Forum Komputery Wirusy, trojany, spyware
ZMIEŃ
    Dodaj do ulubionych

    Prosze sprawdźcie tego loga...

    IP: *.adsl.inetia.pl 14.07.06, 10:51
    Logfile of HijackThis v1.99.1
    Scan saved at 10:03:23, on 2006-07-13
    Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\DriveCrypt\DcrServ.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    E:\Sebek\Net24\Dragdiag.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Softwin\BitDefender9\bdnagent.exe
    C:\Program Files\Softwin\BitDefender9\bdswitch.exe
    C:\Program Files\DriveCrypt\DriveCrypt.exe
    C:\Program Files\Softwin\BitDefender9\vsserv.exe
    C:\Documents and Settings\ppp\Pulpit\HiJackThis\hijackthis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    as.starware.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcDaemOVu3Ev6cluk8SM3xqbyKMoe9Pp+/ZzGzMQOEFQz26
    pp2Reg9zgFdZmZoRPbWdOj5PsosFwlAIQWWpVqTj0ipPO5HJvHBx83PHIvwPbXKW7YPEW5vVKRqe9a
    gdbu2n6tHO9buMHZL62jGMQhG0aSSY8s0ZrbDi
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyServer = 84.19.177.27:80
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    R3 - URLSearchHook: (no name) - {CFE71706-52E7-9900-DA2D-5AC811572BF8} -
    StatusCheck.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program
    Files\NewDotNet\newdotnet7_22.dll
    O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} -
    C:\Program Files\Dealio\Dealio.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
    C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
    c:\program files\google\googletoolbar1.dll
    O2 - BHO: FiltrateIE Class - {B5D4581D-ED6A-4905-A267-25BAF7BE79C1} -
    C:\WINDOWS\system32\safeie.dll
    O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program
    Files\Starware\bin\Starware.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
    C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program
    Files\Dealio\Dealio.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
    files\google\googletoolbar1.dll
    O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program
    Files\Starware\bin\Starware.dll
    O4 - HKLM\..\Run: [PathNvidiaTV] C:\Program
    Files\Gigabyte\Nvidia\patchnvidiaTVout.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Sebek\Net24
    \Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06
    \bin\jusched.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32
    \NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32
    \NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1
    \NEWDOT~2.DLL,ClientStartup -s
    O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Program
    Files\Jetico\BCWipe\BCWipeTM.exe" startup
    O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9
    \bdnagent.exe"
    O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9
    \bdswitch.exe"
    O4 - HKLM\..\Run: [dmqdq.exe] C:\WINDOWS\system32\dmqdq.exe
    O4 - HKLM\..\Run: [au] "C:\Program Files\Dealio\DealioAu.exe"
    O4 - HKCU\..\Run: [DriveCrypt Startup] C:\Program
    Files\DriveCrypt\DriveCrypt.exe /WS
    O8 - Extra context menu item: &Google Search - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: &Ściągnij wszystko za pomocą WellGeta -
    C:\Program Files\WellGet\nxall.htm
    O8 - Extra context menu item: Backward Links - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program
    Files\Dealio\res\DealioSearch.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmtrans.html
    O8 - Extra context menu item: Ściągnij za pomocą &WellGeta - C:\Program
    Files\WellGet\nxcatch.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
    00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: WellGet - {35980F6E-A258-4E50-953D-813BB8556899} -
    C:\Program Files\WellGet\WellGet.exe
    O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} -
    C:\Program Files\Dealio\Dealio.dll
    O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} -
    C:\Program Files\IrfanView\Ebay\Ebay.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
    00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} -
    toolbar.google.com/data/pl/big/1.1.62-big/GoogleNav.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{57C7D026-E140-4A3C-A3F1-
    2AADE94B5478}: NameServer = 85.255.116.105,85.255.112.63
    O17 - HKLM\System\CS1\Services\Tcpip\..\{57C7D026-E140-4A3C-A3F1-
    2AADE94B5478}: NameServer = 85.255.116.105,85.255.112.63
    O17 - HKLM\System\CS2\Services\Tcpip\..\{57C7D026-E140-4A3C-A3F1-
    2AADE94B5478}: NameServer = 85.255.116.105,85.255.112.63
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program
    Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file
    missing)
    O23 - Service: DriveCrypt Service (DriveCryptService) - Unknown owner -
    C:\Program Files\DriveCrypt\DcrServ.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
    Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32
    \IDriverT.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner -
    C:\Program Files\Common Files\Softwin\BitDefender Update
    Service\livesrv.exe" /service (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
    C:\WINDOWS\system32\nvsvc32.exe
    O23 - Servi
    Obserwuj wątek
      • Gość: Kolobos Re: Prosze sprawdźcie tego loga... IP: *.warszawa.sdi.tpnet.pl 14.07.06, 11:35
        Uzyj:
        downloads.subratam.org/Fixwareout.exe
        Log z usuwania wklej na forum.

        W hjt usun:
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        as.starware.com/dp/search?
        x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcDaemOVu3Ev6cluk8SM3xqbyKMoe9Pp+/ZzGzMQOEFQz26
        pp2Reg9zgFdZmZoRPbWdOj5PsosFwlAIQWWpVqTj0ipPO5HJvHBx83PHIvwPbXKW7YPEW5vVKRqe9a
        gdbu2n6tHO9buMHZL62jGMQhG0aSSY8s0ZrbDi
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        R3 - URLSearchHook: (no name) - {CFE71706-52E7-9900-DA2D-5AC811572BF8} -
        StatusCheck.dll (file missing)
        O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program
        Files\NewDotNet\newdotnet7_22.dll <- odinstaluj newdotnet i usun katalog.
        O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} -
        C:\Program Files\Dealio\Dealio.dll <- katalog Dealio usun z dysku.
        O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program
        Files\Starware\bin\Starware.dll <- katalog Starware usun z dysku.
        O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
        C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll <- odinstaluj.
        O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program
        Files\Dealio\Dealio.dll
        O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program
        Files\Starware\bin\Starware.dll
        O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1
        \NEWDOT~2.DLL,ClientStartup -s
        O4 - HKLM\..\Run: [dmqdq.exe] C:\WINDOWS\system32\dmqdq.exe <- plik usun z
        dysku.
        O4 - HKLM\..\Run: [au] "C:\Program Files\Dealio\DealioAu.exe"


        O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program
        Files\Dealio\res\DealioSearch.html





        O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} -
        C:\Program Files\Dealio\Dealio.dll
        O10 - Hijacked Internet access by New.Net <- uzyj lspfix i usun w nim
        newdotnet, opis w przyklejonym poscie.
        O17 - HKLM\System\CCS\Services\Tcpip\..\{57C7D026-E140-4A3C-A3F1-
        2AADE94B5478}: NameServer = 85.255.116.105,85.255.112.63
        O17 - HKLM\System\CS1\Services\Tcpip\..\{57C7D026-E140-4A3C-A3F1-
        2AADE94B5478}: NameServer = 85.255.116.105,85.255.112.63
        O17 - HKLM\System\CS2\Services\Tcpip\..\{57C7D026-E140-4A3C-A3F1-
        2AADE94B5478}: NameServer = 85.255.116.105,85.255.112.63
        O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

        Nie zmiescilo sie, doklej reszte od:
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
        C:\WINDOWS\system32\nvsvc32.exe
        O23 - Servi

        Przeskanuj tez system przy pomocy ewido.
        • Gość: lol Re: Prosze sprawdźcie tego loga... IP: *.adsl.inetia.pl 14.07.06, 14:10
          ok po usunięciu...

          Logfile of HijackThis v1.99.1
          Scan saved at 13:39:40, on 2006-07-13
          Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\csrss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\Explorer.EXE
          C:\Program Files\DriveCrypt\DcrServ.exe
          C:\WINDOWS\system32\nvsvc32.exe
          C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
          C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
          C:\WINDOWS\system32\wdfmgr.exe
          C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
          C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
          C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
          E:\Sebek\Net24\Dragdiag.exe
          C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
          C:\WINDOWS\system32\rundll32.exe
          C:\Program Files\Softwin\BitDefender9\bdnagent.exe
          C:\Program Files\Softwin\BitDefender9\bdswitch.exe
          C:\Program Files\DriveCrypt\DriveCrypt.exe
          C:\Program Files\Softwin\BitDefender9\vsserv.exe
          C:\Documents and Settings\ppp\Pulpit\AutoClicker V3[1].1.1.exe
          C:\Program Files\Gadu-Gadu\gg.exe
          C:\Program Files\Gadu-Gadu\gg.exe
          C:\Program Files\WellGet\WellGet.exe
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\Program Files\totalcmd\TOTALCMD.EXE
          C:\Documents and Settings\ppp\Pulpit\Zużytki ;)\HiJackThis\hijackthis.exe

          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
          Settings,ProxyServer = 84.19.177.27:80
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
          C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
          Files\Java\jre1.5.0_06\bin\ssv.dll
          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
          c:\program files\google\googletoolbar1.dll
          O2 - BHO: FiltrateIE Class - {B5D4581D-ED6A-4905-A267-25BAF7BE79C1} -
          C:\WINDOWS\system32\safeie.dll
          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
          files\google\googletoolbar1.dll
          O4 - HKCU\..\Run: [DriveCrypt Startup] C:\Program
          Files\DriveCrypt\DriveCrypt.exe /WS
          O8 - Extra context menu item: &Google Search - res://C:\Program
          Files\Google\GoogleToolbar1.dll/cmsearch.html
          O8 - Extra context menu item: &Translate English Word - res://C:\Program
          Files\Google\GoogleToolbar1.dll/cmwordtrans.html
          O8 - Extra context menu item: &Ściągnij wszystko za pomocą WellGeta -
          C:\Program Files\WellGet\nxall.htm
          O8 - Extra context menu item: Backward Links - res://C:\Program
          Files\Google\GoogleToolbar1.dll/cmbacklinks.html
          O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program
          Files\Google\GoogleToolbar1.dll/cmcache.html
          O8 - Extra context menu item: Similar Pages - res://C:\Program
          Files\Google\GoogleToolbar1.dll/cmsimilar.html
          O8 - Extra context menu item: Translate Page into English - res://C:\Program
          Files\Google\GoogleToolbar1.dll/cmtrans.html
          O8 - Extra context menu item: Ściągnij za pomocą &WellGeta - C:\Program
          Files\WellGet\nxcatch.htm
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
          C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
          00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
          O9 - Extra button: WellGet - {35980F6E-A258-4E50-953D-813BB8556899} -
          C:\Program Files\WellGet\WellGet.exe
          O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} -
          C:\Program Files\IrfanView\Ebay\Ebay.htm
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
          C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
          00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O10 - Hijacked Internet access by New.Net
          O10 - Hijacked Internet access by New.Net
          O10 - Hijacked Internet access by New.Net
          O10 - Hijacked Internet access by New.Net
          O10 - Hijacked Internet access by New.Net
          O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} -
          toolbar.google.com/data/pl/big/1.1.62-big/GoogleNav.cab
          O17 - HKLM\System\CCS\Services\Tcpip\..\{A0977559-F2D5-4765-879E-72539A5E9C34}:
          NameServer = 85.255.116.105 85.255.112.63
          O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
          O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program
          Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file
          missing)
          O23 - Service: DriveCrypt Service (DriveCryptService) - Unknown owner -
          C:\Program Files\DriveCrypt\DcrServ.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
          Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32
          \IDriverT.exe
          O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner -
          C:\Program Files\Common Files\Softwin\BitDefender Update
          Service\livesrv.exe" /service (file missing)
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
          C:\WINDOWS\system32\nvsvc32.exe
          O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division
          Software - C:\Program Files\Alcohol Soft\Alcohol 120
          \StarWind\StarWindService.exe
          O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software,
          Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
          O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. -
          C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
          O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program
          Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
          O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program
          Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service
          (file missing)

          • Gość: Kolobos Re: Prosze sprawdźcie tego loga... IP: *.warszawa.sdi.tpnet.pl 14.07.06, 14:15
            Gdzie jest log z fixwareout o ktory prosilem?

            O10 - Hijacked Internet access by New.Net <- dlaczego nie uzyles lspfix tak jak
            pisalem?

            Dlaczego dalej masz flaszywe dnsy, ktore miales usunac:
            O17 - HKLM\System\CCS\Services\Tcpip\..\{A0977559-F2D5-4765-879E-72539A5E9C34}:
            NameServer = 85.255.116.105 85.255.112.63
            • Gość: lol Re: Prosze sprawdźcie tego loga... IP: *.adsl.inetia.pl 14.07.06, 18:46
              nie wiem zabardzo jak tego uzyc pisze zeby restart zrobic i to wszystko?
              • Gość: Kolobos Re: Prosze sprawdźcie tego loga... IP: *.warszawa.sdi.tpnet.pl 14.07.06, 18:53
                Po resecie zaczyna sie skanowanie i trzeba czekac, jak sie skonczy to utworzy
                sie log na C:\, ktorego zawartosc wklejasz na forum.
      • Gość: lol Re: Prosze sprawdźcie tego loga... IP: *.adsl.inetia.pl 14.07.06, 20:05
        ok oto log...

        Fixwareout ver 1.003
        Last edited 07/1/2006
        Post this report in the forums please

        Reg Entries that were deleted
        ...

        Random Runs removed from HKLM
        ...

        PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS
        LEAVE THEM ALONE.
        Example ipsec6.exe is legitimate

        »»»»» Search by size and names...

        »»»»» Misc files

        »»»»» Checking for older varients covered by the Rem3 tool

        »»»»»
        Search five digit cs, dm and jb files
        This WILL/CAN also list Legit Files, Submit them at Virustotal
        C:\WINDOWS\SYSTEM32\DMGMF.EXE 44 080 2004-08-04
        Other suspects
        Directory of C:\WINDOWS\system32
        • Gość: Kolobos Re: Prosze sprawdźcie tego loga... IP: *.warszawa.sdi.tpnet.pl 14.07.06, 20:08
          Dlaczego nie usunales pliku C:\WINDOWS\system32\dmqdq.exe ?
          • Gość: lol Re: Prosze sprawdźcie tego loga... IP: *.adsl.inetia.pl 14.07.06, 20:27
            nie ma go... jest dmgfm.exe nie ma dmqdq.exe
            • Gość: lol Re: Prosze sprawdźcie tego loga... IP: *.adsl.inetia.pl 14.07.06, 20:43
              usunołem dmgmf.exe co dalej?
              • Gość: Kolobos Re: Prosze sprawdźcie tego loga... IP: *.warszawa.sdi.tpnet.pl 14.07.06, 21:28
                Sciagnij, uruchom, i wklej log, ktory sie utworzy:
                www.silentrunners.org/Silent%20Runners.vbs
                • Gość: lol Re: Prosze sprawdźcie tego loga... IP: *.adsl.inetia.pl 14.07.06, 21:40
                  "Silent Runners.vbs", revision 46, www.silentrunners.org/
                  Operating System: Windows XP SP2
                  Output limited to non-default values, except where indicated by "{++}"


                  Startup items buried in registry:
                  ---------------------------------

                  HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
                  "DriveCrypt Startup" = "C:\Program Files\DriveCrypt\DriveCrypt.exe /WS"
                  ["Secustar"]

                  HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
                  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
                  -> {HKLM...CLSID} = "AcroIEHlprObj Class"
                  \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat
                  7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
                  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
                  -> {HKLM...CLSID} = "SSVHelper Class"
                  \InProcServer32\(Default) = "C:\Program
                  Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
                  {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
                  -> {HKLM...CLSID} = "Google Toolbar Helper"
                  \InProcServer32\(Default) = "c:\program
                  files\google\googletoolbar1.dll" ["Google Inc."]
                  {B5D4581D-ED6A-4905-A267-25BAF7BE79C1}\(Default) = (no title provided)
                  -> {HKLM...CLSID} = "FiltrateIE Class"
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\safeie.dll"
                  [empty string]

                  HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
                  "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania
                  wyświetlania"
                  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
                  \InProcServer32\(Default) = "deskpan.dll" [file not found]
                  • Gość: Kolobos Re: Prosze sprawdźcie tego loga... IP: *.warszawa.sdi.tpnet.pl 14.07.06, 22:09
                    Wklej caly, a nie kawalek.
                    • Gość: lol Re: Prosze sprawdźcie tego loga... IP: *.adsl.inetia.pl 15.07.06, 00:07
                      ok jest

                      "Silent Runners.vbs", revision 46, www.silentrunners.org/
                      Operating System: Windows XP SP2
                      Output limited to non-default values, except where indicated by "{++}"


                      Startup items buried in registry:
                      ---------------------------------

                      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
                      "DriveCrypt Startup" = "C:\Program Files\DriveCrypt\DriveCrypt.exe /WS"
                      ["Secustar"]

                      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
                      {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
                      -> {HKLM...CLSID} = "AcroIEHlprObj Class"
                      \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat
                      7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
                      {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
                      -> {HKLM...CLSID} = "SSVHelper Class"
                      \InProcServer32\(Default) = "C:\Program
                      Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
                      {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
                      -> {HKLM...CLSID} = "Google Toolbar Helper"
                      \InProcServer32\(Default) = "c:\program
                      files\google\googletoolbar1.dll" ["Google Inc."]
                      {B5D4581D-ED6A-4905-A267-25BAF7BE79C1}\(Default) = (no title provided)
                      -> {HKLM...CLSID} = "FiltrateIE Class"
                      \InProcServer32\(Default) = "C:\WINDOWS\system32\safeie.dll"
                      [empty string]

                      HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
                      "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania
                      wyświetlania"
                      -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
                      \InProcServer32\(Default) = "deskpan.dll" [file not found]
                      "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
                      -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                      \InProcServer32\(Default) = "C:\WINDOWS\system32
                      \hticons.dll" ["Hilgraeve, Inc."]
                      "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
                      -> {HKLM...CLSID} = "WinRAR"
                      \InProcServer32\(Default) = "C:\Program
                      Files\WinRAR\rarext.dll" [null data]
                      "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
                      -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
                      \InProcServer32\(Default) = "C:\Program Files\Common
                      Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
                      "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
                      -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
                      \InProcServer32\(Default) = "C:\Program Files\Common
                      Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
                      "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
                      -> {HKLM...CLSID} = "AlcoholShellEx"
                      \InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1
                      \AXShlEx.dll" ["Alcohol Soft Development Team"]
                      "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
                      -> {HKLM...CLSID} = "Portable Media Devices"
                      \InProcServer32\(Default) = "C:\WINDOWS\system32
                      \Audiodev.dll" [MS]
                      "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
                      -> {HKLM...CLSID} = "Portable Media Devices Menu"
                      \InProcServer32\(Default) = "C:\WINDOWS\system32
                      \Audiodev.dll" [MS]
                      "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu
                      Integration"
                      -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"
                      \InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1
                      \SSCtxMnu.dll" ["Webroot Software, Inc."]
                      "{D653647D-D607-4DF6-A5B8-48D2BA195F7B}" = "BitDefender Antivirus v8"
                      -> {HKLM...CLSID} = "BDMenu Class"
                      \InProcServer32\(Default) = "C:\Program
                      Files\Softwin\BitDefender9\bdshelxt.dll" [null data]
                      "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
                      -> {HKLM...CLSID} = "Shell Search Band"
                      \InProcServer32\(Default) = "C:\WINDOWS\system32
                      \browseui.dll" [MS]
                      "{52B87208-9CCF-42C9-B88E-069281105805}" = "Trojan Remover Shell Extension"
                      -> {HKLM...CLSID} = "Trojan Remover Shell Extension"
                      \InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1
                      \Trshlex.dll" [file not found]
                      "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
                      -> {HKLM...CLSID} = "DesktopContext Class"
                      \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll"
                      ["NVIDIA Corporation"]
                      "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
                      -> {HKLM...CLSID} = "NVIDIA CPL Extension"
                      \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll"
                      ["NVIDIA Corporation"]
                      "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
                      -> {HKLM...CLSID} = "Desktop Explorer"
                      \InProcServer32\(Default) = "C:\WINDOWS\system32
                      \nvshell.dll" ["NVIDIA Corporation"]
                      "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
                      -> {HKLM...CLSID} = (no title provided)
                      \InProcServer32\(Default) = "C:\WINDOWS\system32
                      \nvshell.dll" ["NVIDIA Corporation"]
                      "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
                      -> {HKLM...CLSID} = "nView Desktop Context Menu"
                      \InProcServer32\(Default) = "C:\WINDOWS\system32
                      \nvshell.dll" ["NVIDIA Corporation"]
                      "{7850a720-705f-11d0-a9eb-0080488625e5}" = "BestCrypt Shell Extension"
                      -> {HKLM...CLSID} = "BestCrypt Shell Extension"
                      \InProcServer32\(Default) = "BCShExt.dll" ["Jetico, Inc."]

                      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
                      INFECTION WARNING! "AppInit_DLLs" = "sockspy.dll" [null data]

                      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
                      "System" = (value not set)

                      HKLM\System\CurrentControlSet\Control\Session Manager\
                      INFECTION WARNING! "BootExecute" = "autocheck autochk * SsiEfr.e SsiEfr.e"
                      [file not found], [MS], [file not found], [file not found], [file not found]

                      HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
                      INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [MS]

                      HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
                      {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default)
                      = "NeroDigitalExt.NeroDigitalColumnHandler"
                      -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
                      \InProcServer32\(Default) = "C:\Program Files\Common
                      Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
                      {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
                      -> {HKLM...CLSID} = "PDF Shell Extension"
                      \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat
                      7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

                      HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
                      BCShellMenu\(Default) = "{7850a720-705f-11d0-a9eb-0080488625e5}"
                      -> {HKLM...CLSID} = "BestCrypt Shell Extension"
                      \InProcServer32\(Default) = "BCShExt.dll" ["Jetico, Inc."]
                      MyPictures3D\(Default) = "{AA7A03E6-7FA5-42E7-9D7A-9A2A4E344B3F}"
                      -> {HKLM...CLSID} = "MyPicturesContextMenu Class"
                      \InProcServer32\(Default) = "C:\Program
                      Files\MyPictures3D\Bin\MyPicContext.dll" ["TODO: <Company name>"]
                      Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"
                      -> {HKLM...CLSID} = "Trojan Remover Shell Extension"
                      \InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1
                      \Trshlex.dll" [file not found]
                      WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
                      -> {HKLM...CLSID} = "WinRAR"
                      \InProcServer32\(Default) = "C:\Program
                      Files\WinRAR\rarext.dll" [null data]

                      HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
                      MyPictures3D\(Default) = "{AA7A03E6-7FA5-42E7-9D7A-9A2A4E344B3F}"
                      -> {HKLM...CLSID} = "MyPicturesContextMenu Class"
                      • Gość: Kolobos Re: Prosze sprawdźcie tego loga... IP: *.warszawa.sdi.tpnet.pl 15.07.06, 00:31
                        Nie ma, forum ma limit, doklej reszte w drugim poscie.

                        Uruchom regedit, przejdz do:
                        HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
                        i usun tam:
                        "{52B87208-9CCF-42C9-B88E-069281105805}" = "Trojan Remover Shell Extension"

                        W HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
                        Usun:
                        Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"

                        Doklej reszte od:
                        HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
                        MyPictures3D\(Default) = "{AA7A03E6-7FA5-42E7-9D7A-9A2A4E344B3F}"
                        -> {HKLM...CLSID} = "MyPicturesContextMenu Class"
                        • Gość: lol Re: Prosze sprawdźcie tego loga... IP: *.adsl.inetia.pl 15.07.06, 01:29
                          MyPictures3D\(Default) = "{AA7A03E6-7FA5-42E7-9D7A-9A2A4E344B3F}"
                          -> {HKLM...CLSID} = "MyPicturesContextMenu Class"
                          \InProcServer32\(Default) = "C:\Program
                          Files\MyPictures3D\Bin\MyPicContext.dll" ["TODO: <Company name>"]
                          Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"
                          -> {HKLM...CLSID} = "Trojan Remover Shell Extension"
                          \InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1
                          \Trshlex.dll" [file not found]
                          WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
                          -> {HKLM...CLSID} = "WinRAR"
                          \InProcServer32\(Default) = "C:\Program
                          Files\WinRAR\rarext.dll" [null data]

                          HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
                          MyPictures3D\(Default) = "{AA7A03E6-7FA5-42E7-9D7A-9A2A4E344B3F}"
                          -> {HKLM...CLSID} = "MyPicturesContextMenu Class"
                          \InProcServer32\(Default) = "C:\Program
                          Files\MyPictures3D\Bin\MyPicContext.dll" ["TODO: <Company name>"]
                          WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
                          -> {HKLM...CLSID} = "WinRAR"
                          \InProcServer32\(Default) = "C:\Program
                          Files\WinRAR\rarext.dll" [null data]

                          HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
                          BCShellMenu\(Default) = "{7850a720-705f-11d0-a9eb-0080488625e5}"
                          -> {HKLM...CLSID} = "BestCrypt Shell Extension"
                          \InProcServer32\(Default) = "BCShExt.dll" ["Jetico, Inc."]
                          BitDefender Antivirus v8\(Default) = "{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"
                          -> {HKLM...CLSID} = "BDMenu Class"
                          \InProcServer32\(Default) = "C:\Program
                          Files\Softwin\BitDefender9\bdshelxt.dll" [null data]
                          SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"
                          -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"
                          \InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1
                          \SSCtxMnu.dll" ["Webroot Software, Inc."]
                          Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"
                          -> {HKLM...CLSID} = "Trojan Remover Shell Extension"
                          \InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1
                          \Trshlex.dll" [file not found]
                          WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
                          -> {HKLM...CLSID} = "WinRAR"
                          \InProcServer32\(Default) = "C:\Program
                          Files\WinRAR\rarext.dll" [null data]


                          Active Desktop and Wallpaper:
                          -----------------------------

                          Active Desktop is disabled at this entry:
                          HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

                          HKCU\Control Panel\Desktop\
                          "Wallpaper" = "C:\Documents and Settings\ppp\Ustawienia lokalne\Dane
                          aplikacji\Microsoft\Wallpaper1.bmp"


                          Enabled Screen Saver:
                          ---------------------

                          HKCU\Control Panel\Desktop\
                          "SCRNSAVE.EXE" = "C:\WINDOWS\system32\PL15F2~1.SCR" (Planet Pluto 3D
                          Screensaver.scr) [null data]


                          Winsock2 Service Provider DLLs:
                          -------------------------------

                          Namespace Service Providers

                          HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5
                          \Catalog_Entries\ {++}
                          000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
                          000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
                          000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
                          000000000004\LibraryPath = "C:\Program Files\NewDotNet\newdotnet7_22.dll"
                          ["New.net, Inc."]

                          Transport Service Providers

                          HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9
                          \Catalog_Entries\ {++}
                          0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
                          C:\Program Files\NewDotNet\newdotnet7_22.dll ["New.net, Inc."], 01 - 02, 14 - 15
                          %SystemRoot%\system32\mswsock.dll [MS], 03 - 05, 08 - 13
                          %SystemRoot%\system32\rsvpsp.dll [MS], 06 - 07


                          Toolbars, Explorer Bars, Extensions:
                          ------------------------------------

                          Toolbars

                          HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
                          "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
                          -> {HKLM...CLSID} = "&Google"
                          \InProcServer32\(Default) = "c:\program
                          files\google\googletoolbar1.dll" ["Google Inc."]

                          HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
                          "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
                          -> {HKLM...CLSID} = "&Google"
                          \InProcServer32\(Default) = "c:\program
                          files\google\googletoolbar1.dll" ["Google Inc."]
                          "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
                          -> {HKLM...CLSID} = "Yahoo! Toolbar"
                          \InProcServer32\(Default) = "C:\Program Files\Yahoo!
                          \Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
                          "{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}"
                          -> {HKLM...CLSID} = "Dealio"
                          \InProcServer32\(Default) = "C:\Program
                          Files\Dealio\Dealio.dll" ["Vendio Services, Inc."]
                          "{4D5C8C2A-D075-11D0-B416-00C04FB90376}"
                          -> {HKLM...CLSID} = "Pasek poleceń Microsoft"
                          \InProcServer32\(Default) = "C:\WINDOWS\system32
                          \browseui.dll" [MS]

                          HKLM\Software\Microsoft\Internet Explorer\Toolbar\
                          "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
                          -> {HKLM...CLSID} = "&Google"
                          \InProcServer32\(Default) = "c:\program
                          files\google\googletoolbar1.dll" ["Google Inc."]

                          Explorer Bars

                          HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
                          {21569614-B795-46B1-85F4-E737A8DC09AD}\(Default) = (no title provided)
                          -> {HKLM...CLSID} = "Shell Search Band"
                          \InProcServer32\(Default) = "C:\WINDOWS\system32
                          \browseui.dll" [MS]

                          HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
                          {5C4C24D0-28B6-4B6B-B70F-E09848367F10}\(Default) = (no title provided)
                          -> {HKLM...CLSID} = "Dealio"
                          \InProcServer32\(Default) = "C:\Program
                          Files\Dealio\Dealio.dll" ["Vendio Services, Inc."]

                          Extensions (Tools menu items, main toolbar menu buttons)

                          HKLM\Software\Microsoft\Internet Explorer\Extensions\
                          {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
                          "MenuText" = "Sun Java Console"
                          "CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
                          -> {HKCU...CLSID} = "Java Plug-in"
                          \InProcServer32\(Default) = "C:\Program
                          Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
                          -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
                          \InProcServer32\(Default) = "C:\Program
                          Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

                          {35980F6E-A258-4E50-953D-813BB8556899}\
                          "ButtonText" = "WellGet"
                          "Exec" = "C:\Program Files\WellGet\WellGet.exe" [empty string]

                          {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A}\
                          "ButtonText" = "eBay - Homepage"
                          "CLSIDExtension" = "{1FBA04EE-3024-11D2-8F1F-0000F87ABD16}"
                          -> {HKLM...CLSID} = "Toolbar Extension for Executable"
                          \InProcServer32\(Default) = "C:\WINDOWS\system32
                          \shdocvw.dll" [MS]
                          "Exec" = "C:\Program Files\IrfanView\Ebay\Ebay.htm" [null data]

                          {FB5F1910-F110-11D2-BB9E-00C04F795683}\
                          "ButtonText" = "Messenger"
                          "MenuText" = "Windows Messenger"
                          "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


                          Running Services (Display Name, Service Name, Path {Service DLL}):
                          ------------------------------------------------------------------

                          BitDefender Communicator, XCOMM, ""C:\Program Files\Common
                          Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service" ["Softwin"]
                          BitDefender Desktop Update Service, LIVESRV, ""C:\Program Files\Common
                          Files\Softwin\BitDefender Update Service\livesrv.exe" /service" ["SOFTWIN
                          S.R.L."]
                          BitDefender Scan Server, bdss, ""C:\Program Files\Common
                          Files\Softwin\BitDefender Scan Server\bdss.exe" /service" [null data]
                          BitDefender Virus Shield, VSSERV, ""C:\Program Files\Softwin\BitDefender9
                          \vsserv.exe" /service" ["SOFTWIN S.R.L."]
                          DriveCrypt Service, DriveCryptService, "C:\Program
                          Files\DriveCrypt\DcrServ.exe" [null data]
                          NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe"
                          ["NVIDIA Corporation"]
                          StarWind iSCSI Service, StarWindService, "C:\Progr
                          • Gość: lol Re: Prosze sprawdźcie tego loga... IP: *.adsl.inetia.pl 15.07.06, 09:58
                            i dalsza czesc


                            StarWind iSCSI Service, StarWindService, "C:\Program Files\Alcohol Soft\Alcohol
                            120\StarWind\StarWindService.exe" ["Rocket Division Software"]
                            Ulead Burning Helper, UleadBurningHelper, "C:\Program Files\Common Files\Ulead
                            Systems\DVD\ULCDRSvr.exe" ["Ulead Systems, Inc."]
                            Webroot Spy Sweeper Engine, svcWRSSSDK, "C:\Program Files\Webroot\Spy
                            Sweeper\WRSSSDK.exe" ["Webroot Software, Inc."]
                            Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


                            Print Monitors:
                            ---------------

                            HKLM\System\CurrentControlSet\Control\Print\Monitors\
                            hpzsnt07\Driver = "hpzsnt07.dll" ["HP"]


                            ----------
                            + This report excludes default entries except where indicated.
                            + To see *everywhere* the script checks and *everything* it finds,
                            launch it from a command prompt or a shortcut with the -all parameter.
                            + To search all directories of local fixed drives for DESKTOP.INI
                            DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
                            use the -supp parameter or answer "No" at the first message box.
                            --------
                          • Gość: Kolobos Re: Prosze sprawdźcie tego loga... IP: *.warszawa.sdi.tpnet.pl 15.07.06, 12:27
                            W HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ usun:
                            {5C4C24D0-28B6-4B6B-B70F-E09848367F10}\(Default) = (no title provided)

                            W HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
                            "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
                            oraz:
                            "{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}"

                            W HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ usun:
                            Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"

                            To tyle.
                            • Gość: depresyjka4 Kolobos IP: *.toya.net.pl 15.07.06, 12:41
                              gdzie ty sie tego nauczyłeś/aś?
                              • Gość: Kolobos Re: Kolobos IP: *.warszawa.sdi.tpnet.pl 15.07.06, 14:04
                                Na google :P
                                • Gość: lol Re: Kolobos IP: *.adsl.inetia.pl 15.07.06, 15:13
                                  Kolobos moge Cie prosic o numer gg ?
                                  • Gość: depresyjka4 Re: Kolobos IP: *.toya.net.pl 15.07.06, 15:25
                                    a ja moge prosic o maila? :)
                                    • kolobos Re: Kolobos 15.07.06, 15:40
                                      Mail'a mam takiego jak widac :>
                                  • kolobos Re: Kolobos 15.07.06, 15:40
                                    Nie podaje gg.
    Inne wątki na temat:

    Najnowsze z forum Wirusy, trojany, spyware

    Nie masz jeszcze konta? Zarejestruj się

    Nakarm Pajacyka
    Osoby zamieszczające wypowiedzi naruszające prawo lub prawem chronione dobra osób trzecich mogą ponieść z tego tytułu odpowiedzialność karną lub cywilną. Regulamin
    Treści z serwisów internetowych Grupy Wyborcza.pl oraz serwisu tokfm.pl prezentujemy w ramach komercyjnej współpracy z ich wydawcami: Wyborcza sp. z o.o. oraz Grupą Radiową Agory sp. z o.o.
    Wybrane treści z serwisu Sport.pl są dostępne po wykupieniu płatnej subskrypcji