prosze o spr. loga, problem, znikajace menu strat i ikonki

[roco]

Witam (1 post na forum)

Mam ogromny problem poniewaz jak wlaczam kompa to mi sie jakby odswierzal co chwile (po uruchomieniu systemu )wszystkie ikonki znikaja i pasek menu start. Czasami nawet zniknie i nie pojawi sie (
Nie wiem co to moze byc... Moze wy specjalisci bedziecie wiedziec, aha format to raczej nie wchodzi w gre bo mam na tym systemie prgramy mojej mamy ktore musza dzialac (kasa chorych itp. ) a kazda utrata danych ... wole nie myslec co by sie stalo...

aha, system to win XP prof.

Wiec prosze was o jak najszybsze odpowiedzi bo moja mama potrzebuje tego programu do pracy, a jak komp nie dziala to wiadomo....

Pozdro dla wszystkich forumowiczow !

Macie filmik (nagrany fonem) jak wyglada to w praktyce (niestety format 3gp bo kumpel nie ma konwertera...)

http://www.sendspace.com/file/ucoy0l[/url]

[Rufus]

Po pierwsze daj loga z hijackthis

Kod: Zaznacz wszystko

http://forum.programosy.pl/hijackthis-gtobsuga-i-umieszczanie-loga-vt9452.html

Po drugie masz szczescie ze Red na forum
Po trzeciez fajnie zatytuowales filmik

[roco]

Prosze bardzo loga

Logfile of HijackThis v1.99.1
Scan saved at 20:06:01, on 2006-03-11
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\explorer.exe
F:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ROBERT~1\USTAWI~1\Temp\se.dll/space.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - C:\windows\admparsel.dll
O2 - BHO: (no name) - {11111111-2222-3333-4444-555555555555} - C:\WINDOWS\casino.dll
O2 - BHO: (no name) - {11111111-2222-408A-9842-CDBE1C6D37EB} - C:\windows\netdde.dll
O2 - BHO: (no name) - {16875E09-927B-4494-82BD-158A1CD46BA0} - C:\windows\prflbmsgp32.dll (file missing)
O2 - BHO: (no name) - {621D36CC-09F4-44F6-BA4C-C8FBEAA00207} - C:\windows\adsldpbk.dll
O2 - BHO: C:\WINDOWS\system32\winstyle3.dll - {6AC3806F-8B39-4746-9C38-6B01CB7331FF} - C:\WINDOWS\system32\winstyle3.dll (file missing)
O2 - BHO: C:\WINDOWS\adsldpbd.dll - {826B2228-BC09-49F2-B5F8-42CE26B1B711} - C:\WINDOWS\adsldpbd.dll (file missing)
O2 - BHO: (no name) - {8D82BB89-B58C-4F21-9C5D-377F65947806} - C:\WINDOWS\slassac.dll (file missing)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {AC425807-4334-41D5-BAB9-15C8F6A7B4C8} - C:\WINDOWS\dkcpsapi.dll (file missing)
O2 - BHO: (no name) - {C69018A8-D27D-4A80-88E7-F8653FBDB214} - C:\windows\System32\jgbm.dll (file missing)
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765725760} - C:\windows\System32\wer5760.dll
O2 - BHO: (no name) - {DA223E41-3F7F-4B2B-8CC8-22C6A1197EEB} - C:\WINDOWS\mpatrol.dll
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINDOWS\System32\azesearch4.ocx (file missing)
O2 - BHO: (no name) - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - C:\windows\adsldpbj.dll (file missing)
O3 - Toolbar: Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINDOWS\System32\azesearch4.ocx (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\MSCONF~1.EXE /auto
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\RunServices: [windesktop] C:\windows\System32\windesktop.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\windows\System32\kernels64.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [mqcfgn] C:\windows\System32\mqcfgn.exe
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c11.cab
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B293E39-972E-4AF6-A763-2461415010AB}: NameServer = 194.204.159.1,194.204.152.34
O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\system32\msctl32.dll (file missing)
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll
O20 - Winlogon Notify: style2 - C:\WINDOWS\system32\winstyle3.dll (file missing)
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\windows\System32\Pllcfbok.dll
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\windows\System32\dcom_14.dll
O21 - SSODL: kzXBwfkxyUi - {C4FB32E9-6E51-9843-D1FB-9522AC139C46} - C:\windows\System32\baee.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe

dlaczego mam szczescie ze Red na forum ??
heeh nazwa filmiku... bo sie wkurzyc mozna, rano wlaczalem kompa wszystko bylo looz, a po poludniu cos sie zdupcylo....

aha mam jeszcze sprawe do modow i adminow, mozliwe ze juz kiedys zakaldalem konto na tym forum (nie jestem na 100% pewien, ewentualnego nika tez nie pamietam...) wiec prosze mnie nie banowac...

[Hellfire]

dlaczego mam szczescie ze Red na forum ??

bo Red to spec od bezpieczenstwa w sieci

aha mam jeszcze sprawe do modow i adminow, mozliwe ze juz kiedys zakaldalem konto na tym forum (nie jestem na 100% pewien, ewentualnego nika tez nie pamietam...) wiec prosze mnie nie banowac...

tego mogles nie pisac Regulamin jest nieugiety

[roco]

roco napisał:
aha mam jeszcze sprawe do modow i adminow, mozliwe ze juz kiedys zakaldalem konto na tym forum (nie jestem na 100% pewien, ewentualnego nika tez nie pamietam...) wiec prosze mnie nie banowac...

tego mogles nie pisac Regulamin jest nieugiety

kurde ale ja naprawde nie pamietam... a nie mozna jakos skasowac poprzedniego konta (o ile takowe bylo.... bo jak pisalem 100% pewny nie jestem).

zetor: modowie i tak by sie zczaili jakbym mial zalozone drugie konto bo tosie chyba pojawia jakos ... ile osob pisze z danego IP... <NIE WIEM>

tak czy inaczej przepraszam, probwalem sie logowac na rozne sposoby (loginy jakie mi do glowy przychodzily, bo haslo wszedzie takie same.. i nic)

[SER]

Użyj opcji Zmień i usuń tę treść, której nie chcesz

[roco]

Użyj opcji Zmień i usuń tę treść, której nie chcesz

juz i tak jest jeden cytat i nic nie zmienie

kurcze mam nadzieje ze sie myslilem .....
ale dobra koniec OT, chce w koncu naprawic kompa.. !

licze na wyrozumialosc modow..

[pinger]

zetor: modowie i tak by sie zczaili jakbym mial zalozone drugie konto bo tosie chyba pojawia jakos ... ile osob pisze z danego IP... <NIE WIEM>

Pojawia sie a i o wszem. I nie ma w tym nic dziwnego ze wiele osob psize z jednego IP. W mojej sieci chyba z 50 osob ma ten sam IP zewnetrzny. Wiec poki IPv6 nie jest jeszcze standardem ani norma, sporo osob pozostaje za NAT'em.

Sorka za offtopic.

[roco]

o dzizs. teraz to jak wlaczylem kompa, to wszystko zniknelo i sie juz nie pojawilo... bylo widac tylko moja piekna tapetke, co ciekawe nie dziala kombinacja klawiszy ctr+alt+delete, zeby wylaczyc kompa

Prosze o pomoc ... help Me !!

[jeff]

Prosze o pomoc ...

wstepnie przeskanuj dysk tym i wywal wszystko :

Panda
Kaspersky
mks_vir
CWShredder 2.15
SpyBot - Search & Destroy v1.4 PL
Ad-aware SE Personal 1.06
PestPatrol

i potem wrzuc loga

[roco]

a moge to robic z poziomu innego systemu ??
czy musze na tamtym ?? pojdzie to zainstalowac w trybie awaryjnym??

[jeff]

a moge to robic z poziomu innego systemu ??

mozesz -

pojdzie to zainstalowac w trybie awaryjnym

jezeli bedziesz skanował z innego systemu zainfekowany dysk to mozesz w trybie normalnym gdyz procesy szkodliwe nie bedą uruchomione i Antywir powinien te pliki skasowac. Natomiast jeżeli bedziesz startował z tego samego sysa to rób to w awaryjnym.

[Red]

ile tu ot ......

wylacz przywracanie systemu ,wejdz w tryb awaryjny windowsa f8 i usuwasz

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ROBERT~1\USTAWI~1\Temp\se.dll/space.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - C:\windows\admparsel.dll
O2 - BHO: (no name) - {11111111-2222-3333-4444-555555555555} - C:\WINDOWS\casino.dll
O2 - BHO: (no name) - {11111111-2222-408A-9842-CDBE1C6D37EB} - C:\windows\netdde.dll
O2 - BHO: (no name) - {16875E09-927B-4494-82BD-158A1CD46BA0} - C:\windows\prflbmsgp32.dll (file missing)
O2 - BHO: (no name) - {621D36CC-09F4-44F6-BA4C-C8FBEAA00207} - C:\windows\adsldpbk.dll
O2 - BHO: C:\WINDOWS\system32\winstyle3.dll - {6AC3806F-8B39-4746-9C38-6B01CB7331FF} - C:\WINDOWS\system32\winstyle3.dll (file missing)
O2 - BHO: C:\WINDOWS\adsldpbd.dll - {826B2228-BC09-49F2-B5F8-42CE26B1B711} - C:\WINDOWS\adsldpbd.dll (file missing)
O2 - BHO: (no name) - {8D82BB89-B58C-4F21-9C5D-377F65947806} - C:\WINDOWS\slassac.dll (file missing)
O2 - BHO: (no name) - {AC425807-4334-41D5-BAB9-15C8F6A7B4C8} - C:\WINDOWS\dkcpsapi.dll (file missing)
O2 - BHO: (no name) - {C69018A8-D27D-4A80-88E7-F8653FBDB214} - C:\windows\System32\jgbm.dll (file missing)
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765725760} - C:\windows\System32\wer5760.dll
O2 - BHO: (no name) - {DA223E41-3F7F-4B2B-8CC8-22C6A1197EEB} - C:\WINDOWS\mpatrol.dll
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINDOWS\System32\azesearch4.ocx (file missing)
O2 - BHO: (no name) - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - C:\windows\adsldpbj.dll (file missing)
O3 - Toolbar: Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINDOWS\System32\azesearch4.ocx (file missing)
O4 - HKLM\..\RunServices: [windesktop] C:\windows\System32\windesktop.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\windows\System32\kernels64.exe
O4 - HKCU\..\Run: [mqcfgn] C:\windows\System32\mqcfgn.exe
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c11.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\system32\msctl32.dll (file missing)
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll
O20 - Winlogon Notify: style2 - C:\WINDOWS\system32\winstyle3.dll (file missing)
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\windows\System32\Pllcfbok.dll
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\windows\System32\dcom_14.dll
O21 - SSODL: kzXBwfkxyUi - {C4FB32E9-6E51-9843-D1FB-9522AC139C46} - C:\windows\System32\baee.dll

wpisy zaznaczasz w hijacku i naciskasz fix,a to co pogrubilem usuwasz recznie z systemu
po wszystkim dajesz log kontrolnie do sprawdzenia

[roco]

czyli ze mam usunac wszystko to co wkleiles w tagu??
heeh duzo sie tego syfu nazbieralo ....

ok to to zrobilem to co mi kazales...i..... DZIALA!!

mam tylk ojeszcze jeden problemos, jak sprawdzam system ad-aware SE to mi pokazuje 2 wiry Win32.TrojanDownloader i Malware.Psguard. klikam zeby je usunal i nie usuwa, bo jak nastepnym razem robie sprawdzanie to sie zas pokazuje i tak w kolko....

Wielkie dzieki Red...

Logfile of HijackThis v1.99.1
Scan saved at 16:41:52, on 2006-03-14
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\windows\SOUNDMAN.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\windows\Explorer.EXE
F:\antywiry\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [winsync] C:\windows\System32\ppakcq.exe reg_run
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B293E39-972E-4AF6-A763-2461415010AB}: NameServer = 194.204.159.1,194.204.152.34
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe

Obecny Log ^, moze jeszcze trzeba cos wywalic ??

[Red]

pozostaje jeszcze:

O4 - HKLM\..\Run: [winsync] C:\windows\System32\ppakcq.exe reg_run
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll

po pierwsze prosze sciagnac :
http://www.ewido.net/en/download/
zrob update i zeskanuj ,usun wszystko co znajdzie..


oraz daj dodatkowo jeszcze jeden log:
otwierasz link>> http://www.silentrunners.org/Silent%20Runners.vbs >>zapisujesz jako na pulpicie>>klikasz dwa razy >>masz wybor i wybierasz no>>i czekasz troszke az wygeneruje sie cały log do konca
wrzucasz na forum

[roco]

ok
no to tak log z hijackthis nic sie nie zmienil, oprocz tego co wywalilem...
a to drugie to pewnie o to chodzi... zainstalowalem ten prog co dales, wywalilem wszycho co znalazl, ale te dwa wiry i tak ad aware znajduje..., jeden ma TAC 10 a drugi TAC 7, nie wiem...nigdy mi nie komplikowaly zycia...ale jednak sa....

"Silent Runners.vbs", revision 44, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
"mqcfgn" = "C:\windows\System32\mqcfgn.exe" [file not found]

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["sms-express.com"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMan" = "SOUNDMAN.EXE" ["Avance Logic, Inc."]
"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"HP Software Update" = ""C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"" ["Hewlett-Packard Company"]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" ["Sun Microsystems, Inc."]
"tcactive" = "C:\Program Files\The Cleaner\tca.exe" ["MooSoft Development"]
"tcmonitor" = "C:\Program Files\The Cleaner\tcm.exe" ["MooSoft Development"]
"DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]
"Anti-Blaxx Manager" = "C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe" [null data]
"PestPatrol Control Center" = "C:\PROGRA~1\PESTPA~1\PPControl.exe" [null data]
"PPMemCheck" = "C:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [null data]
"CookiePatrol" = "C:\PROGRA~1\PESTPA~1\CookiePatrol.exe" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{621D36CC-09F4-44F6-BA4C-C8FBEAA00207}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\windows\adsldpbk.dll" [null data]
{A5366673-E8CA-11D3-9CD9-0090271D075B}\(Default) = (no title provided)
-> {HKLM...CLSID} = "IeCatch2 Class"
\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\jccatch.dll" ["Amaze Soft"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" [file not found]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" [file not found]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{ED65AC21-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens Device"
-> {HKLM...CLSID} = "Siemens Device"
\InProcServer32\(Default) = "C:\Program Files\Mobile Phone Manager\DES\DESShellExt.dll" ["Siemens AG"]
"{ED65AC22-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens Device ContextMenuHandler"
-> {HKLM...CLSID} = "Siemens Device ContextMenuHandler"
\InProcServer32\(Default) = "C:\Program Files\Mobile Phone Manager\DES\DESShellExt.dll" ["Siemens AG"]
"{ED65AC23-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens SX1 PropertySheetHandler"
-> {HKLM...CLSID} = "Siemens Device PropertySheetHandler"
\InProcServer32\(Default) = "C:\Program Files\Mobile Phone Manager\DES\DESShellExt.dll" ["Siemens AG"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! st3\DLLName = "C:\WINDOWS\system32\st3.dll" [file not found]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {HKLM...CLSID} = "Ctest Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"]
mmyqxsns\(Default) = "{6d5a17f5-0f47-44c4-997e-a1f718c81381}"
-> {HKLM...CLSID} = "ooxirfef.class"
\InProcServer32\(Default) = "C:\windows\System32\kkmlw.dll" [file not found]
TheCleaner\(Default) = "{2DE506B9-4320-11d3-8E42-002035221EDA}"
-> {HKLM...CLSID} = "The Cleaner"
\InProcServer32\(Default) = "C:\Program Files\The Cleaner\tcshellex.dll" ["MooSoft Development"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {HKLM...CLSID} = "Ctest Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"]
TheCleaner\(Default) = "{2DE506B9-4320-11D3-8E42-002035221EDA}"
-> {HKLM...CLSID} = "The Cleaner"
\InProcServer32\(Default) = "C:\Program Files\The Cleaner\tcshellex.dll" ["MooSoft Development"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
TheCleaner\(Default) = "{2DE506B9-4320-11D3-8E42-002035221EDA}"
-> {HKLM...CLSID} = "The Cleaner"
\InProcServer32\(Default) = "C:\Program Files\The Cleaner\tcshellex.dll" ["MooSoft Development"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Robert-tuner\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\windows\System32\logon.scr" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 12
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet Bar"
-> {HKLM...CLSID} = "FlashGet Bar"
\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\fgiebar.dll" ["Amaze Soft"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}"
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_02"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll" ["Sun Microsystems, Inc."]

{4B30061A-5B39-11D3-80F8-0090276F843F}\
"ButtonText" = "Net2Phone"
"MenuText" = "Net2Phone"
"Exec" = "http://www.net2phone.com/" [file not found]

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\

{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "&FlashGet"
"Exec" = "C:\PROGRA~1\FlashGet\flashget.exe" ["Amaze Soft"]

{EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A}\
"ButtonText" = "eBay - Homepage"
"CLSIDExtension" = "{1FBA04EE-3024-11D2-8F1F-0000F87ABD16}"
-> {HKLM...CLSID} = "Toolbar Extension for Executable"
\InProcServer32\(Default) = "C:\windows\System32\shdocvw.dll" [MS]
"Exec" = "C:\Program Files\IrfanView\Ebay\Ebay.htm" [null data]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Missing lines (compared with English-language version):
[Strings]: 1 line


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]
ewido security suite guard, ewido security suite guard, "C:\Program Files\ewido anti-malware\ewidoguard.exe" ["ewido networks"]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt10\Driver = "hpzsnt10.dll" ["HP"]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 176 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 28 seconds.
---------- (total run time: 308 seconds)

[Red]

prosze otworzyc notatnik windowsa i wklej w nim to co ponizej:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"mqcfgn"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{621D36CC-09F4-44F6-BA4C-C8FBEAA00207}=-

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\st3]

[-HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\mmyqxsns]

w notatniku >>Plik >> Zapisz jako, zapisz jako typ: wszystkie pliki, nazwa pliku: Fix.reg
Klikasz dwa razy na powstały plik i potwierdzasz.

Restartujesz kompa i raz jeszcze dajesz log do kontroli

[roco]

zrobilem to co mistrz kazal ...
a taki tego wynik ..
win32 zniknal ale malware psguard zostal...

"Silent Runners.vbs", revision 44, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["sms-express.com"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMan" = "SOUNDMAN.EXE" ["Avance Logic, Inc."]
"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"HP Software Update" = ""C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"" ["Hewlett-Packard Company"]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" ["Sun Microsystems, Inc."]
"tcactive" = "C:\Program Files\The Cleaner\tca.exe" ["MooSoft Development"]
"tcmonitor" = "C:\Program Files\The Cleaner\tcm.exe" ["MooSoft Development"]
"DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]
"Anti-Blaxx Manager" = "C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe" [null data]
"PestPatrol Control Center" = "C:\PROGRA~1\PESTPA~1\PPControl.exe" [null data]
"PPMemCheck" = "C:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [null data]
"CookiePatrol" = "C:\PROGRA~1\PESTPA~1\CookiePatrol.exe" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{621D36CC-09F4-44F6-BA4C-C8FBEAA00207}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\windows\adsldpbk.dll" [null data]
{A5366673-E8CA-11D3-9CD9-0090271D075B}\(Default) = (no title provided)
-> {HKLM...CLSID} = "IeCatch2 Class"
\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\jccatch.dll" ["Amaze Soft"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" [file not found]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" [file not found]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{ED65AC21-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens Device"
-> {HKLM...CLSID} = "Siemens Device"
\InProcServer32\(Default) = "C:\Program Files\Mobile Phone Manager\DES\DESShellExt.dll" ["Siemens AG"]
"{ED65AC22-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens Device ContextMenuHandler"
-> {HKLM...CLSID} = "Siemens Device ContextMenuHandler"
\InProcServer32\(Default) = "C:\Program Files\Mobile Phone Manager\DES\DESShellExt.dll" ["Siemens AG"]
"{ED65AC23-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens SX1 PropertySheetHandler"
-> {HKLM...CLSID} = "Siemens Device PropertySheetHandler"
\InProcServer32\(Default) = "C:\Program Files\Mobile Phone Manager\DES\DESShellExt.dll" ["Siemens AG"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {HKLM...CLSID} = "Ctest Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"]
TheCleaner\(Default) = "{2DE506B9-4320-11d3-8E42-002035221EDA}"
-> {HKLM...CLSID} = "The Cleaner"
\InProcServer32\(Default) = "C:\Program Files\The Cleaner\tcshellex.dll" ["MooSoft Development"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {HKLM...CLSID} = "Ctest Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"]
TheCleaner\(Default) = "{2DE506B9-4320-11D3-8E42-002035221EDA}"
-> {HKLM...CLSID} = "The Cleaner"
\InProcServer32\(Default) = "C:\Program Files\The Cleaner\tcshellex.dll" ["MooSoft Development"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
TheCleaner\(Default) = "{2DE506B9-4320-11D3-8E42-002035221EDA}"
-> {HKLM...CLSID} = "The Cleaner"
\InProcServer32\(Default) = "C:\Program Files\The Cleaner\tcshellex.dll" ["MooSoft Development"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Robert-tuner\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\windows\System32\logon.scr" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 12
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet Bar"
-> {HKLM...CLSID} = "FlashGet Bar"
\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\fgiebar.dll" ["Amaze Soft"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}"
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_02"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll" ["Sun Microsystems, Inc."]

{4B30061A-5B39-11D3-80F8-0090276F843F}\
"ButtonText" = "Net2Phone"
"MenuText" = "Net2Phone"
"Exec" = "http://www.net2phone.com/" [file not found]

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\

{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "&FlashGet"
"Exec" = "C:\PROGRA~1\FlashGet\flashget.exe" ["Amaze Soft"]

{EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A}\
"ButtonText" = "eBay - Homepage"
"CLSIDExtension" = "{1FBA04EE-3024-11D2-8F1F-0000F87ABD16}"
-> {HKLM...CLSID} = "Toolbar Extension for Executable"
\InProcServer32\(Default) = "C:\windows\System32\shdocvw.dll" [MS]
"Exec" = "C:\Program Files\IrfanView\Ebay\Ebay.htm" [null data]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Missing lines (compared with English-language version):
[Strings]: 1 line


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]
ewido security suite guard, ewido security suite guard, "C:\Program Files\ewido anti-malware\ewidoguard.exe" ["ewido networks"]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt10\Driver = "hpzsnt10.dll" ["HP"]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 158 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 23 seconds.
---------- (total run time: 283 seconds)

[Red]

ale malware psguard zostal...

prosze jeszcze sciagnac to:
http://www.billsway.com/vbspage/vbsfiles/RegSrch.zip
i daj mu na wyszukiwanie>>adsldpbk.dll,wynik wklej na forum


psguard jaki program znajduje ci to??

[roco]

znajduje mi go Ad-aware SE personal ...

Skrypt ktory podales znalazl cos takiego

REGEDIT4
; RegSrch.vbs &copy; Bill James

; Registry search results for string "adsldpbk.dll" 2006-03-17 13:54:15

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{621D36CC-09F4-44F6-BA4C-C8FBEAA00207}\InprocServer32]
@="C:\\windows\\adsldpbk.dll"