problem z wirusem - virusburst

**Posty:** 13 · przez **Earthquake** 03 Gru 2006, 19:55

Ostatni uaktualnil mi sie jakis program, Video ActiveX Object, nie wiedzialem co to bo wyskoczylo mi przy Windows Media Player, myslalem ze to uaktualnienie ale od tamtego czasu mam kolo zegarka ikonke migajacego trojkata z xem
Wklejam logo z HijackThisa:

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 17:41:01, on 2006-12-03 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\Panda Software\Panda Internet Security 2007\pavsrv51.exe D:\WINDOWS\system32\svchost.exe D:\Panda Software\Panda Internet Security 2007\TPSrv.exe d:\panda software\panda internet security 2007\firewall\PNMSRV.EXE D:\WINDOWS\system32\LEXBCES.EXE D:\WINDOWS\system32\LEXPPS.EXE D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE D:\WINDOWS\system32\nvsvc32.exe D:\Panda Software\Panda Internet Security 2007\PavFnSvr.exe D:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe D:\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe D:\Panda Software\Panda Internet Security 2007\PsImSvc.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\UAService7.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Video ActiveX Object\isamonitor.exe D:\Program Files\Video ActiveX Object\pmsngr.exe D:\Program Files\Video ActiveX Object\pmmon.exe D:\Program Files\Video ActiveX Object\isamini.exe D:\WINDOWS\system32\nvraidservice.exe D:\PROGRA~1\NEOSTR~1\CnxMon.exe D:\PROGRA~1\NEOSTR~1\taskbaricon.exe D:\Program Files\DAEMON Tools\daemon.exe D:\Program Files\Winamp\winampa.exe D:\WINDOWS\system32\rundll32.exe D:\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe D:\WINDOWS\system32\ctfmon.exe D:\WINDOWS\system32\wbem\unsecapp.exe D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe D:\Program Files\WinZip\WZQKPICK.EXE D:\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE d:\panda software\panda internet security 2007\WebProxy.exe D:\Panda Software\Panda Internet Security 2007\AVENGINE.EXE C:\Opera\Opera.exe D:\gadu-gadu\gg.exe D:\Documents and Settings\Dawid\Moje dokumenty\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://-userconfig/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O1 - Hosts: 63.208.197.212 my.hamachi.cc O1 - Hosts: 63.208.197.212 bibi.hamachi.cc O1 - Hosts: 200.73.174.154 STORAGE.HOSTANCE.NET O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - D:\Program Files\Video ActiveX Object\isaddon.dll O2 - BHO: (no name) - {1CD88EF8-4751-FD3E-2568-031B80506825} - D:\WINDOWS\system32\htaduwk.dll O2 - BHO: Duplex - {4D8603D1-E19F-4DB9-B841-CF0B3AECF967} - D:\WINDOWS\system32\apparat.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: m1a2 - {81566074-267F-41e3-A51B-2599A3AC9EC3} - D:\WINDOWS\system32\msx.dll (file missing) O2 - BHO: Web Quick - {872ED12E-C4C2-42BB-833A-9B237F275CB3} - D:\WINDOWS\system32\WebQuick.dll (file missing) O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\FlashGet\jccatch.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\FlashGet\fgiebar.dll O3 - Toolbar: Protection Bar - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - D:\Program Files\Video ActiveX Object\iesplugin.dll O4 - HKLM\..\Run: [NVRaidService] D:\WINDOWS\system32\nvraidservice.exe O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WooCnxMon] D:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\NEOSTR~1\taskbaricon.exe O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [MKS_VIR_2006] C:\MKS_VIR_2006\mks2006.exe O4 - HKLM\..\Run: [dvqggq.dll] D:\WINDOWS\system32\rundll32.exe D:\WINDOWS\system32\dvqggq.dll,ponohwe O4 - HKLM\..\Run: [APVXDWIN] "D:\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [SCANINICIO] "D:\Panda Software\Panda Internet Security 2007\Inicio.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MailScanner] C:\MKS_VIR_2006\Mks_mail.exe O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Gadu-Gadu] "D:\gadu-gadu\gg.exe" /tray O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: DSLMON .lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Skype.lnk = D:\Program Files\Skype\Phone\Skype.exe O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Download All by FlashGet - D:\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - D:\FlashGet\jc_link.htm O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\flashget.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - http://80.55.74.74/csi_netcam.cab O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: avldr - D:\WINDOWS\SYSTEM32\avldr.dll O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: emptins - {588599f4-de26-4c28-ba14-f4eb17e33481} - D:\WINDOWS\system32\xxfgmy.dll (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - D:\Panda Software\Panda Internet Security 2007\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - D:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - D:\Panda Software\Panda Internet Security 2007\pavsrv51.exe O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - D:\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - d:\panda software\panda internet security 2007\firewall\PNMSRV.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - D:\Panda Software\Panda Internet Security 2007\PsImSvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software - D:\Panda Software\Panda Internet Security 2007\TPSrv.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - D:\WINDOWS\system32\UAService7.exe

Prosze o szybka odpowiedz i dziekuje z gory

**Posty:** 935 · przez **Aqui** 03 Gru 2006, 19:58

http://www.forum.programosy.pl/trudne-przypadki-i-metody-usuwania-vp319542.html?highlight=#319542
SmitFraudFix z opcji numer 2..instrukcja wyzej :wink:

**Posty:** 13 · przez **Earthquake** 03 Gru 2006, 20:51

Po sciagnieciu i rozpakowaniu SmitFraudFixa Panda mowi ze to wirus, co mamz robic?

**Posty:** 18165 · przez **wojtas** 03 Gru 2006, 20:54

co mamz robic?

poprostu przeskanuj tym programem z opcji 2 i potem daj nowe logi

**Posty:** 935 · przez **Aqui** 03 Gru 2006, 20:56

Przeskanuj w trybie awaryjnym-smitfraudfix to nie jest wirus oczywiscie :wink:

**Posty:** 13 · przez **Earthquake** 03 Gru 2006, 21:05

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 18:53:53, on 2006-12-03 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\Panda Software\Panda Internet Security 2007\pavsrv51.exe D:\Panda Software\Panda Internet Security 2007\AVENGINE.EXE D:\WINDOWS\system32\svchost.exe D:\Panda Software\Panda Internet Security 2007\TPSrv.exe d:\panda software\panda internet security 2007\firewall\PNMSRV.EXE D:\WINDOWS\system32\LEXBCES.EXE D:\WINDOWS\system32\LEXPPS.EXE D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE D:\WINDOWS\system32\nvsvc32.exe D:\Panda Software\Panda Internet Security 2007\PavFnSvr.exe D:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe D:\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe D:\Panda Software\Panda Internet Security 2007\PsImSvc.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\UAService7.exe D:\Panda Software\Panda Internet Security 2007\apvxdwin.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\nvraidservice.exe D:\PROGRA~1\NEOSTR~1\CnxMon.exe D:\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE d:\panda software\panda internet security 2007\WebProxy.exe D:\WINDOWS\system32\wbem\unsecapp.exe D:\PROGRA~1\NEOSTR~1\taskbaricon.exe D:\Program Files\DAEMON Tools\daemon.exe D:\Program Files\Winamp\winampa.exe D:\WINDOWS\system32\rundll32.exe D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe D:\WINDOWS\system32\wuauclt.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\Skype\Phone\Skype.exe D:\gadu-gadu\gg.exe D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe D:\Program Files\WinZip\WZQKPICK.EXE C:\Opera\Opera.exe D:\Documents and Settings\Dawid\Moje dokumenty\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://-userconfig/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O1 - Hosts: 63.208.197.212 my.hamachi.cc O1 - Hosts: 63.208.197.212 bibi.hamachi.cc O1 - Hosts: 200.73.174.154 STORAGE.HOSTANCE.NET O2 - BHO: (no name) - {1CD88EF8-4751-FD3E-2568-031B80506825} - D:\WINDOWS\system32\htaduwk.dll O2 - BHO: Duplex - {4D8603D1-E19F-4DB9-B841-CF0B3AECF967} - D:\WINDOWS\system32\apparat.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: m1a2 - {81566074-267F-41e3-A51B-2599A3AC9EC3} - D:\WINDOWS\system32\msx.dll (file missing) O2 - BHO: Web Quick - {872ED12E-C4C2-42BB-833A-9B237F275CB3} - D:\WINDOWS\system32\WebQuick.dll (file missing) O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\FlashGet\jccatch.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [NVRaidService] D:\WINDOWS\system32\nvraidservice.exe O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WooCnxMon] D:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\NEOSTR~1\taskbaricon.exe O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [MKS_VIR_2006] C:\MKS_VIR_2006\mks2006.exe O4 - HKLM\..\Run: [dvqggq.dll] D:\WINDOWS\system32\rundll32.exe D:\WINDOWS\system32\dvqggq.dll,ponohwe O4 - HKLM\..\Run: [APVXDWIN] "D:\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [SCANINICIO] "D:\Panda Software\Panda Internet Security 2007\Inicio.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MailScanner] C:\MKS_VIR_2006\Mks_mail.exe O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Gadu-Gadu] "D:\gadu-gadu\gg.exe" /tray O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: DSLMON .lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Skype.lnk = D:\Program Files\Skype\Phone\Skype.exe O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Download All by FlashGet - D:\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - D:\FlashGet\jc_link.htm O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\flashget.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - http://80.55.74.74/csi_netcam.cab O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: avldr - D:\WINDOWS\SYSTEM32\avldr.dll O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - D:\Panda Software\Panda Internet Security 2007\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - D:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - D:\Panda Software\Panda Internet Security 2007\pavsrv51.exe O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - D:\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - d:\panda software\panda internet security 2007\firewall\PNMSRV.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - D:\Panda Software\Panda Internet Security 2007\PsImSvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software - D:\Panda Software\Panda Internet Security 2007\TPSrv.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - D:\WINDOWS\system32\UAService7.exe

To sa nowe logi, mam nadzieje ze jest juz lepiej, bo jak narazie nic sie nie pojawilo

**Posty:** 935 · przez **Aqui** 03 Gru 2006, 21:32

Usuwasz w trybie awaryjnym z wyłączonym przywracaniem systemu

O1 - Hosts: 200.73.174.154 STORAGE.HOSTANCE.NET
O2 - BHO: (no name) - {1CD88EF8-4751-FD3E-2568-031B80506825} - D:\WINDOWS\system32\htaduwk.dll
O2 - BHO: Duplex - {4D8603D1-E19F-4DB9-B841-CF0B3AECF967} - D:\WINDOWS\system32\apparat.dll (file missing)
O2 - BHO: m1a2 - {81566074-267F-41e3-A51B-2599A3AC9EC3} - D:\WINDOWS\system32\msx.dll (file missing)
O2 - BHO: Web Quick - {872ED12E-C4C2-42BB-833A-9B237F275CB3} - D:\WINDOWS\system32\WebQuick.dll (file missing)
O4 - HKLM\..\Run: [dvqggq.dll] D:\WINDOWS\system32\rundll32.exe D:\WINDOWS\system32\dvqggq.dll,ponohwe

Wpisy fixujesz w hijackthis,pogrubione pliki usuwasz recznie z dysku
Po tym nowe logi :wink:

**Posty:** 13 · przez **Earthquake** 03 Gru 2006, 21:35

Aqui napisał(a): fixujesz

Co to znaczy?

**Posty:** 935 · przez **Aqui** 03 Gru 2006, 21:41

Zaznaczasz i klikasz fix checked :wink:

**Posty:** 13 · przez **Earthquake** 03 Gru 2006, 21:45

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 19:34:30, on 2006-12-03 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\Panda Software\Panda Internet Security 2007\pavsrv51.exe D:\WINDOWS\system32\svchost.exe D:\Panda Software\Panda Internet Security 2007\TPSrv.exe d:\panda software\panda internet security 2007\firewall\PNMSRV.EXE D:\WINDOWS\system32\LEXBCES.EXE D:\WINDOWS\system32\LEXPPS.EXE D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE D:\WINDOWS\system32\nvsvc32.exe D:\Panda Software\Panda Internet Security 2007\PavFnSvr.exe D:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe D:\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe D:\Panda Software\Panda Internet Security 2007\PsImSvc.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\UAService7.exe D:\Panda Software\Panda Internet Security 2007\apvxdwin.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\nvraidservice.exe D:\PROGRA~1\NEOSTR~1\CnxMon.exe D:\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE d:\panda software\panda internet security 2007\WebProxy.exe D:\WINDOWS\system32\wbem\unsecapp.exe D:\PROGRA~1\NEOSTR~1\taskbaricon.exe D:\Program Files\DAEMON Tools\daemon.exe D:\Program Files\Winamp\winampa.exe D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\Skype\Phone\Skype.exe D:\gadu-gadu\gg.exe D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe D:\Program Files\WinZip\WZQKPICK.EXE C:\Opera\Opera.exe D:\Panda Software\Panda Internet Security 2007\AVENGINE.EXE D:\Documents and Settings\Dawid\Moje dokumenty\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://-userconfig/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O1 - Hosts: 63.208.197.212 my.hamachi.cc O1 - Hosts: 63.208.197.212 bibi.hamachi.cc O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\FlashGet\jccatch.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [NVRaidService] D:\WINDOWS\system32\nvraidservice.exe O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WooCnxMon] D:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\NEOSTR~1\taskbaricon.exe O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [MKS_VIR_2006] C:\MKS_VIR_2006\mks2006.exe O4 - HKLM\..\Run: [APVXDWIN] "D:\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [SCANINICIO] "D:\Panda Software\Panda Internet Security 2007\Inicio.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MailScanner] C:\MKS_VIR_2006\Mks_mail.exe O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Gadu-Gadu] "D:\gadu-gadu\gg.exe" /tray O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: DSLMON .lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Skype.lnk = D:\Program Files\Skype\Phone\Skype.exe O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Download All by FlashGet - D:\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - D:\FlashGet\jc_link.htm O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\flashget.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - http://80.55.74.74/csi_netcam.cab O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: avldr - D:\WINDOWS\SYSTEM32\avldr.dll O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - D:\Panda Software\Panda Internet Security 2007\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - D:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - D:\Panda Software\Panda Internet Security 2007\pavsrv51.exe O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - D:\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - d:\panda software\panda internet security 2007\firewall\PNMSRV.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - D:\Panda Software\Panda Internet Security 2007\PsImSvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software - D:\Panda Software\Panda Internet Security 2007\TPSrv.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - D:\WINDOWS\system32\UAService7.exe

Zrobilem jak kazales, mam nadzieje ze dobrze

**Posty:** 935 · przez **Aqui** 03 Gru 2006, 21:52

Jest czysto,daj jeszcze silentrunners
Jak komputer??

**Posty:** 13 · przez **Earthquake** 03 Gru 2006, 21:58

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "D:\WINDOWS\system32\ctfmon.exe" [MS] "MailScanner" = "C:\MKS_VIR_2006\Mks_mail.exe" [file not found] "Skype" = ""D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."] "Gadu-Gadu" = ""D:\gadu-gadu\gg.exe" /tray" ["Gadu-Gadu Sp. z oo"] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "NVRaidService" = "D:\WINDOWS\system32\nvraidservice.exe" ["NVIDIA Corporation"] "NeroFilterCheck" = "D:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "WooCnxMon" = "D:\PROGRA~1\NEOSTR~1\CnxMon.exe" [empty string] "WOOWATCH" = "D:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"] "WOOTASKBARICON" = "D:\PROGRA~1\NEOSTR~1\taskbaricon.exe" ["France Télécom R&D"] "TkBellExe" = ""D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "DAEMON Tools" = ""D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."] "CloneCDTray" = ""D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s" ["SlySoft, Inc."] "NvCplDaemon" = "RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "WinampAgent" = "D:\Program Files\Winamp\winampa.exe" [null data] "MKS_VIR_2006" = "C:\MKS_VIR_2006\mks2006.exe" [file not found] "APVXDWIN" = ""D:\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s" ["Panda Software International"] "SCANINICIO" = ""D:\Panda Software\Panda Internet Security 2007\Inicio.exe"" ["Panda Software International"] "SunJavaUpdateSched" = ""D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"" ["Sun Microsystems, Inc."] HKLM\Software\Microsoft\Active Setup\Installed Components\ >{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express" \StubPath = "D:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."] {A5366673-E8CA-11D3-9CD9-0090271D075B}\(Default) = (no title provided) -> {HKLM...CLSID} = "IeCatch2 Class" \InProcServer32\(Default) = "D:\FlashGet\jccatch.dll" ["Amaze Soft"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "D:\WINDOWS\system32\hticons.dll" [file not found] "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""D:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""D:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""D:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""D:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "D:\WINDOWS\system32\Audiodev.dll" [MS] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "D:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "D:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "D:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "D:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{0D6D4F41-2994-4ba0-8FEF-620E43CD2812}" = "IE Microsoft Internet Toolbar" -> {HKLM...CLSID} = "IE Microsoft Internet Toolbar" \InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS] "{C4EC38BD-4E9E-4b5e-935A-D1BFF237D980}" = "Explorer Travel Band" -> {HKLM...CLSID} = "Explorer Travel Band" \InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS] "{6D8BB3D3-9D87-4a91-AB56-4F30CFFEFE9F}" = "Explorer Search Band" -> {HKLM...CLSID} = "Explorer Search Band" \InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS] "{DE011590-0531-4804-9C9C-3FEDC7E6E5C8}" = "IE &Address" -> {HKLM...CLSID} = "IE &Address" \InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS] "{7E48925F-FF5C-47fa-A99A-F5912A10623B}" = "IE Address EditBox" -> {HKLM...CLSID} = "IE Address EditBox" \InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS] "{482A7CB3-2EDF-4595-A315-A5244F1E96E6}" = "IE Search Control" -> {HKLM...CLSID} = "IE Search Control" \InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS] "{65756541-C65C-11CD-0000-4B656E696100}" = "Panda Antivirus" -> {HKLM...CLSID} = "Panda Antivirus" \InProcServer32\(Default) = "D:\Panda Software\Panda Internet Security 2007\PAVOLE.DLL" ["Panda Software"] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> avldr\DLLName = "avldr.dll" ["Panda Software"] HKLM\Software\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "D:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""D:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ Panda Antivirus\(Default) = "{65756541-C65C-11CD-0000-4B656E696100}" -> {HKLM...CLSID} = "Panda Antivirus" \InProcServer32\(Default) = "D:\Panda Software\Panda Internet Security 2007\PAVOLE.DLL" ["Panda Software"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Panda Antivirus\(Default) = "{65756541-C65C-11CD-0000-4B656E696100}" -> {HKLM...CLSID} = "Panda Antivirus" \InProcServer32\(Default) = "D:\Panda Software\Panda Internet Security 2007\PAVOLE.DLL" ["Panda Software"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "DisableTaskMgr" = (REG_SZ) 1 {Remove Task Manager} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "D:\Documents and Settings\AP9\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Startup items in "AP9" & "All Users" startup folders: ----------------------------------------------------- D:\Documents and Settings\All Users\Menu Start\Programy\Autostart "Adobe Gamma Loader" -> shortcut to: "D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] "DSLMON " -> shortcut to: "D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe -f" [empty string] "Skype" -> shortcut to: "D:\Program Files\Skype\Phone\Skype.exe" ["Skype Technologies S.A."] "WinZip Quick Pick" -> shortcut to: "D:\Program Files\WinZip\WZQKPICK.EXE" ["WinZip Computing LP"] Enabled Scheduled Tasks: ------------------------ "At1" -> launches: "D:\DOCUME~1\Dawid\MOJEDO~1\Look2Me-Destroyer.exe /task" ["Atribune.org"] "At2" -> launches: "D:\DOCUME~1\Dawid\MOJEDO~1\Look2Me-Destroyer.exe /task" ["Atribune.org"] "At4" -> launches: "D:\DOCUME~1\Dawid\MOJEDO~1\Look2Me-Destroyer.exe /task" ["Atribune.org"] "At5" -> launches: "D:\DOCUME~1\Dawid\MOJEDO~1\Look2Me-Destroyer.exe /task" ["Atribune.org"] "At6" -> launches: "D:\DOCUME~1\Dawid\MOJEDO~1\Look2Me-Destroyer.exe /task" ["Atribune.org"] "Symantec NetDetect" -> launches: "D:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: d:\panda software\panda internet security 2007\pavlsp.dll ["Panda Software International"], 01 - 03, 31 %SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 09 - 30 %SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] "{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet Bar" -> {HKLM...CLSID} = "FlashGet Bar" \InProcServer32\(Default) = "D:\FlashGet\fgiebar.dll" ["Amaze Soft"] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\(Default) = "Volet Wanadoo" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "D:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string] HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\(Default) = "ToolBand Class" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "D:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string] HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\(Default) = "Volet Wanadoo" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "D:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string] HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "D:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.5.0_09" \InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_09" \InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll" ["Sun Microsystems, Inc."] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Badanie" {D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\ "ButtonText" = "FlashGet" "MenuText" = "&FlashGet" "Exec" = "D:\FlashGet\flashget.exe" ["Amaze Soft"] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided) -> {HKLM...CLSID} = "Search Class" \InProcServer32\(Default) = "D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string] HOSTS file ---------- D:\WINDOWS\System32\drivers\etc\HOSTS maps: 438 domain names to IP addresses, 2 of the IP addresses are *not* localhost! Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ LexBce Server, LexBceS, "D:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."] Machine Debug Manager, MDM, ""D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS] NVIDIA Display Driver Service, NVSvc, "D:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] Panda anti-virus service, PAVSRV, ""D:\Panda Software\Panda Internet Security 2007\pavsrv51.exe"" ["Panda Software International"] Panda Antispam Engine, pmshellsrv, "D:\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe" ["Panda Software International"] Panda Function Service, PAVFNSVR, ""D:\Panda Software\Panda Internet Security 2007\PavFnSvr.exe"" ["Panda Software International"] Panda IManager Service, PSIMSVC, ""D:\Panda Software\Panda Internet Security 2007\PsImSvc.exe"" ["Panda Software"] Panda Network Manager, PNMSRV, ""d:\panda software\panda internet security 2007\firewall\PNMSRV.EXE"" ["Panda Software International"] Panda Process Protection Service, PavPrSrv, ""D:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe"" ["Panda Software"] Panda TPSrv, TPSrv, ""D:\Panda Software\Panda Internet Security 2007\TPSrv.exe"" ["Panda Software"] SecuROM User Access Service (V7), UserAccess7, "D:\WINDOWS\system32\UAService7.exe" ["Sony DADC Austria AG."] Windows User Mode Driver Framework, UMWdf, "D:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."] Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- <<!>>: Suspicious data at a malware launch point. <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 69 seconds, including 5 seconds for message boxes)

Chyba o to ci ci chodzilo, a komputer chodzi dobrze i nic sie nie pojawia, chyba pomoglo

[ Dodano: Dzisiaj o 20:37 ]

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "D:\WINDOWS\system32\ctfmon.exe" [MS] "MailScanner" = "C:\MKS_VIR_2006\Mks_mail.exe" [file not found] "Skype" = ""D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."] "Gadu-Gadu" = ""D:\gadu-gadu\gg.exe" /tray" ["Gadu-Gadu Sp. z oo"] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "NVRaidService" = "D:\WINDOWS\system32\nvraidservice.exe" ["NVIDIA Corporation"] "NeroFilterCheck" = "D:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "WooCnxMon" = "D:\PROGRA~1\NEOSTR~1\CnxMon.exe" [empty string] "WOOWATCH" = "D:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"] "WOOTASKBARICON" = "D:\PROGRA~1\NEOSTR~1\taskbaricon.exe" ["France Télécom R&D"] "TkBellExe" = ""D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "DAEMON Tools" = ""D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."] "CloneCDTray" = ""D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s" ["SlySoft, Inc."] "NvCplDaemon" = "RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "WinampAgent" = "D:\Program Files\Winamp\winampa.exe" [null data] "MKS_VIR_2006" = "C:\MKS_VIR_2006\mks2006.exe" [file not found] "APVXDWIN" = ""D:\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s" ["Panda Software International"] "SCANINICIO" = ""D:\Panda Software\Panda Internet Security 2007\Inicio.exe"" ["Panda Software International"] "SunJavaUpdateSched" = ""D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"" ["Sun Microsystems, Inc."] HKLM\Software\Microsoft\Active Setup\Installed Components\ >{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express" \StubPath = "D:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."] {A5366673-E8CA-11D3-9CD9-0090271D075B}\(Default) = (no title provided) -> {HKLM...CLSID} = "IeCatch2 Class" \InProcServer32\(Default) = "D:\FlashGet\jccatch.dll" ["Amaze Soft"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "D:\WINDOWS\system32\hticons.dll" [file not found] "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""D:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""D:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""D:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""D:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "D:\WINDOWS\system32\Audiodev.dll" [MS] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "D:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "D:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "D:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "D:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{0D6D4F41-2994-4ba0-8FEF-620E43CD2812}" = "IE Microsoft Internet Toolbar" -> {HKLM...CLSID} = "IE Microsoft Internet Toolbar" \InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS] "{C4EC38BD-4E9E-4b5e-935A-D1BFF237D980}" = "Explorer Travel Band" -> {HKLM...CLSID} = "Explorer Travel Band" \InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS] "{6D8BB3D3-9D87-4a91-AB56-4F30CFFEFE9F}" = "Explorer Search Band" -> {HKLM...CLSID} = "Explorer Search Band" \InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS] "{DE011590-0531-4804-9C9C-3FEDC7E6E5C8}" = "IE &Address" -> {HKLM...CLSID} = "IE &Address" \InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS] "{7E48925F-FF5C-47fa-A99A-F5912A10623B}" = "IE Address EditBox" -> {HKLM...CLSID} = "IE Address EditBox" \InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS] "{482A7CB3-2EDF-4595-A315-A5244F1E96E6}" = "IE Search Control" -> {HKLM...CLSID} = "IE Search Control" \InProcServer32\(Default) = "D:\WINDOWS\system32\ieframe.dll" [MS] "{65756541-C65C-11CD-0000-4B656E696100}" = "Panda Antivirus" -> {HKLM...CLSID} = "Panda Antivirus" \InProcServer32\(Default) = "D:\Panda Software\Panda Internet Security 2007\PAVOLE.DLL" ["Panda Software"] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> avldr\DLLName = "avldr.dll" ["Panda Software"] HKLM\Software\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "D:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""D:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ Panda Antivirus\(Default) = "{65756541-C65C-11CD-0000-4B656E696100}" -> {HKLM...CLSID} = "Panda Antivirus" \InProcServer32\(Default) = "D:\Panda Software\Panda Internet Security 2007\PAVOLE.DLL" ["Panda Software"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Panda Antivirus\(Default) = "{65756541-C65C-11CD-0000-4B656E696100}" -> {HKLM...CLSID} = "Panda Antivirus" \InProcServer32\(Default) = "D:\Panda Software\Panda Internet Security 2007\PAVOLE.DLL" ["Panda Software"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "DisableTaskMgr" = (REG_SZ) 1 {Remove Task Manager} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "D:\Documents and Settings\AP9\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Startup items in "AP9" & "All Users" startup folders: ----------------------------------------------------- D:\Documents and Settings\All Users\Menu Start\Programy\Autostart "Adobe Gamma Loader" -> shortcut to: "D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] "DSLMON " -> shortcut to: "D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe -f" [empty string] "Skype" -> shortcut to: "D:\Program Files\Skype\Phone\Skype.exe" ["Skype Technologies S.A."] "WinZip Quick Pick" -> shortcut to: "D:\Program Files\WinZip\WZQKPICK.EXE" ["WinZip Computing LP"] Enabled Scheduled Tasks: ------------------------ "At1" -> launches: "D:\DOCUME~1\Dawid\MOJEDO~1\Look2Me-Destroyer.exe /task" ["Atribune.org"] "At2" -> launches: "D:\DOCUME~1\Dawid\MOJEDO~1\Look2Me-Destroyer.exe /task" ["Atribune.org"] "At4" -> launches: "D:\DOCUME~1\Dawid\MOJEDO~1\Look2Me-Destroyer.exe /task" ["Atribune.org"] "At5" -> launches: "D:\DOCUME~1\Dawid\MOJEDO~1\Look2Me-Destroyer.exe /task" ["Atribune.org"] "At6" -> launches: "D:\DOCUME~1\Dawid\MOJEDO~1\Look2Me-Destroyer.exe /task" ["Atribune.org"] "Symantec NetDetect" -> launches: "D:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: d:\panda software\panda internet security 2007\pavlsp.dll ["Panda Software International"], 01 - 03, 31 %SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 09 - 30 %SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] "{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet Bar" -> {HKLM...CLSID} = "FlashGet Bar" \InProcServer32\(Default) = "D:\FlashGet\fgiebar.dll" ["Amaze Soft"] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\(Default) = "Volet Wanadoo" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "D:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string] HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\(Default) = "ToolBand Class" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "D:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string] HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\(Default) = "Volet Wanadoo" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "D:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string] HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "D:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.5.0_09" \InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_09" \InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll" ["Sun Microsystems, Inc."] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Badanie" {D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\ "ButtonText" = "FlashGet" "MenuText" = "&FlashGet" "Exec" = "D:\FlashGet\flashget.exe" ["Amaze Soft"] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided) -> {HKLM...CLSID} = "Search Class" \InProcServer32\(Default) = "D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string] HOSTS file ---------- D:\WINDOWS\System32\drivers\etc\HOSTS maps: 438 domain names to IP addresses, 2 of the IP addresses are *not* localhost! Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ LexBce Server, LexBceS, "D:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."] Machine Debug Manager, MDM, ""D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS] NVIDIA Display Driver Service, NVSvc, "D:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] Panda anti-virus service, PAVSRV, ""D:\Panda Software\Panda Internet Security 2007\pavsrv51.exe"" ["Panda Software International"] Panda Antispam Engine, pmshellsrv, "D:\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe" ["Panda Software International"] Panda Function Service, PAVFNSVR, ""D:\Panda Software\Panda Internet Security 2007\PavFnSvr.exe"" ["Panda Software International"] Panda IManager Service, PSIMSVC, ""D:\Panda Software\Panda Internet Security 2007\PsImSvc.exe"" ["Panda Software"] Panda Network Manager, PNMSRV, ""d:\panda software\panda internet security 2007\firewall\PNMSRV.EXE"" ["Panda Software International"] Panda Process Protection Service, PavPrSrv, ""D:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe"" ["Panda Software"] Panda TPSrv, TPSrv, ""D:\Panda Software\Panda Internet Security 2007\TPSrv.exe"" ["Panda Software"] SecuROM User Access Service (V7), UserAccess7, "D:\WINDOWS\system32\UAService7.exe" ["Sony DADC Austria AG."] Windows User Mode Driver Framework, UMWdf, "D:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."] Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- <<!>>: Suspicious data at a malware launch point. <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 69 seconds, including 5 seconds for message boxes)

Chyba o to ci ci chodzilo, a komputer chodzi dobrze i nic sie nie pojawia, chyba pomoglo

**Posty:** 935 · przez **Aqui** 03 Gru 2006, 22:35

Start==>panel sterowania==>harmonogram zadan i wyrzuc

"At1" -> launches: "D:\DOCUME~1\Dawid\MOJEDO~1\Look2Me-Destroyer.exe /task" ["Atribune.org"]
"At2" -> launches: "D:\DOCUME~1\Dawid\MOJEDO~1\Look2Me-Destroyer.exe /task" ["Atribune.org"]
"At4" -> launches: "D:\DOCUME~1\Dawid\MOJEDO~1\Look2Me-Destroyer.exe /task" ["Atribune.org"]
"At5" -> launches: "D:\DOCUME~1\Dawid\MOJEDO~1\Look2Me-Destroyer.exe /task" ["Atribune.org"]
"At6" -> launches: "D:\DOCUME~1\Dawid\MOJEDO~1\Look2Me-Destroyer.exe /task" ["Atribune.org"]

Pozatym jest ok :wink:

Autor postu otrzymał pochwałę

**Posty:** 13 · przez **Earthquake** 03 Gru 2006, 22:42

Dzieki wielkie, masz u mnie wielkiego +

problem z wirusem - virusburst

problem z wirusem - virusburst

Kto jest na forum