kala
(Kallla)
14 Maj 2006 22:05
#1
usunelam caly wirsz hijackiem itd. a cos dalej sie psuje. moze mam cos innego. jakby ktos cos znalazł to niech mi powie co mam usunac . z gory dzieki
Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVirenKit\AVKService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AntiVirenKit\AVKWCtl.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\Common Files\G DATA\AVKMail\AVKPOP.EXE C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\Program Files\Neostrada TP\taskbaricon.exe C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe C:\Gadu-Gadu\gg.exe C:\Program Files\Nikon\NkView6\NkvMon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINDOWS\System32\wuauclt.exe C:\Gadu-Gadu\gg.exe C:\Documents and Settings\krzysiek\Pulpit\pulpet\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://zakladka.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: My Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL (file missing) O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: e-zshopper 1.200 - {3D782BB3-F2A5-11D3-BF4C-000000000000} - C:\Program Files\e-zshopper\BarLcher.dll (file missing) O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM…\Run: [AVK Mail Checker] “C:\Program Files\Common Files\G DATA\AVKMail\AVKPOP.EXE” O4 - HKLM…\Run: [salm] c:\program files\180searchassistant\salm.exe O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\Program Files\Neostrada TP\taskbaricon.exe O4 - HKLM…\Run: [uVS10 Preload] E:\disco polo\uvPL.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [Repair Registry Pro] C:\Program Files\Repair Registry Pro\RepairRegistryPro.exe -s O4 - HKCU…\Run: [incrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c O4 - HKCU…\Run: [AVKBar] “C:\Program Files\AntiVirenKit\AVKBar.exe” O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [Gadu-Gadu] “C:\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe O4 - HKCU…\Run: [Windows installer] C:\winstall.exe O4 - Global Startup: Microsoft Office.lnk = D:\MICROSOFTOFFICE\PROGRAM FILES\Office\OSA9.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: Search - http://kc.bar.need2find.com/KC/menusearch.html?p=KC O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: eZshopper - {BFA03761-5565-41b3-93D9-82B354C0A8EC} - SHDOCVW.DLL (file missing) O9 - Extra ‘Tools’ menuitem: e-zshopper - {BFA03761-5565-41b3-93D9-82B354C0A8EC} - SHDOCVW.DLL (file missing) O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Media … e-c139.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar … vSniff.cab O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.picasa.com/installers/pi … nstall.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab O18 - Filter: text/html - {03974811-C15F-462c-B6B0-2D2336AA57D0} - C:\WINDOWS\System32\hlwin.dll O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Program Files\AntiVirenKit\AVKService.exe O23 - Service: Strażnik AVK (AVKWCtl) - Unknown owner - C:\Program Files\AntiVirenKit\AVKWCtl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
====================================
Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE
Proponuje poczytać TEN temat i zobacz jaka jest prośba do userów wklejających loga.
Pozdrawiam kuz5
Bieniol
(Bbieniol)
14 Maj 2006 22:12
#2
Wyłączasz przywracanie systemu:
Włączasz tryb awaryjny:
Odpalasz Hijacka --> do a system scan only i zaznaczasz wpisy:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL (file missing) O3 - Toolbar: e-zshopper 1.200 - {3D782BB3-F2A5-11D3-BF4C-000000000000} - C:\Program Files\e-zshopper\BarLcher.dll (file missing) O4 - HKLM…\Run: [salm] c:\program files\180searchassistant\salm.exe O4 - HKCU…\Run: [Windows installer] C:\winstall.exe O8 - Extra context menu item: &Search - http://kc.bar.need2find.com/KC/menusearch.html?p=KC O9 - Extra button: eZshopper - {BFA03761-5565-41b3-93D9-82B354C0A8EC} - SHDOCVW.DLL (file missing) O9 - Extra ‘Tools’ menuitem: e-zshopper - {BFA03761-5565-41b3-93D9-82B354C0A8EC} - SHDOCVW.DLL (file missing) O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Media … e-c139.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O18 - Filter: text/html - {03974811-C15F-462c-B6B0-2D2336AA57D0} - C:\WINDOWS\System32\hlwin.dll
I klikasz na dole “fix checked”
Usuwasz ręcznie z dysku foldery:
C:\Program Files\ e-zshopper
C:\Program Files\ MyWay
c:\program files\ 180searchassistant
Uruchamiasz narzędzie KillBox , zaznaczasz Delete on reboot , w polu full path of file wklej ścieżkę:
C:\WINDOWS\System32\hlwin.dll
C:\winstall.exe
Klikasz X i restart kompa (restart dopiero po usunięciu ostatniego pliku)
Wpisu R3 nie usuniesz za pomocą Hijacka - użyj do tego narzędzia Registrar Lite , opis masz TUTAJ
kala
(Kallla)
14 Maj 2006 23:11
#3
Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVirenKit\AVKService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AntiVirenKit\AVKWCtl.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\Common Files\G DATA\AVKMail\AVKPOP.EXE C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\Program Files\Neostrada TP\taskbaricon.exe C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe C:\Program Files\Nikon\NkView6\NkvMon.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Neostrada TP\NeostradaTP.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Neostrada TP\ComComp.exe C:\PROGRA~1\INCRED~1\bin\IMAPP.EXE C:\Program Files\Neostrada TP\Watch.exe C:\Documents and Settings\krzysiek\Pulpit\pulpet\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://zakladka.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM…\Run: [AVK Mail Checker] “C:\Program Files\Common Files\G DATA\AVKMail\AVKPOP.EXE” O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\Program Files\Neostrada TP\taskbaricon.exe O4 - HKLM…\Run: [uVS10 Preload] E:\disco polo\uvPL.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [Repair Registry Pro] C:\Program Files\Repair Registry Pro\RepairRegistryPro.exe -s O4 - HKCU…\Run: [incrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c O4 - HKCU…\Run: [AVKBar] “C:\Program Files\AntiVirenKit\AVKBar.exe” O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [Gadu-Gadu] “C:\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe O4 - Global Startup: Microsoft Office.lnk = D:\MICROSOFTOFFICE\PROGRAM FILES\Office\OSA9.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar … vSniff.cab O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.picasa.com/installers/pi … nstall.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip…{E9EA2595-FDDB-478C-96DE-627C57DA84AF}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Program Files\AntiVirenKit\AVKService.exe O23 - Service: Strażnik AVK (AVKWCtl) - Unknown owner - C:\Program Files\AntiVirenKit\AVKWCtl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Złączono Posta : 15.05.2006 (Pon) 1:12
“Silent Runners.vbs”, revision 45, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “IncrediMail” = “C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c” [“IncrediMail, Ltd.”] “AVKBar” = ““C:\Program Files\AntiVirenKit\AVKBar.exe”” [“1, 0, 0, 4”] “Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [file not found] “Gadu-Gadu” = ““C:\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu Sp. z oo”] “Komunikator” = “C:\Program Files\Tlen.pl\tlen.exe” [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “SoundMan” = “SOUNDMAN.EXE” [“Avance Logic, Inc.”] “NvCplDaemon” = “RUNDLL32.EXE NvQTwk,NvCplDaemon initialize” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NeroCheck” = “C:\WINDOWS\System32\NeroCheck.exe” [“Ahead Software Gmbh”] “SunJavaUpdateSched” = “C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe” [null data] “AVK Mail Checker” = ““C:\Program Files\Common Files\G DATA\AVKMail\AVKPOP.EXE”” [“G DATA Software AG”] “WooCnxMon” = “C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [empty string] “WOOWATCH” = “C:\PROGRA~1\NEOSTR~1\Watch.exe” [“France Télécom R&D”] “WOOTASKBARICON” = “C:\Program Files\Neostrada TP\taskbaricon.exe” [“France Télécom R&D”] “UVS10 Preload” = “E:\disco polo\uvPL.exe” [“Ulead Systems, Inc.”] “QuickTime Task” = ““C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”] “Repair Registry Pro” = “C:\Program Files\Repair Registry Pro\RepairRegistryPro.exe -s” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [file not found] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Eksplorator pulpitów” -> {HKLM…CLSID} = “Eksplorator pulpitów” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “D:\MICROS~1\PROGRA~1\Office\OLKFSTUB.DLL” [MS] “{32A9D769-5B55-4a25-9A62-86B5683FE50A}” = “NikonView Drop Extension” -> {HKLM…CLSID} = “NikonView Drop Extension” \InProcServer32(Default) = “C:\Program Files\Nikon\NkView6\NkvDropExt.dll” [“Nikon Corporation”] “{e57ce731-33e8-4c51-8354-bb4de9d215d1}” = “Uniwersalne urządzenia Plug and Play” -> {HKLM…CLSID} = “Uniwersalne urządzenia Plug and Play” \InProcServer32(Default) = “C:\WINDOWS\System32\upnpui.dll” [MS] “{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx” -> {HKLM…CLSID} = “AlcoholShellEx” \InProcServer32(Default) = “C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll” [“Alcohol Soft Development Team”] “{DBD8E168-244D-448C-9922-25508950D1DC}” = “Ulead UDF Driver” -> {HKLM…CLSID} = “USIShellExt Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ulead Systems\DVD\USIShex.dll” [“Ulead Systems, Inc.”] “{CCA60260-A2C9-11D2-BA62-0020188191B2}” = “Registrar Registry Manager SHell Extension” -> {HKLM…CLSID} = “Registrar Registry Manager SHell Extension” \InProcServer32(Default) = “rrShellX.dll” [file not found] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ AVK9CM(Default) = “{CAF4C320-32F5-11D3-A222-004095200FF2}” -> {HKLM…CLSID} = “AVK9ContextMenue” \InProcServer32(Default) = “C:\Program Files\AntiVirenKit\ShellExt.dll” [empty string] IMMenuShellExt(Default) = “{F8984111-38B6-11D5-8725-0050DA2761C4}” -> {HKLM…CLSID} = “IMMenuShellExt Class” \InProcServer32(Default) = “C:\Program Files\IncrediMail\bin\IMShExt.dll” [“IncrediMail, Ltd.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ AVK9CM(Default) = “{CAF4C320-32F5-11D3-A222-004095200FF2}” -> {HKLM…CLSID} = “AVK9ContextMenue” \InProcServer32(Default) = “C:\Program Files\AntiVirenKit\ShellExt.dll” [empty string] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
kuz5
(Kuz5)
14 Maj 2006 23:23
#4
W logach HijackThis nie ma nagłówków, jeszcze raz tak wkleisz loga a temat poleci do kosza :?
Log z Hijacka jest ok
Log silenta obciety, poczekaj aż narzędzie poinformuje cię o ukończeniu skanowania i dopiero wklej całego loga
kala
(Kallla)
15 Maj 2006 09:56
#5
“Silent Runners.vbs”, revision 45, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “IncrediMail” = “C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c” [“IncrediMail, Ltd.”] “AVKBar” = ““C:\Program Files\AntiVirenKit\AVKBar.exe”” [“1, 0, 0, 4”] “Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [file not found] “Gadu-Gadu” = ““C:\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu Sp. z oo”] “Komunikator” = “C:\Program Files\Tlen.pl\tlen.exe” [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “SoundMan” = “SOUNDMAN.EXE” [“Avance Logic, Inc.”] “NvCplDaemon” = “RUNDLL32.EXE NvQTwk,NvCplDaemon initialize” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NeroCheck” = “C:\WINDOWS\System32\NeroCheck.exe” [“Ahead Software Gmbh”] “SunJavaUpdateSched” = “C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe” [null data] “AVK Mail Checker” = ““C:\Program Files\Common Files\G DATA\AVKMail\AVKPOP.EXE”” [“G DATA Software AG”] “WooCnxMon” = “C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [empty string] “WOOWATCH” = “C:\PROGRA~1\NEOSTR~1\Watch.exe” [“France Télécom R&D”] “WOOTASKBARICON” = “C:\Program Files\Neostrada TP\taskbaricon.exe” [“France Télécom R&D”] “UVS10 Preload” = “E:\disco polo\uvPL.exe” [“Ulead Systems, Inc.”] “QuickTime Task” = ““C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”] “Repair Registry Pro” = “C:\Program Files\Repair Registry Pro\RepairRegistryPro.exe -s” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [file not found] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Eksplorator pulpitów” -> {HKLM…CLSID} = “Eksplorator pulpitów” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “D:\MICROS~1\PROGRA~1\Office\OLKFSTUB.DLL” [MS] “{32A9D769-5B55-4a25-9A62-86B5683FE50A}” = “NikonView Drop Extension” -> {HKLM…CLSID} = “NikonView Drop Extension” \InProcServer32(Default) = “C:\Program Files\Nikon\NkView6\NkvDropExt.dll” [“Nikon Corporation”] “{e57ce731-33e8-4c51-8354-bb4de9d215d1}” = “Uniwersalne urządzenia Plug and Play” -> {HKLM…CLSID} = “Uniwersalne urządzenia Plug and Play” \InProcServer32(Default) = “C:\WINDOWS\System32\upnpui.dll” [MS] “{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx” -> {HKLM…CLSID} = “AlcoholShellEx” \InProcServer32(Default) = “C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll” [“Alcohol Soft Development Team”] “{DBD8E168-244D-448C-9922-25508950D1DC}” = “Ulead UDF Driver” -> {HKLM…CLSID} = “USIShellExt Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ulead Systems\DVD\USIShex.dll” [“Ulead Systems, Inc.”] “{CCA60260-A2C9-11D2-BA62-0020188191B2}” = “Registrar Registry Manager SHell Extension” -> {HKLM…CLSID} = “Registrar Registry Manager SHell Extension” \InProcServer32(Default) = “rrShellX.dll” [file not found] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ AVK9CM(Default) = “{CAF4C320-32F5-11D3-A222-004095200FF2}” -> {HKLM…CLSID} = “AVK9ContextMenue” \InProcServer32(Default) = “C:\Program Files\AntiVirenKit\ShellExt.dll” [empty string] IMMenuShellExt(Default) = “{F8984111-38B6-11D5-8725-0050DA2761C4}” -> {HKLM…CLSID} = “IMMenuShellExt Class” \InProcServer32(Default) = “C:\Program Files\IncrediMail\bin\IMShExt.dll” [“IncrediMail, Ltd.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ AVK9CM(Default) = “{CAF4C320-32F5-11D3-A222-004095200FF2}” -> {HKLM…CLSID} = “AVK9ContextMenue” \InProcServer32(Default) = “C:\Program Files\AntiVirenKit\ShellExt.dll” [empty string] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\krzysiek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\H&MSCR~1.SCR” [file not found] Startup items in “krzysiek” & “All Users” startup folders: ---------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Microsoft Office” -> shortcut to: “D:\MICROSOFTOFFICE\PROGRAM FILES\Office\OSA9.EXE -b -l” [MS] “Adobe Gamma Loader” -> shortcut to: “C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe” [“Adobe Systems, Inc.”] “NkvMon.exe” -> shortcut to: “C:\Program Files\Nikon\NkView6\NkvMon.exe” [“Nikon Corporation”] “Adobe Reader Speed Launch” -> shortcut to: “C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] “DSLMON” -> shortcut to: “C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe” [empty string] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ “{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}” -> {HKLM…CLSID} = “My &Search Bar” \InProcServer32(Default) = “C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL” [file not found] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {3EA5C408-2437-4C40-ADAC-DFDA9AEEEA96}(Default) = (no title provided) -> {HKLM…CLSID} = “e-zshopper SideBar” \InProcServer32(Default) = “SHDOCVW.DLL” [MS] Dormant Explorer Bars in “View, Explorer Bar” menu HKLM\Software\Classes\CLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{0494D0DE-F8E0-41AD-92A3-14154ECE70AC}(Default) = “My Search Bar Quick View” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\WINDOWS\System32\shdocvw.dll” [MS] HKLM\Software\Classes\CLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = “ToolBand Class” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{08B0E5C0-4FCB-11CF-AAA5-00401C608501}” Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ Missing lines (compared with English-language version): “{08C06D61-F1F3-4799-86F8-BE1A89362C85}” = (no title provided) -> {HKLM…CLSID} = “Search Class” \InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL” [empty string] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AVK Service, AVKService, “C:\Program Files\AntiVirenKit\AVKService.exe” [empty string] NVIDIA Driver Helper Service, NVSvc, “C:\WINDOWS\System32\nvsvc32.exe” [“NVIDIA Corporation”] Odbiornik RIP, Iprip, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\iprip.dll” [MS]} StarWind iSCSI Service, StarWindService, “C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe” [“Rocket Division Software”] Strażnik AVK, AVKWCtl, “C:\Program Files\AntiVirenKit\AVKWCtl.exe” [empty string] Ulead Burning Helper, UleadBurningHelper, “C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe” [“Ulead Systems, Inc.”] Usługi Simple TCP/IP, SimpTcp, “C:\WINDOWS\System32\tcpsvcs.exe” [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 185 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 42 seconds. ---------- (total run time: 518 seconds)
wczesniej nie moglam dac calego bo mi ktos/cos kompa wylacnaczlo
kuz5
(Kuz5)
15 Maj 2006 10:50
#6
No juz jest ok
Otwórz Notatnik i wklej w nim to:
Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG i uruchom go w trybie awaryjnym
Wyczyść rejestr programem jv16 PowerTools
Opcje rejestru =>Klikamy “Czyszczenie rejestru” następnie klikamy “Kontynuuj” po czym klikamy “Start” po tym jak program sprawdzi rejestr klikamy Wybierz => Wybór specjalny i klikamy “Pozycje które można bezpiecznie usunąć” i na koniec klikamy “Usuń”
kala
(Kallla)
16 Maj 2006 20:19
#7
mam tego jv16 PowerTools i robie wszystko tak jak napisales ale nie kce sie to usunac!! klikam i klikam i nic
Bieniol
(Bbieniol)
17 Maj 2006 22:11
#12
Czysto
Czy sytuacja się poprawiła?
kuz5
(Kuz5)
17 Maj 2006 22:15
#13
Bieniol:
Czysto
:shock:
Otwórz Notatnik i wklej w nim to:
Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG i uruchom go w trybie awaryjnym
Poza tym jest ok