CentrumXP Forum Tematyka portalu CentrumXP.pl Windows XP Śmietnik w rejestrze – pomocy

Śmietnik w rejestrze – pomocy

Witam
Przeglądając forum zauwaźyłem fajny programik do sprawdzania rejestru. Niestety nie znam się za dobrze na tym i nie wiem co wywalić.
Jest ktoś chętny źeby mi pomóc? Z tego co widze to mam straszny śmietnik.


Logfile of HijackThis v1.99.0
Scan saved at 21:56:44, on 2004–12–16
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesJavaj2re1.4.2_04injusched.exe
C:Program FilesAVPersonalAVGNT.EXE
C:Program FilesLANczatLANczat.exe
C:Program FilesSkypePhoneSkype.exe
C:Program FilesGigabyteGigabyte Windows Utility Managergwum.exe
C:Program FilesGadu–Gadugg.exe
C:Program FilesAVPersonalAVGUARD.EXE
C:Program FilesAVPersonalAVWUPSRV.EXE
C:WINDOWSSystem32 vsvc32.exe
C:WINDOWSSystem32snmp.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesAvant Browseravant.exe
C:HijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet Explorer,Search = c:searchpage.html
R1 – HKCUSoftwareMicrosoftInternet Explorer,SearchURL = c:searchpage.html
R1 – HKLMSoftwareMicrosoftInternet Explorer,Search = c:searchpage.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = c:searchpage.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = c:searchpage.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=156260
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=156260
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://lookfor.cc?pin=29126
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://lookfor.cc/sp.php?pin=29126
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://lookfor.cc/sp.php?pin=29126
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://lookfor.cc/sp.php?pin=29126
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://lookfor.cc?pin=29126
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=156260
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = c:searchpage.html
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = c:searchpage.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R1 – HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.idg.pl/
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Program Microsoft Internet Explorer dostarczony przez IDG.pl
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 – BHO: Search Relevancy – {1D7E3B41–23CE–469B–BE1B–A64B877923E1} – C:PROGRA~1SEARCH~1SEARCH~1.DLL (file missing)
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:PROGRA~1FLASHGETjccatch.dll
O2 – BHO: (no name) – {AAB8E731–77AB–717A–DC18–0EC54D7847C4} – C:WINDOWSSystem32asraud.dll
O2 – BHO: (no name) – {E61DE2E5–19DA–426F–B679–2B3854525EA1} – C:WINDOWSSystem32oggpb.dll (file missing)
O2 – BHO: TestMyIE2 Class – {FF1BF4C7–4E08–4A28–A43F–9D60A9F7A880} – C:WINDOWSSystem32mshelper.dll (file missing)
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETfgiebar.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O4 – HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [sys] regedit –s sys.reg
O4 – HKLM..Run: [svchost] C:WINDOWSsvchost.exe
O4 – HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_04injusched.exe
O4 – HKLM..Run: [Windows Task Manager] C:windowssystem32 askmgn.exe
O4 – HKLM..Run: [AVGCtrl] C:Program FilesAVPersonalAVGNT.EXE /min
O4 – HKCU..Run: [LANczat] C:Program FilesLANczatLANczat.exe
O4 – HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 – Startup: PowerGG.lnk = C:Program FilesGadu–GaduPowerGG.exe
O4 – Global Startup: gwum.lnk = C:Program FilesGigabyteGigabyte Windows Utility Managergwum.exe
O8 – Extra context menu item: Blokuj wszystkie obrazy z tego serwera – C:Program FilesAvant BrowserAddAllToADBlackList.htm
O8 – Extra context menu item: Dodaj do listy blokowanych reklam – C:Program FilesAvant BrowserAddToADBlackList.htm
O8 – Extra context menu item: Download All by FlashGet – C:Program FilesFlashGetjc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:Program FilesFlashGetjc_link.htm
O8 – Extra context menu item: Otwórz wszystkie adresy z tej strony... – C:Program FilesAvant BrowserOpenAllLinks.htm
O8 – Extra context menu item: Podświetl – C:Program FilesAvant BrowserHighlight.htm
O8 – Extra context menu item: Szukaj – C:Program FilesAvant BrowserSearch.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:WINDOWSSystem32msjava.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:WINDOWSSystem32msjava.dll
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETflashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETflashget.exe
O12 – Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O13 – DefaultPrefix: c:searchpage.html?page=
O13 – WWW Prefix: c:searchpage.html?page=
O13 – Home Prefix: c:searchpage.html?page=
O13 – Mosaic Prefix: c:searchpage.html?page=
O14 – IERESET.INF: START_PAGE_URL=http://www.idg.pl
O15 – Trusted IP range: 67.19.178.84 (HKLM)
O16 – DPF: {10000030–1000–0000–1000–000000000000} – its:mhtml:file://c:\MAIN.MHT!http://zloeboogle.biz/dial.chm?wmid=3309::/x.exe
O16 – DPF: {11311111–1111–1111–1111–11111121115F} – file://C:RecycledQ383309.exe
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/CDTInc/ie/bridge–c18.cab
O16 – DPF: {54B52E52–8000–4413–BD67–FC7FE24B59F2} (EARTPatchX Class) – http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098732450796
O16 – DPF: {74FFE28D–2378–11D5–990C–006094235084} (IBM Access Support) – https://www–3.ibm.com/pc/support/access/aslibmain/content/IbmEgath.cab
O16 – DPF: {79849612–A98F–45B8–95E9–4D13C7B6B35C} (Loader2 Control) – http://static.topconverting.com/activex/loader2.ocx
O16 – DPF: {86EEF11E–FF16–48CE–B1A2–474B663041A9} – http://acces–direct.net/20222/adh1_sexarea.exe
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {E598AC61–4C6F–4F4D–877F–FAC49CA91FA3} (acpRunner Class) – https://www–3.ibm.com/pc/support/access/aslibmain/content/AcpControl.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLMSystemCCSServicesTcpip..{30E3F08D–4EC5–4E45–8C82–9DA972AD1592}: NameServer = 10.0.0.2
O17 – HKLMSystemCS1ServicesTcpip..{30E3F08D–4EC5–4E45–8C82–9DA972AD1592}: NameServer = 10.0.0.2
O17 – HKLMSystemCS2ServicesTcpip..{30E3F08D–4EC5–4E45–8C82–9DA972AD1592}: NameServer = 10.0.0.2
O23 – Service: AntiVir Service – H+BEDV Datentechnik GmbH – C:Program FilesAVPersonalAVGUARD.EXE
O23 – Service: AntiVir Update – H+BEDV Datentechnik GmbH, Germany – C:Program FilesAVPersonalAVWUPSRV.EXE
O23 – Service: NVIDIA Driver Helper Service – NVIDIA Corporation – C:WINDOWSSystem32 vsvc32.exe

Pozdrawiam
KoMi

Odpowiedzi: 1

Wylacz przywracanie

Usun z loga i dysku:
R1 – HKCUSoftwareMicrosoftInternet Explorer,Search = c:searchpage.html
R1 – HKCUSoftwareMicrosoftInternet Explorer,SearchURL = c:searchpage.html
R1 – HKLMSoftwareMicrosoftInternet Explorer,Search = c:searchpage.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = c:searchpage.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = c:searchpage.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=156260
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=156260
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://lookfor.cc?pin=29126
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://lookfor.cc/sp.php?pin=29126
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://lookfor.cc/sp.php?pin=29126
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://lookfor.cc/sp.php?pin=29126
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://lookfor.cc?pin=29126
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=156260
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = c:searchpage.html
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = c:searchpage.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R1 – HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.idg.pl/
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Program Microsoft Internet Explorer dostarczony przez IDG.pl
O2 – BHO: Search Relevancy – {1D7E3B41–23CE–469B–BE1B–A64B877923E1} – C:PROGRA~1SEARCH~1SEARCH~1.DLL (file missing)
O2 – BHO: (no name) – {AAB8E731–77AB–717A–DC18–0EC54D7847C4} – C:WINDOWSSystem32asraud.dll
O2 – BHO: (no name) – {E61DE2E5–19DA–426F–B679–2B3854525EA1} – C:WINDOWSSystem32oggpb.dll (file missing)
O2 – BHO: TestMyIE2 Class – {FF1BF4C7–4E08–4A28–A43F–9D60A9F7A880} – C:WINDOWSSystem32mshelper.dll (file missing)

O4 – HKLM..Run: [sys] regedit –s sys.reg
O4 – HKLM..Run: [svchost] C:WINDOWSsvchost.exe
O4 – HKLM..Run: [Windows Task Manager] C:windowssystem32 askmgn.exe

O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O13 – DefaultPrefix: c:searchpage.html?page=
O13 – WWW Prefix: c:searchpage.html?page=
O13 – Home Prefix: c:searchpage.html?page=
O13 – Mosaic Prefix: c:searchpage.html?page=
O14 – IERESET.INF: START_PAGE_URL=http://www.idg.pl
O15 – Trusted IP range: 67.19.178.84 (HKLM)
O16 – DPF: {10000030–1000–0000–1000–000000000000} – its:mhtml:file://c:\MAIN.MHT!http://zloeboogle.biz/dial.chm?wmid=3309::/x.exe
O16 – DPF: {11311111–1111–1111–1111–11111121115F} – file://C:RecycledQ383309.exe
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/CDTInc/ie/bridge–c18.cab
O16 – DPF: {86EEF11E–FF16–48CE–B1A2–474B663041A9} – http://acces–direct.net/20222/adh1_sexarea.exe


Kontrolki:

O16 – DPF: {74FFE28D–2378–11D5–990C–006094235084} (IBM Access Support) – https://www–3.ibm.com/pc/support/access/aslibmain/content/IbmEgath.cab
O16 – DPF: {79849612–A98F–45B8–95E9–4D13C7B6B35C} (Loader2 Control) – http://static.topconverting.com/activex/loader2.ocx
O16 – DPF: {E598AC61–4C6F–4F4D–877F–FAC49CA91FA3} (acpRunner Class) – https://www–3.ibm.com/pc/support/access/aslibmain/content/AcpControl.cab

Nie urzywasz >> wywalasz

Przeskanuj dodatkowo CWShredderem, Ad–awere, SpyBotem

Update:
Zeby pozniej nie bylo
O4 – HKLM..Run: [svchost] C:WINDOWSsvchost.exe
O4 – HKLM..Run: [Windows Task Manager] C:windowssystem32 askmgn.exe
Usuwasz pliki ze wskazanych katalogow oraz o identycznych nazwach jak wyzej
Nie pomyl z systemowymi
Bobi
Dodano
16.12.2004 23:12:25
komi
Dodano:
16.12.2004 22:59:07
Komentarzy:
1
Strona 1 / 1