\Office10\msohev.dll" [MS]

"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"

-> {CLSID}\InProcServer32(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {CLSID}\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{40950107-FEA6-4d53-A65F-B2DCBA57DD58}" = "Nokia Phone Browser"

-> {CLSID}\InProcServer32(Default) = "D:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]

"{FBFE7864-D495-41f0-B7DC-4BB601CC295E}" = "Contact View"

-> {CLSID}\InProcServer32(Default) = "D:\program files\Nokia\Nokia PC Suite 6\ContactView.dll" ["Nokia"]

"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}" = "Message View"

-> {CLSID}\InProcServer32(Default) = "D:\program files\Nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

-> {CLSID}\InProcServer32(Default) = "D:\program files\iTunesMiniPlayer.dll" [file not found]

"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

-> {CLSID}\InProcServer32(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

-> {CLSID}\InProcServer32(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"

-> {CLSID}\InProcServer32(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"

-> {CLSID}\InProcServer32(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [MS]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

AntiVir/Win(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"

-> {CLSID}\InProcServer32(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {CLSID}\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {CLSID}\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

AntiVir/Win(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"

-> {CLSID}\InProcServer32(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {CLSID}\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

Active Desktop and Wallpaper:


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\KRZYSIEK\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Winsock2 Service Provider DLLs:


Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll [null data], 01 - 02, 08

%SystemRoot%\system32\mswsock.dll [MS], 03 - 05, 09 - 22

%SystemRoot%\system32\rsvpsp.dll [MS], 06 - 07

Toolbars, Explorer Bars, Extensions:


Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]

-> {CLSID}\InProcServer32(Default) = "c:\program files\google\googletoolbar1.dll" [file not found]

"{07B18EA9-A523-4961-B6BB-170DE4475CCA}" = "My &Web Search" [from CLSID]

-> {CLSID}\InProcServer32(Default) = "C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL" [file not found]

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\

{21569614-B795-46B1-85F4-E737A8DC09AD}\ = "Shell Search Band" [from CLSID]

-> {CLSID}\InProcServer32(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"

-> {CLSID}\InProcServer32(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\

"ButtonText" = "Spyware Doctor"

"CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}"

-> {CLSID}\InProcServer32(Default) = "D:\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"]

Running Services (Display Name, Service Name, Path {Service DLL}):


AntiVir Service, AntiVirService, ""C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"]

AntiVir Update, AVWUpSrv, ""C:\Program Files\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]

Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS]

PC Tools Spyware Doctor, SDhelper, "D:\Spyware Doctor\sdhelp.exe" ["PC Tools Research Pty Ltd"]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

Print Monitors:


HKLM\System\CurrentControlSet\Control\Print\Monitors\

Canon BJ Language Monitor PIXMA iP2000\Driver = "CNMLM66.DLL" ["CANON INC."]


  • This report excludes default entries except where indicated.

  • To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

  • To search all directories of local fixed drives for DESKTOP.INI

DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

use the -supp parameter or answer "No" at the first message box.

---------- (total run time: 40 seconds, including 18 seconds for message boxes)


(Kuz5) #2

Mr.Chris nie podpinaj sie pod nie swoje tematy, tylko zakładaj własne :?

Wydzielono z innego tematu

W logu nic nie widać jest ok

Może to przejściowe

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG i uruchom go w trybie awaryjnym


(Chris Kotlowski) #3

Dziękuję za radę napewno się zastosuje, ale proszę o jakąś podpowiedz gdzie zmienić te rozszerzenia w co wejść jak napisałem dopiero zaczynam zaznajamiać się zobsługą kom. :?


(Kuz5) #4

Start => Wszystkie programy => Akcesoria i odpalasz notatnik następnie wklejasz w nim:

Klikasz Plik => Zapisz jako => Zmień rozszerzenie z TXT na Wszystkie pliki => Zapisz pod nazwą FIX.REG

fix7jc.jpg


(Chris Kotlowski) #5

Serdeczne dzieki bardzo zrozumiała odpowiedz :smiley: zrobilem wszystko zgodnie ze wskazówkami.

Pozdrowienia dzięki.


(Gutek) #6

Ja powtórzę odinstaluj w dodaj\usuń Spyware Doctor