Bardzo prosze o pomoc
Zaintalowuje mi sie bez przerwy Alfa cleaner. Badziewia nie chce a ono ciagle jest. i jeszcze mi okienka wyskakuja... AAAA!
Z gory dziekuje za pomoc.
Pozdrawiam
"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non–default values, except where indicated by "{++}"
Startup items buried in registry:
–––––––––––––––––––––––––––––––––
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
"1" = "C:\WINDOWS\system32\service\explorer.exe" [null data]
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"Gadu–Gadu" = ""C:\Program Files\Gadu–Gadu\gg.exe" /tray" ["Gadu–Gadu Sp. z oo"]
"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Windows installer" = "C:\winstall.exe" [file not found]
"taskdir" = "C:\WINDOWS\system32\taskdir.exe" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"LVCOMS" = "C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" ["Labtec"]
"eDonkey2000" = ""C:\Program Files\eDonkey2000\eDonkey2000.exe" –t" [null data]
"CorelDRAW Graphics Suite 11b" = "C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=032906 serial=DR12WEX–1504397–kty lang=EN" ["Corel Corporation"]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"CloneCDTray" = ""C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s" ["SlySoft, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714–76d4–11d1–8b24–00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
–> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560–9AA2–1069–930E–00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" [file not found]
"{42042206–2D85–11D3–8CFF–005004838597}" = "Microsoft Office HTML Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{640167b4–59b0–47a6–b335–a6b3c0695aea}" = "Portable Media Devices"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a–b60a–48e6–996b–41d25ed39a1e}" = "Portable Media Devices Menu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{B41DB860–8EE4–11D2–9906–E49FADC173CA}" = "WinRAR shell extension"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{BF05BB6E–442C–428B–8025–82280B7BC26C}" = "Zen Micro Media Explorer"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll" ["Creative Technology Ltd"]
"{21569614–B795–46b1–85F4–E737A8DC09AD}" = "Shell Search Band"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{EB63413C–7F5E–4D5A–9EDD–381AE97F6CA8}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\rxpsnd.dll" [null data]
"{DF3585D0–7DD6–4417–B9BB–E0A9BDB3DC5F}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\guard.tmp" [file not found]
"{40D26854–1DEF–4BF9–972B–D7DF9379B1E6}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\majtes40.dll" [null data]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! access98\DLLName = "access98.dll" [null data]
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
INFECTION WARNING! Nls\DLLName = "C:\WINDOWS\system32\m6nqlg5516.dll" [null data]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
–––––––––––––––––––––––––––––
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Kuba Osinski\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
–––––––––––––––––––––
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]
Startup items in "Kuba Osinski" & "All Users" startup folders:
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart
"Adobe Gamma Loader" –> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
Winsock2 Service Provider DLLs:
–––––––––––––––––––––––––––––––
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 – 03, 06 – 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 – 05
Toolbars, Explorer Bars, Extensions:
––––––––––––––––––––––––––––––––––––
Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{21569614–B795–46B1–85F4–E737A8DC09AD}\ = "Shell Search Band" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{FB5F1910–F110–11D2–BB9E–00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
All Non–Disabled Services (Display Name, Service Name, Path {Service DLL}):
–––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe –k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
InstallDriver Table Manager, IDriverT, ""C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"" ["Macrovision Corporation"]
Karta wydajności WMI, WmiApSrv, "C:\WINDOWS\System32\wbem\wmiapsrv.exe" [MS]
Usługa administracyjna Menedźera dysków logicznych, dmadmin, "C:\WINDOWS\System32\dmadmin.exe /com" ["Microsoft Corp., Veritas Software"]
Usługa dostarczania sieci, xmlprov, "C:\WINDOWS\System32\svchost.exe –k netsvcs" {"C:\WINDOWS\System32\xmlprov.dll" [MS]}
Usługa numeru seryjnego multimediów przenośnych, WmdmPmSN, "C:\WINDOWS\System32\svchost.exe –k netsvcs" {"C:\WINDOWS\system32\MsPMSNSv.dll" [MS]}
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
––––––––––
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the –all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 110 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 24 seconds.
–––––––––– (total run time: 166 seconds)
Logfile of HijackThis v1.99.1
Scan saved at 15:01:12, on 2006–03–16
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kuba Osinski\Moje dokumenty\hijackthis1.99.1\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 – HKLM\..\Run: [eDonkey2000] "C:\Program Files\eDonkey2000\eDonkey2000.exe" –t
O4 – HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=032906 serial=DR12WEX–1504397–kty lang=EN
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [taskdir] C:\WINDOWS\system32\taskdir.exe
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 – Extra context menu item: Download All by FlashGet – C:\Program Files\FlashGet\jc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:\Program Files\FlashGet\jc_link.htm
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O18 – Protocol: msnim – {828030A1–22C1–4009–854F–8E305202313F} – "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 – Winlogon Notify: access98 – C:\WINDOWS\SYSTEM32\access98.dll
O20 – Winlogon Notify: Nls – C:\WINDOWS\system32\m6nqlg5516.dll
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
Z gory dziekuje za pomoc.
Pozdrawiam
"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non–default values, except where indicated by "{++}"
Startup items buried in registry:
–––––––––––––––––––––––––––––––––
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
"1" = "C:\WINDOWS\system32\service\explorer.exe" [null data]
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"Gadu–Gadu" = ""C:\Program Files\Gadu–Gadu\gg.exe" /tray" ["Gadu–Gadu Sp. z oo"]
"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Windows installer" = "C:\winstall.exe" [file not found]
"taskdir" = "C:\WINDOWS\system32\taskdir.exe" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"LVCOMS" = "C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" ["Labtec"]
"eDonkey2000" = ""C:\Program Files\eDonkey2000\eDonkey2000.exe" –t" [null data]
"CorelDRAW Graphics Suite 11b" = "C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=032906 serial=DR12WEX–1504397–kty lang=EN" ["Corel Corporation"]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"CloneCDTray" = ""C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s" ["SlySoft, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714–76d4–11d1–8b24–00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
–> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560–9AA2–1069–930E–00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" [file not found]
"{42042206–2D85–11D3–8CFF–005004838597}" = "Microsoft Office HTML Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{640167b4–59b0–47a6–b335–a6b3c0695aea}" = "Portable Media Devices"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a–b60a–48e6–996b–41d25ed39a1e}" = "Portable Media Devices Menu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{B41DB860–8EE4–11D2–9906–E49FADC173CA}" = "WinRAR shell extension"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{BF05BB6E–442C–428B–8025–82280B7BC26C}" = "Zen Micro Media Explorer"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll" ["Creative Technology Ltd"]
"{21569614–B795–46b1–85F4–E737A8DC09AD}" = "Shell Search Band"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{EB63413C–7F5E–4D5A–9EDD–381AE97F6CA8}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\rxpsnd.dll" [null data]
"{DF3585D0–7DD6–4417–B9BB–E0A9BDB3DC5F}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\guard.tmp" [file not found]
"{40D26854–1DEF–4BF9–972B–D7DF9379B1E6}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\majtes40.dll" [null data]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! access98\DLLName = "access98.dll" [null data]
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
INFECTION WARNING! Nls\DLLName = "C:\WINDOWS\system32\m6nqlg5516.dll" [null data]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
–––––––––––––––––––––––––––––
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Kuba Osinski\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
–––––––––––––––––––––
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]
Startup items in "Kuba Osinski" & "All Users" startup folders:
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart
"Adobe Gamma Loader" –> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
Winsock2 Service Provider DLLs:
–––––––––––––––––––––––––––––––
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 – 03, 06 – 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 – 05
Toolbars, Explorer Bars, Extensions:
––––––––––––––––––––––––––––––––––––
Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{21569614–B795–46B1–85F4–E737A8DC09AD}\ = "Shell Search Band" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{FB5F1910–F110–11D2–BB9E–00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
All Non–Disabled Services (Display Name, Service Name, Path {Service DLL}):
–––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe –k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
InstallDriver Table Manager, IDriverT, ""C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"" ["Macrovision Corporation"]
Karta wydajności WMI, WmiApSrv, "C:\WINDOWS\System32\wbem\wmiapsrv.exe" [MS]
Usługa administracyjna Menedźera dysków logicznych, dmadmin, "C:\WINDOWS\System32\dmadmin.exe /com" ["Microsoft Corp., Veritas Software"]
Usługa dostarczania sieci, xmlprov, "C:\WINDOWS\System32\svchost.exe –k netsvcs" {"C:\WINDOWS\System32\xmlprov.dll" [MS]}
Usługa numeru seryjnego multimediów przenośnych, WmdmPmSN, "C:\WINDOWS\System32\svchost.exe –k netsvcs" {"C:\WINDOWS\system32\MsPMSNSv.dll" [MS]}
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
––––––––––
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the –all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 110 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 24 seconds.
–––––––––– (total run time: 166 seconds)
Logfile of HijackThis v1.99.1
Scan saved at 15:01:12, on 2006–03–16
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kuba Osinski\Moje dokumenty\hijackthis1.99.1\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 – HKLM\..\Run: [eDonkey2000] "C:\Program Files\eDonkey2000\eDonkey2000.exe" –t
O4 – HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=032906 serial=DR12WEX–1504397–kty lang=EN
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [taskdir] C:\WINDOWS\system32\taskdir.exe
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 – Extra context menu item: Download All by FlashGet – C:\Program Files\FlashGet\jc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:\Program Files\FlashGet\jc_link.htm
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O18 – Protocol: msnim – {828030A1–22C1–4009–854F–8E305202313F} – "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 – Winlogon Notify: access98 – C:\WINDOWS\SYSTEM32\access98.dll
O20 – Winlogon Notify: Nls – C:\WINDOWS\system32\m6nqlg5516.dll
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
Odpowiedzi: 4
1. Albo ja czegos nie rozumiem na tej stronie i zle robie, albo to nie dziala.
2. tego badziewia
nie da rady wywalic.
3. przy kazdej probie wlaczenia jakiejs gry prosi o wlozenie oryginalnej plyty... a plyty sa oryginalne.
Pomocy!!!!
2. tego badziewia
R3 – Default URLSearchHook is missing
nie da rady wywalic.
3. przy kazdej probie wlaczenia jakiejs gry prosi o wlozenie oryginalnej plyty... a plyty sa oryginalne.
Pomocy!!!!
OE – http://www.insideoutlookexpress.com/tips/forceid.htm
Jest tu informacja o kontach w OE, informacja o miejscu w rejestrze, gdzie przechowywane sa dane.
Links –
Log juz OK. Usun moze jeszcze wpis R3.
Jest tu informacja o kontach w OE, informacja o miejscu w rejestrze, gdzie przechowywane sa dane.
Links –
[Start] [Run] [Regedit]
Registry Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar
Modify/Create the Value Data Type(s) and Value Name(s) as detailed below.
Data Type: REG_SZ [String Value] // Value Name: LinksFolderName
Value Data: [Set the String Value to a blank string]
Open Internet Explorer and manually delete the Links folder from Favorites Menu.
The Links folder will not be recreated.
Exit Registry and Reboot
Log juz OK. Usun moze jeszcze wpis R3.
Lista problemów jakie mam:
1. Konta w Outlook Express nazywaja sie 0000005 do 0000008 i nie da sie tego zmienic.
2. Sławny juź problem z katalogiem Links w ulubionych a tego tematu nie moge znalesc na forum.
3. ciagle wiesza mi sie GG, a przy starcie kaze mi wybrac kamerke... mam jedna odlaczona.
4. Nie mogę teź podłączyć odtwarzacza MP3, aby zaimportowac muzyke. Pojawia sie komunikat, ze nie jest mozliwe podlaczenie sprzetu, pomimo, ze moge wszystko inne tam zrobic.
Narazie chyba tyle. to moj log z dzisiaj.
Logfile of HijackThis v1.99.1
Scan saved at 07:35:51, on 2006–03–17
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\eDonkey2000\eDonkey2000.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\services\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Lavasoft\Ad–Aware SE Personal\Ad–Aware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kuba Osinski\Moje dokumenty\hijackthis1.99.1\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 – Default URLSearchHook is missing
O4 – HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 – HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 – HKLM\..\Run: [eDonkey2000] "C:\Program Files\eDonkey2000\eDonkey2000.exe" –t
O4 – HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=032906 serial=DR12WEX–1504397–kty lang=EN
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 – Extra context menu item: Download All by FlashGet – C:\Program Files\FlashGet\jc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:\Program Files\FlashGet\jc_link.htm
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
1. Konta w Outlook Express nazywaja sie 0000005 do 0000008 i nie da sie tego zmienic.
2. Sławny juź problem z katalogiem Links w ulubionych a tego tematu nie moge znalesc na forum.
3. ciagle wiesza mi sie GG, a przy starcie kaze mi wybrac kamerke... mam jedna odlaczona.
4. Nie mogę teź podłączyć odtwarzacza MP3, aby zaimportowac muzyke. Pojawia sie komunikat, ze nie jest mozliwe podlaczenie sprzetu, pomimo, ze moge wszystko inne tam zrobic.
Narazie chyba tyle. to moj log z dzisiaj.
Logfile of HijackThis v1.99.1
Scan saved at 07:35:51, on 2006–03–17
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\eDonkey2000\eDonkey2000.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\services\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Lavasoft\Ad–Aware SE Personal\Ad–Aware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kuba Osinski\Moje dokumenty\hijackthis1.99.1\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 – Default URLSearchHook is missing
O4 – HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 – HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 – HKLM\..\Run: [eDonkey2000] "C:\Program Files\eDonkey2000\eDonkey2000.exe" –t
O4 – HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=032906 serial=DR12WEX–1504397–kty lang=EN
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 – Extra context menu item: Download All by FlashGet – C:\Program Files\FlashGet\jc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:\Program Files\FlashGet\jc_link.htm
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
Kolego, syfu w cholere. Poczawszy od takich dziwnych rzeczy, do "standardowych" C:\winstall.exe, C:\WINDOWS\system32\taskdir.exe i innych. Lacznie z wpisami O20.EmOa:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
"1" = "C:\WINDOWS\system32\service\explorer.exe"
Tutaj sprawdzisz log i pozniej usuniesz co wskazal analizator –> http://forum.centrumxp.pl/viewtopic.php?t=37513
W drugim przyklejonym temacie pkt nr 8.
Strona 1 / 1