NP

wielkaradosc:

Latwiej sie wstaje?

Moze nie latwiej, ale z wielkąradością :wink: .

Usunalem katalog.
Usunalem Pande.
I dziala nagle. Tak jak powinno.
Dziekuje, El Nino i Bobi, za checi, Wasz czas i wyrozumialosc.
Jeszcze jedno pytanie – jak to jest budzic sie co rano ze swiadomoscia, ze codziennie ratujecie tylki tylu userom? Latwiej sie wstaje?

Błąd 1060 wskazywałby na to, iź taka usługa nie jest zarejestrowana. Spróbuj jeszcze tego _NS_Service_3 podać w cudzysłowie.
Próbowałes usunać ją w sposób, ktory podał EL NINO ?
Usun cały katalog !Submit oraz luzem siedzący w system32 plik svchost32.

Przy komendzie delete _NS_Service_3 jest haslo:

[SC]OpenService failed 1060:
okre

Przy komendzie attrib –r –s svchost.exe, przeprowadzanej w katalogu windows, system nie moze odnalezc pliku. To samo z izpr32.exe.
Katalog !Submit znajduje sie na partycji z winxp, przez pomylke usunalem kiedys svchost32.exe z system32, i ten katalog tam sie utworzyl.
Sprawdzalem, svchost32.exe jest w system32 juz.
A teraz w !submit jest svchost.exe wlasnie. Wywalic?

Rzeczywiscie proces Pandy obciąza CPU.
Poza tymi dwoma usługami i podmienioną stroną szukania IE nic nie masz. Ciachnij wpis R1, otwórz wiersz poleceń {cmd) i wpisuj:

sc stop PowerManager
sc stop __NS_Service_3
sc delete PowerManager
sc delete __NS_Service_3
cd E:\WINDOWS
attrib –r –s svchost.exe
attrib –r –s ipzr32.exe
del svchost.exe
del ipzr32.exe

edtExt.dll usuń z System32 i !Submit. Moze trzeba by go wyrejestrowac ?
Gdzie ten folder !Submit się znajduje ?

Co zajmuje 100%? Zrobilem screena, tuz po uruchomieniu windowsa.
Wykonalem Wasze polecenia – poza usunieciem uslug z konca rejestru hijacka, bo sa z tym male problemy edtExt.dll przemiescil sie do katalogu !Submit.
I dalej nic. Wylaczylem SpyStoppera z autostartu, bo moze jakis program – np panda antivirus, obciaza system? Z drugiej strony rozne aplikacje wczesniej zainstalowane byly, i takie klopoty sie nie pojawialy.

"Silent Runners.vbs", revision 35, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non–default values, except where indicated by "{++}"


Startup items buried in registry:
–––––––––––––––––––––––––––––––––

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Komunikator" = "E:\Program Files\Tlen.pl\tlen.exe" [null data]
"MSMSGS" = ""E:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"Gadu–Gadu" = ""D:\Gadu–Gadu\gg.exe" /tray" ["sms–express.com"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"WinampAgent" = "E:\Program Files\Winamp\winampa.exe" [null data]
"ccApp" = ""E:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"WinPatrol" = ""E:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"" ["BillP Studios"]
"NvMediaCenter" = "RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"NVRTCLK" = "E:\WINDOWS\System32\NVRTCLK\NVRTClk.exe" [empty string]
"PathNvidiaTV" = "E:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe" [empty string]
"VGAUtil" = "E:\Program Files\GigaByte\VGA Utility Manager\G–VGA.exe" [empty string]
"RemoteControl" = "F:\PDVD\PDVDServ.exe" ["Cyberlink Corp."]
"HP Component Manager" = ""E:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett–Packard Company"]
"HP Software Update" = ""E:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd2.exe"" ["Hewlett–Packard Company"]
"APVXDWIN" = ""E:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s" ["Panda Software International"]
"SpyBlockerPro" = "E:\security\ssp\spyblocker.exe" [file not found]

HKLM\Software\Microsoft\Active Setup\Installed Components\
{306D6C21–C1B6–4629–986C–E59E1875B8AF}\(Default) = (no title provided)
\StubPath = ""E:\WINDOWS\System32\rundll32.exe" "E:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F–C8D7–4D59–B87D–784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{BDF3E430–B101–42AD–A544–FADC6B084872}\(Default) = "CNavExtBho Class" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560–9AA2–1069–930E–00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
–> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A–BF00–412C–90B7–034C51DA2439}" = "NvCpl DesktopContext Class"
–> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949–8F65–4355–8456–263E7C208A5D}" = "Desktop Explorer"
–> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB–F9E5–4718–997B–B8DA88302A47}" = "Desktop Explorer Menu"
–> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB–F9E5–4718–997B–B8DA88302A48}" = "nView Desktop Context Menu"
–> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{E0D79304–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "E:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "E:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "E:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "E:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{B41DB860–8EE4–11D2–9906–E49FADC173CA}" = "WinRAR shell extension"
–> {CLSID}\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]
"{0006F045–0000–0000–C000–000000000046}" = "Microsoft Outlook Custom Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206–2D85–11D3–8CFF–005004838597}" = "Microsoft Office HTML Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{32020A01–506E–484D–A2A8–BE3CF17601C3}" = "AlcoholShellEx"
–> {CLSID}\InProcServer32\(Default) = "E:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{d0e04dfd–9185–49bd–b3a8–cdefa63f810a}" = "Philips RUSH Audio Player (128 MB)Shell Hook"
–> {CLSID}\InProcServer32\(Default) = "PHIL16Ah.dll" ["Copyright (c) 2003, Koninklijke Philips"]
"{75E6139C–7EC4–11D5–8D0F–A07CD97BF970}" = "All To WMA Converter"
–> {CLSID}\InProcServer32\(Default) = "E:\Program Files\LitexMedia\All To WMA Converter\WMAShellExt.dll" [empty string]
"{330417E8–EF62–4047–82BE–D8305CEFF572}" = "AMEncShlExt extension"
–> {CLSID}\InProcServer32\(Default) = "E:\PROGRA~1\4MUSIC~1\amshellext.dll" [file not found]
"{FFB699E0–306A–11d3–8BD1–00104B6F7516}" = "Play on my TV helper"
–> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{B9E1D2CB–CCFF–4AA6–9579–D7A4754030EF}" = "iTunes"
–> {CLSID}\InProcServer32\(Default) = "E:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{65756541–C65C–11CD–0000–4B656E696100}" = "Panda Antivirus"
–> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Panda Software\Panda Titanium Antivirus 2004\ShellTit.DLL" ["Panda Software International"]


Enabled Screen Saver:
–––––––––––––––––––––

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "E:\WINDOWS\System32\logon.scr" [MS]


Enabled Wallpaper and Active Desktop:
–––––––––––––––––––––––––––––––––––––

Active Desktop is enabled.

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "%APPDATA%\Microsoft\Internet Explorer\Tapeta programu Internet Explorer.bmp"


Startup items in "wielkaradosc" & "All Users" startup folders:
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

E:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"InterVideo WinCinema Manager" –> shortcut to: "E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" ["InterVideo Inc."]
"Microsoft Office" –> shortcut to: "E:\Program Files\Microsoft Office\Office10\OSA.EXE –b –l" [MS]
"Adobe Gamma Loader" –> shortcut to: "E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]


Enabled Scheduled Tasks:
––––––––––––––––––––––––

"Norton AntiVirus – Scan my computer" –> launches: "E:\PROGRA~1\NORTON~1\Navw32.exe /task:"E:\Documents and Settings\All Users\Dane aplikacji\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" [file not found]
"Norton AntiVirus – Scan my computer – wielkaradosc" –> launches: "E:\PROGRA~1\NORTON~1\NAVW32.EXE /task:"E:\Documents and Settings\All Users\Dane aplikacji\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" [file not found]
"Symantec NetDetect" –> launches: "E:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" [file not found]


Winsock2 Service Provider DLLs:
–––––––––––––––––––––––––––––––

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
E:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavlsp.dll ["Panda Software "], 01 – 03, 17
%SystemRoot%\system32\mswsock.dll [MS], 04 – 06, 09 – 16
%SystemRoot%\system32\rsvpsp.dll [MS], 07 – 08


Toolbars, Explorer Bars, Extensions:
––––––––––––––––––––––––––––––––––––

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6}"
–> {CLSID}\(Default) = "Norton AntiVirus"
–> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6}"
–> {CLSID}\(Default) = "Norton AntiVirus"
–> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

"{EF99BD32–C1FB–11D2–892F–0090271D4F88}"
–> {CLSID}\(Default) = "&Yahoo! Toolbar"
–> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

"{2318C2B1–4965–11D4–9B18–009027A5CD4F}"
–> {CLSID}\(Default) = "&Google"
–> {CLSID}\InProcServer32\(Default) = "e:\program files\google\googletoolbar1.dll" ["Google Inc."]


Running Services (Display Name, Service Name, Path {Service DLL}):
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

NVIDIA Display Driver Service, NVSvc, "E:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Panda anti–virus service, PAVSRV, ""E:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe"" ["Panda Software"]
Panda IManager Service, PSIMSVC, ""E:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe"" ["Panda Software Internacional"]
Panda Process Protection Service, PavPrSrv, ""E:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe"" ["Panda Software"]
Symantec Core LC, Symantec Core LC, "E:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]


––––––––––
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the –all parameter.
––––––––––

Logfile of HijackThis v1.99.1
Scan saved at 21:35:07, on 2005–10–09
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Winamp\winampa.exe
E:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
E:\WINDOWS\System32\RUNDLL32.EXE
E:\WINDOWS\System32\rundll32.exe
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\GigaByte\VGA Utility Manager\G–VGA.exe
F:\PDVD\PDVDServ.exe
E:\Program Files\HP\hpcoretech\hpcmpmgr.exe
E:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd2.exe
E:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
E:\WINDOWS\System32\nvsvc32.exe
E:\Program Files\Tlen.pl\tlen.exe
E:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
E:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
E:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
E:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
E:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\Program Files\Messenger\msmsgs.exe
D:\Gadu–Gadu\gg.exe
E:\WINDOWS\System32\devldr32.exe
E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
E:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\UnderCoverXP\UnderCoverXP.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Ahead\Nero\nero.exe
E:\WINDOWS\System32\imapi.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\hijackthis_199\HijackThis.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://0ml.net/cat
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – E:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: CNavExtBho Class – {BDF3E430–B101–42AD–A544–FADC6B084872} – E:\Program Files\Norton AntiVirus\NavShExt.dll
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [WinPatrol] "E:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [NVRTCLK] E:\WINDOWS\System32\NVRTCLK\NVRTClk.exe
O4 – HKLM\..\Run: [PathNvidiaTV] E:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe
O4 – HKLM\..\Run: [VGAUtil] E:\Program Files\GigaByte\VGA Utility Manager\G–VGA.exe
O4 – HKLM\..\Run: [RemoteControl] F:\PDVD\PDVDServ.exe
O4 – HKLM\..\Run: [HP Component Manager] "E:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 – HKLM\..\Run: [HP Software Update] "E:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd2.exe"
O4 – HKLM\..\Run: [APVXDWIN] "E:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 – HKLM\..\Run: [SpyBlockerPro] E:\security\ssp\spyblocker.exe
O4 – HKCU\..\Run: [Komunikator] E:\Program Files\Tlen.pl\tlen.exe
O4 – HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Gadu–Gadu] "D:\Gadu–Gadu\gg.exe" /tray
O4 – Global Startup: InterVideo WinCinema Manager.lnk = E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 – Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 – Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 – Extra context menu item: &Google Search – res://E:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: Backward &Links – res://E:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cac&hed Snapshot of Page – res://E:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 – Extra context menu item: Si&milar Pages – res://E:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate into English – res://E:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O16 – DPF: komentator – http://sport.onet.pl/komentator.cab
O16 – DPF: {0A5FD7C5–A45C–49FC–ADB5–9952547D5715} (Creative Software AutoUpdate) – http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122827411078
O16 – DPF: {644E432F–49D3–41A1–8DD5–E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {EF791A6B–FC12–4C68–99EF–FB9E207A39E6} (McFreeScan Class) – http://download.mcafee.com/molbin/iss–loc/vso/en–us/tools/mcfscan/2,0,0,4598/mcfscan.cab
O16 – DPF: {F6ACF75C–C32C–447B–9BEF–46B766368D29} (Creative Software AutoUpdate Support Package) – http://www.creative.com/su/ocx/15010/CTPID.cab
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: iPodService – Apple Computer, Inc. – E:\Program Files\iPod\bin\iPodService.exe
O23 – Service: Norton AntiVirus Auto Protect Service (navapsvc) – Unknown owner – E:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – E:\WINDOWS\System32\nvsvc32.exe
O23 – Service: Panda Process Protection Service (PavPrSrv) – Panda Software – E:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 – Service: Panda anti–virus service (PAVSRV) – Panda Software – E:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
O23 – Service: Kerio Personal Firewall (PersFw) – Unknown owner – E:\Program Files\Kerio\Personal Firewall\persfw.exe (file missing)
O23 – Service: Power Manager (PowerManager) – Unknown owner – E:\WINDOWS\svchost.exe (file missing)
O23 – Service: Panda IManager Service (PSIMSVC) – Panda Software Internacional – E:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
O23 – Service: SAVScan – Unknown owner – E:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Core LC – Symantec Corporation – E:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 – Service: Network Security Service (__NS_Service_3) – Unknown owner – E:\WINDOWS\ipzr32.exe (file missing)

Bobi:

To samo zrób jeszcze z usługą...

No tak. Widac ze meczy mnie przegladanie dlugich postow :P .

To samo zrób jeszcze z usługą:
O23 – Service: Power Manager (PowerManager) – Unknown owner – E:\WINDOWS\svchost.exe (file missing)
Nie machnij się przy usuwaniu svchosta, plik o identycznej nazwie będzie jeszcze w system32 – tego zostawiasz.

Powoli mnie zalamujesz :wink: .
Przeciez w dalszy ciagu Silent Runners pokazuje plik edtExt.dll – pozbadz sie go w koncu.
Ponadto w HiJacku usun wszystkie wpisy "R1" i usluge pokazana na samym koncu:
O23 – Service: Network Security Service (__NS_Service_3) – Unknown owner – E:\WINDOWS\ipzr32.exe (file missing)
Usluge usuniesz troche inaczej niz pozostale rzeczy. Kliknij na "Open the Misc Tools section", nastepnie na "Delete an NT service" i podaj w okienku nazwe uslugi "__NS_Service_3". Sprawdz moze jeszcze w uslugach (z Uruchom "services.msc") czy rzeczywiscie pod taka wlasnie nazwa wystepuje.

Usunalem znow, bo pliki przemiescily sie do katalogu !Submit. Wartosci usuniete. I wciaz na poczatku nie ma przez 2min ikon.

"Silent Runners.vbs", revision 35, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non–default values, except where indicated by "{++}"


Startup items buried in registry:
–––––––––––––––––––––––––––––––––

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Komunikator" = "E:\Program Files\Tlen.pl\tlen.exe" [null data]
"MSMSGS" = ""E:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"Gadu–Gadu" = ""D:\Gadu–Gadu\gg.exe" /tray" ["sms–express.com"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"WinampAgent" = "E:\Program Files\Winamp\winampa.exe" [null data]
"ccApp" = ""E:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"WinPatrol" = ""E:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"" ["BillP Studios"]
"NvMediaCenter" = "RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"NVRTCLK" = "E:\WINDOWS\System32\NVRTCLK\NVRTClk.exe" [empty string]
"PathNvidiaTV" = "E:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe" [empty string]
"VGAUtil" = "E:\Program Files\GigaByte\VGA Utility Manager\G–VGA.exe" [empty string]
"RemoteControl" = "F:\PDVD\PDVDServ.exe" ["Cyberlink Corp."]
"HP Component Manager" = ""E:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett–Packard Company"]
"HP Software Update" = ""E:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd2.exe"" ["Hewlett–Packard Company"]
"APVXDWIN" = ""E:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s" ["Panda Software International"]
"SpyStopperPro" = "E:\security\ssp\ssp.exe" ["InfoWorks Technology Company "]
"SpyBlockerPro" = "E:\security\ssp\spyblocker.exe" [file not found]

HKLM\Software\Microsoft\Active Setup\Installed Components\
{306D6C21–C1B6–4629–986C–E59E1875B8AF}\(Default) = (no title provided)
\StubPath = ""E:\WINDOWS\System32\rundll32.exe" "E:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F–C8D7–4D59–B87D–784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{BDF3E430–B101–42AD–A544–FADC6B084872}\(Default) = "CNavExtBho Class" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560–9AA2–1069–930E–00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
–> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A–BF00–412C–90B7–034C51DA2439}" = "NvCpl DesktopContext Class"
–> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949–8F65–4355–8456–263E7C208A5D}" = "Desktop Explorer"
–> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB–F9E5–4718–997B–B8DA88302A47}" = "Desktop Explorer Menu"
–> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB–F9E5–4718–997B–B8DA88302A48}" = "nView Desktop Context Menu"
–> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{E0D79304–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "E:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "E:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "E:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "E:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{B41DB860–8EE4–11D2–9906–E49FADC173CA}" = "WinRAR shell extension"
–> {CLSID}\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]
"{0006F045–0000–0000–C000–000000000046}" = "Microsoft Outlook Custom Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206–2D85–11D3–8CFF–005004838597}" = "Microsoft Office HTML Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{32020A01–506E–484D–A2A8–BE3CF17601C3}" = "AlcoholShellEx"
–> {CLSID}\InProcServer32\(Default) = "E:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{d0e04dfd–9185–49bd–b3a8–cdefa63f810a}" = "Philips RUSH Audio Player (128 MB)Shell Hook"
–> {CLSID}\InProcServer32\(Default) = "PHIL16Ah.dll" ["Copyright (c) 2003, Koninklijke Philips"]
"{C141B52E–7FAC–49D6–A3D2–C7AFBBD7357E}" = "SimpleShlExt extension"
–> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\edtExt.dll" [file not found]
"{75E6139C–7EC4–11D5–8D0F–A07CD97BF970}" = "All To WMA Converter"
–> {CLSID}\InProcServer32\(Default) = "E:\Program Files\LitexMedia\All To WMA Converter\WMAShellExt.dll" [empty string]
"{330417E8–EF62–4047–82BE–D8305CEFF572}" = "AMEncShlExt extension"
–> {CLSID}\InProcServer32\(Default) = "E:\PROGRA~1\4MUSIC~1\amshellext.dll" ["4Musics, Inc."]
"{FFB699E0–306A–11d3–8BD1–00104B6F7516}" = "Play on my TV helper"
–> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{B9E1D2CB–CCFF–4AA6–9579–D7A4754030EF}" = "iTunes"
–> {CLSID}\InProcServer32\(Default) = "E:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{65756541–C65C–11CD–0000–4B656E696100}" = "Panda Antivirus"
–> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Panda Software\Panda Titanium Antivirus 2004\ShellTit.DLL" ["Panda Software International"]


Enabled Screen Saver:
–––––––––––––––––––––

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "E:\WINDOWS\System32\logon.scr" [MS]


Enabled Wallpaper and Active Desktop:
–––––––––––––––––––––––––––––––––––––

Active Desktop is enabled.

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "%APPDATA%\Microsoft\Internet Explorer\Tapeta programu Internet Explorer.bmp"


Startup items in "wielkaradosc" & "All Users" startup folders:
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

E:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"InterVideo WinCinema Manager" –> shortcut to: "E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" ["InterVideo Inc."]
"Microsoft Office" –> shortcut to: "E:\Program Files\Microsoft Office\Office10\OSA.EXE –b –l" [MS]
"Adobe Gamma Loader" –> shortcut to: "E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]


Enabled Scheduled Tasks:
––––––––––––––––––––––––

"Norton AntiVirus – Scan my computer" –> launches: "E:\PROGRA~1\NORTON~1\Navw32.exe /task:"E:\Documents and Settings\All Users\Dane aplikacji\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Norton AntiVirus – Scan my computer – wielkaradosc" –> launches: "E:\PROGRA~1\NORTON~1\NAVW32.EXE /task:"E:\Documents and Settings\All Users\Dane aplikacji\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Symantec NetDetect" –> launches: "E:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" [file not found]


Winsock2 Service Provider DLLs:
–––––––––––––––––––––––––––––––

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
E:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavlsp.dll ["Panda Software "], 01 – 03, 17
%SystemRoot%\system32\mswsock.dll [MS], 04 – 06, 09 – 16
%SystemRoot%\system32\rsvpsp.dll [MS], 07 – 08


Toolbars, Explorer Bars, Extensions:
––––––––––––––––––––––––––––––––––––

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6}"
–> {CLSID}\(Default) = "Norton AntiVirus"

Logfile of HijackThis v1.99.1
Scan saved at 16:52:50, on 2005–10–08
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Winamp\winampa.exe
E:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
E:\WINDOWS\System32\RUNDLL32.EXE
E:\Program Files\GigaByte\VGA Utility Manager\G–VGA.exe
F:\PDVD\PDVDServ.exe
E:\Program Files\HP\hpcoretech\hpcmpmgr.exe
E:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd2.exe
E:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
E:\security\ssp\ssp.exe
E:\Program Files\Tlen.pl\tlen.exe
E:\Program Files\Messenger\msmsgs.exe
D:\Gadu–Gadu\gg.exe
E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
E:\WINDOWS\System32\rundll32.exe
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
E:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
E:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
E:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
E:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
E:\WINDOWS\System32\devldr32.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\Program Files\Internet Explorer\iexplore.exe
E:\hijackthis_199\HijackThis.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://0ml.net/cat
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://0ml.net/searchasst.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://0ml.net/cat
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://0ml.net/searchasst.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://0ml.net/searchasst.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://0ml.net/searchasst.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://0ml.net/searchasst.html
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://0ml.net/cat
R1 – HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://0ml.net/cat
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – E:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: CNavExtBho Class – {BDF3E430–B101–42AD–A544–FADC6B084872} – E:\Program Files\Norton AntiVirus\NavShExt.dll
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [WinPatrol] "E:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [NVRTCLK] E:\WINDOWS\System32\NVRTCLK\NVRTClk.exe
O4 – HKLM\..\Run: [PathNvidiaTV] E:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe
O4 – HKLM\..\Run: [VGAUtil] E:\Program Files\GigaByte\VGA Utility Manager\G–VGA.exe
O4 – HKLM\..\Run: [RemoteControl] F:\PDVD\PDVDServ.exe
O4 – HKLM\..\Run: [HP Component Manager] "E:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 – HKLM\..\Run: [HP Software Update] "E:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd2.exe"
O4 – HKLM\..\Run: [APVXDWIN] "E:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 – HKLM\..\Run: [SpyStopperPro] E:\security\ssp\ssp.exe
O4 – HKLM\..\Run: [SpyBlockerPro] E:\security\ssp\spyblocker.exe
O4 – HKCU\..\Run: [Komunikator] E:\Program Files\Tlen.pl\tlen.exe
O4 – HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Gadu–Gadu] "D:\Gadu–Gadu\gg.exe" /tray
O4 – Global Startup: InterVideo WinCinema Manager.lnk = E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 – Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 – Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 – Extra context menu item: &Google Search – res://E:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: Backward &Links – res://E:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cac&hed Snapshot of Page – res://E:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 – Extra context menu item: Si&milar Pages – res://E:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate into English – res://E:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O16 – DPF: komentator – http://sport.onet.pl/komentator.cab
O16 – DPF: {0A5FD7C5–A45C–49FC–ADB5–9952547D5715} (Creative Software AutoUpdate) – http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122827411078
O16 – DPF: {644E432F–49D3–41A1–8DD5–E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {EF791A6B–FC12–4C68–99EF–FB9E207A39E6} (McFreeScan Class) – http://download.mcafee.com/molbin/iss–loc/vso/en–us/tools/mcfscan/2,0,0,4598/mcfscan.cab
O16 – DPF: {F6ACF75C–C32C–447B–9BEF–46B766368D29} (Creative Software AutoUpdate Support Package) – http://www.creative.com/su/ocx/15010/CTPID.cab
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: iPodService – Apple Computer, Inc. – E:\Program Files\iPod\bin\iPodService.exe
O23 – Service: Norton AntiVirus Auto Protect Service (navapsvc) – Symantec Corporation – E:\Program Files\Norton AntiVirus\navapsvc.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – E:\WINDOWS\System32\nvsvc32.exe
O23 – Service: Panda Process Protection Service (PavPrSrv) – Panda Software – E:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 – Service: Panda anti–virus service (PAVSRV) – Panda Software – E:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
O23 – Service: Kerio Personal Firewall (PersFw) – Unknown owner – E:\Program Files\Kerio\Personal Firewall\persfw.exe (file missing)
O23 – Service: Power Manager (PowerManager) – Unknown owner – E:\WINDOWS\svchost.exe (file missing)
O23 – Service: Panda IManager Service (PSIMSVC) – Panda Software Internacional – E:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
O23 – Service: SAVScan – Symantec Corporation – E:\Program Files\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Core LC – Symantec Corporation – E:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 – Service: Network Security Service (__NS_Service_3) – Unknown owner – E:\WINDOWS\ipzr32.exe (file missing)

wielkaradosc:

Mam usunac ta wartosc z rejestru?

Wartosc i przede wszystkim plik z dysku.
SpyStopper informuje Cie o zawartosci pliku HOSTS, ale akurat te wpisy moga tam byc.

Daruj sobie i przestan zasmiecac system guzik wartymi programami. One zdadza sie psu na bude.

Probowalem sobie radzic sam, stad te programy

Co do pliku – ws635910.dll – zrobilem, jak kazales. Usunalem go, teraz sr pokazuje mi:

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WebCheck" = "{E6FB5E20–DE35–11CF–9C87–00AA005127ED}"
–> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\ws635910.dll" [file not found]

Mam usunac ta wartosc z rejestru?
I cos jeszcze, przy uruchamianiu OS–a, pojawia sie cos info od SpyStoppera Pro:

#########################################################
# Modifications by SpyStopper Pro (32 143 items added)
# Modified on sobota, paź 8 2005 at 04:00:25
#########################################################

127.0.0.1 localhost
127.0.0.1 pop3.norton.antivirus
127.0.0.1 pop3.spa.norton.antivirus
127.0.0.1 000freexxx.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 00hq.com
127.0.0.1 01.sharedsource.org
127.0.0.1 0190–dialer.com
127.0.0.1 03.sharedsource.org
127.0.0.1 030.com
127.0.0.1 039068a.dialer–select.com
127.0.0.1 05.sharedsource.org
127.0.0.1 06272002–dbase.hitcountz.net
127.0.0.1 08.185.87.0.liveadvert.com
127.0.0.1 08.185.87.00.liveadvert.com
127.0.0.1 08.185.87.01.liveadvert.com
127.0.0.1 08.185.87.03.liveadvert.com
127.0.0.1 08.185.87.04.liveadvert.com
127.0.0.1 08.185.87.05.liveadvert.com
127.0.0.1 08.185.87.06.liveadvert.com
127.0.0.1 08.185.87.07.liveadvert.com
127.0.0.1 08.185.87.08.liveadvert.com
127.0.0.1 08.185.87.09.liveadvert.com
127.0.0.1 08.185.87.1.liveadvert.com
127.0.0.1 08.185.87.10.liveadvert.com
127.0.0.1 08.185.87.100.liveadvert.com
127.0.0.1 08.185.87.101.liveadvert.com
127.0.0.1 08.185.87.103.liveadvert.com
127.0.0.1 08.185.87.104.liveadvert.com
127.0.0.1 08.185.87.105.liveadvert.com
127.0.0.1 08.185.87.106.liveadvert.com
127.0.0.1 08.185.87.107.liveadvert.com
127.0.0.1 08.185.87.108.liveadvert.com
127.0.0.1 08.185.87.109.liveadvert.com
127.0.0.1 08.185.87.11.liveadvert.com
127.0.0.1 08.185.87.110.liveadvert.com
127.0.0.1 08.185.87.111.liveadvert.com
127.0.0.1 08.185.87.113.liveadvert.com
127.0.0.1 08.185.87.114.liveadvert.com
127.0.0.1 08.185.87.115.liveadvert.com
127.0.0.1 08.185.87.116.liveadvert.com
127.0.0.1 08.185.87.117.liveadvert.com
127.0.0.1 08.185.87.118.liveadvert.com
127.0.0.1 08.185.87.119.liveadvert.com
127.0.0.1 08.185.87.13.liveadvert.com
127.0.0.1 08.185.87.130.liveadvert.com
127.0.0.1 08.185.87.131.liveadvert.com
127.0.0.1 08.185.87.133.liveadvert.com
127.0.0.1 08.185.87.134.liveadvert.com
127.0.0.1 08.185.87.135.liveadvert.com
127.0.0.1 08.185.87.136.liveadvert.com
127.0.0.1 08.185.87.137.liveadvert.com
127.0.0.1 08.185.87.138.liveadvert.com
127.0.0.1 08.185.87.139.liveadvert.com
127.0.0.1 08.185.87.14.liveadvert.com
127.0.0.1 08.185.87.140.liveadvert.com
127.0.0.1 08.185.87.141.liveadvert.com
127.0.0.1 08.185.87.143.liveadvert.com
127.0.0.1 08.185.87.144.liveadvert.com
127.0.0.1 08.185.87.145.liveadvert.com
127.0.0.1 08.185.87.146.liveadvert.com
127.0.0.1 08.185.87.147.liveadvert.com
127.0.0.1 08.185.87.148.liveadvert.com
127.0.0.1 08.185.87.149.liveadvert.com
127.0.0.1 08.185.87.15.liveadvert.com
127.0.0.1 08.185.87.150.liveadvert.com
127.0.0.1 08.185.87.151.liveadvert.com
127.0.0.1 08.185.87.153.liveadvert.com
127.0.0.1 08.185.87.154.liveadvert.com
127.0.0.1 08.185.87.155.liveadvert.com
127.0.0.1 08.185.87.156.liveadvert.com
127.0.0.1 08.185.87.157.liveadvert.com
127.0.0.1 08.185.87.158.liveadvert.com
127.0.0.1 08.185.87.159.liveadvert.com
127.0.0.1 08.185.87.16.liveadvert.com
127.0.0.1 08.185.87.160.liveadvert.com
127.0.0.1 08.185.87.161.liveadvert.com
127.0.0.1 08.185.87.163.liveadvert.com
127.0.0.1 08.185.87.164.liveadvert.com
127.0.0.1 08.185.87.165.liveadvert.com
127.0.0.1 08.185.87.166.liveadvert.com
127.0.0.1 08.185.87.167.liveadvert.com
127.0.0.1 08.185.87.168.liveadvert.com
127.0.0.1 08.185.87.169.liveadvert.com
127.0.0.1 08.185.87.17.liveadvert.com
127.0.0.1 08.185.87.170.liveadvert.com
127.0.0.1 08.185.87.171.liveadvert.com
127.0.0.1 08.185.87.173.liveadvert.com
127.0.0.1 08.185.87.174.liveadvert.com
127.0.0.1 08.185.87.175.liveadvert.com
127.0.0.1 08.185.87.176.liveadvert.com
127.0.0.1 08.185.87.177.liveadvert.com
127.0.0.1 08.185.87.178.liveadvert.com
127.0.0.1 08.185.87.179.liveadvert.com
127.0.0.1 08.185.87.18.liveadvert.com
127.0.0.1 08.185.87.180.liveadvert.com
127.0.0.1 08.185.87.181.liveadvert.com
127.0.0.1 08.185.87.183.liveadvert.com
127.0.0.1 08.185.87.184.liveadvert.com
127.0.0.1 08.185.87.185.liveadvert.com
127.0.0.1 08.185.87.186.liveadvert.com
127.0.0.1 08.185.87.187.liveadvert.com
127.0.0.1 08.185.87.188.liveadvert.com
127.0.0.1 08.185.87.189.liveadvert.com
127.0.0.1 08.185.87.19.liveadvert.com
127.0.0.1 08.185.87.190.liveadvert.com
127.0.0.1 08.185.87.191.liveadvert.com
127.0.0.1 08.185.87.193.liveadvert.com
127.0.0.1 08.185.87.194.liveadvert.com
127.0.0.1 08.185.87.195.liveadvert.com
127.0.0.1 08.185.87.196.liveadvert.com
127.0.0.1 08.185.87.197.liveadvert.com
127.0.0.1 08.185.87.198.liveadvert.com
127.0.0.1 08.185.87.199.liveadvert.com
127.0.0.1 08.185.87.3.liveadvert.com
127.0.0.1 08.185.87.30.liveadvert.com
127.0.0.1 08.185.87.31.liveadvert.com
127.0.0.1 08.185.87.33.liveadvert.com
127.0.0.1 08.185.87.34.liveadvert.com
127.0.0.1 08.185.87.35.liveadvert.com
127.0.0.1 08.185.87.36.liveadvert.com
127.0.0.1 08.185.87.37.liveadvert.com
127.0.0.1 08.185.87.38.liveadvert.com
127.0.0.1 08.185.87.39.liveadvert.com
127.0.0.1 08.185.87.4.liveadvert.com
127.0.0.1 08.185.87.40.liveadvert.com
127.0.0.1 08.185.87.41.liveadvert.com
127.0.0.1 08.185.87.43.liveadvert.com
127.0.0.1 08.185.87.44.liveadvert.com
127.0.0.1 08.185.87.45.liveadvert.com
127.0.0.1 08.185.87.46.liveadvert.com
127.0.0.1 08.185.87.47.liveadvert.com
127.0.0.1 08.185.87.48.liveadvert.com
127.0.0.1 08.185.87.49.liveadvert.com
127.0.0.1 08.185.87.5.liveadvert.com
127.0.0.1 08.185.87.50.liveadvert.com
127.0.0.1 08.185.87.51.liveadvert.com
127.0.0.1 08.185.87.53.liveadvert.com
127.0.0.1 08.185.87.54.liveadvert.com
127.0.0.1 08.185.87.55.liveadvert.com
127.0.0.1 08.185.87.56.liveadvert.com
127.0.0.1 08.185.87.57.liveadvert.com
127.0.0.1 08.185.87.58.liveadvert.com
127.0.0.1 08.185.87.59.liveadvert.com
127.0.0.1 08.185.87.6.liveadvert.com
127.0.0.1 08.185.87.60.liveadvert.com
127.0.0.1 08.185.87.61.liveadvert.com
127.0.0.1 08.185.87.63.liveadvert.com
127.0.0.1 08.185.87.64.liveadvert.com
127.0.0.1 08.185.87.65.liveadvert.com
127.0.0.1 08.185.87.66.liveadvert.com
127.0.0.1 08.185.87.67.liveadvert.com
127.0.0.1 08.185.87.68.liveadvert.com
127.0.0.1 08.185.87.69.liveadvert.com
127.0.0.1 08.185.87.7.liveadvert.com
127.0.0.1 08.185.87.70.liveadvert.com
127.0.0.1 08.185.87.71.liveadvert.com
127.0.0.1 08.185.87.73.liveadvert.com
127.0.0.1 08.185.87.74.liveadvert.com
127.0.0.1 08.185.87.75.liveadvert.com
127.0.0.1 08.185.87.76.liveadvert.com
127.0.0.1 08.185.87.77.liveadvert.com
127.0.0.1 08.185.87.78.liveadvert.com
127.0.0.1 08.185.87.79.liveadvert.com
127.0.0.1 08.185.87.8.liveadvert.com
127.0.0.1 08.185.87.80.liveadvert.com
127.0.0.1 08.185.87.81.liveadvert.com
127.0.0.1 08.185.87.83.liveadvert.com
127.0.0.1 08.185.87.84.liveadvert.com
127.0.0.1 08.185.87.85.liveadvert.com
127.0.0.1 08.185.87.86.liveadvert.com
127.0.0.1 08.185.87.87.liveadvert.com
127.0.0.1 08.185.87.88.liveadvert.com
127.0.0.1 08.185.87.89.liveadvert.com
127.0.0.1 08.185.87.9.liveadvert.com
127.0.0.1 08.185.87.90.liveadvert.com
127.0.0.1 08.185.87.91.liveadvert.com
127.0.0.1 08.185.87.93.liveadvert.com

Moze to cos pomoze...

wielkaradosc:

znow obciazenie procesora to 100%.

OK, ale co obciaza procesor ? Nie gadaj tulko ze "bezczynnosc systemu".

wielkaradosc:

Sciagnalem programy do czyszczenia i naprawy rejestru (NGBClearRe, regcleaner, reghealer).

Daruj sobie i przestan zasmiecac system guzik wartymi programami. One zdadza sie psu na bude.

Masz ciagle ten sam plik – ws635910.dll. Pozbadz sie go raz a dobrze. W awaryjnym, killboxem, hijackiem w opcjach "misc tools" lub z konsoli odzyskiwania. Jest rowniez edtExt.dll, ktorego wczesniej nie zauwazylem.

wielkaradosc:

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{E6FB5E20–DE35–11CF–9C87–00AA005127ED}" = "WebCheck"
–> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\ws635910.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
–> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\edtExt.dll" [empty string]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WebCheck" = "{E6FB5E20–DE35–11CF–9C87–00AA005127ED}"
–> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\ws635910.dll" [null data]

Usun to, zrob ponownie skan. Jesli nic nie bedzie, nie wklejaj go. Jesli bedzie, zrob dodatkowo skan HiJackiem i wklej oba logi.

Nie draznisz jeszcze

Uff.
Usunalem, co trzeba. I wciaz nic, wciaz laduje sie pulpit bez ikon, znow obciazenie procesora to 100%. Sciagnalem programy do czyszczenia i naprawy rejestru (NGBClearRe, regcleaner, reghealer). Sprawdzilem, czy czegos nie ma w menadzerze zadan. I nie wiem wciaz, co jest zle.
"Silent Runners.vbs", revision 35, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non–default values, except where indicated by "{++}"


Startup items buried in registry:
–––––––––––––––––––––––––––––––––

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Komunikator" = "E:\Program Files\Tlen.pl\tlen.exe" [null data]
"MSMSGS" = ""E:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"Gadu–Gadu" = ""D:\Gadu–Gadu\gg.exe" /tray" ["sms–express.com"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"WinampAgent" = "E:\Program Files\Winamp\winampa.exe" [null data]
"ccApp" = ""E:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"WinPatrol" = ""E:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"" ["BillP Studios"]
"NvMediaCenter" = "RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"NVRTCLK" = "E:\WINDOWS\System32\NVRTCLK\NVRTClk.exe" [empty string]
"PathNvidiaTV" = "E:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe" [empty string]
"VGAUtil" = "E:\Program Files\GigaByte\VGA Utility Manager\G–VGA.exe" [empty string]
"RemoteControl" = "F:\PDVD\PDVDServ.exe" ["Cyberlink Corp."]
"HP Component Manager" = ""E:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett–Packard Company"]
"HP Software Update" = ""E:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd2.exe"" ["Hewlett–Packard Company"]
"APVXDWIN" = ""E:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s" ["Panda Software International"]
"SpyStopperPro" = "E:\security\ssp\ssp.exe" ["InfoWorks Technology Company "]
"SpyBlockerPro" = "E:\security\ssp\spyblocker.exe" [file not found]

HKLM\Software\Microsoft\Active Setup\Installed Components\
{306D6C21–C1B6–4629–986C–E59E1875B8AF}\(Default) = (no title provided)
\StubPath = ""E:\WINDOWS\System32\rundll32.exe" "E:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F–C8D7–4D59–B87D–784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{BDF3E430–B101–42AD–A544–FADC6B084872}\(Default) = "CNavExtBho Class" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560–9AA2–1069–930E–00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
–> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{E6FB5E20–DE35–11CF–9C87–00AA005127ED}" = "WebCheck"
–> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\ws635910.dll" [null data]
"{A70C977A–BF00–412C–90B7–034C51DA2439}" = "NvCpl DesktopContext Class"
–> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949–8F65–4355–8456–263E7C208A5D}" = "Desktop Explorer"
–> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB–F9E5–4718–997B–B8DA88302A47}" = "Desktop Explorer Menu"
–> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB–F9E5–4718–997B–B8DA88302A48}" = "nView Desktop Context Menu"
–> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{E0D79304–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "E:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "E:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "E:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "E:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{B41DB860–8EE4–11D2–9906–E49FADC173CA}" = "WinRAR shell extension"
–> {CLSID}\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]
"{0006F045–0000–0000–C000–000000000046}" = "Microsoft Outlook Custom Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206–2D85–11D3–8CFF–005004838597}" = "Microsoft Office HTML Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{32020A01–506E–484D–A2A8–BE3CF17601C3}" = "AlcoholShellEx"
–> {CLSID}\InProcServer32\(Default) = "E:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{d0e04dfd–9185–49bd–b3a8–cdefa63f810a}" = "Philips RUSH Audio Player (128 MB)Shell Hook"
–> {CLSID}\InProcServer32\(Default) = "PHIL16Ah.dll" ["Copyright (c) 2003, Koninklijke Philips"]
"{C141B52E–7FAC–49D6–A3D2–C7AFBBD7357E}" = "SimpleShlExt extension"
–> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\edtExt.dll" [empty string]
"{75E6139C–7EC4–11D5–8D0F–A07CD97BF970}" = "All To WMA Converter"
–> {CLSID}\InProcServer32\(Default) = "E:\Program Files\LitexMedia\All To WMA Converter\WMAShellExt.dll" [empty string]
"{330417E8–EF62–4047–82BE–D8305CEFF572}" = "AMEncShlExt extension"
–> {CLSID}\InProcServer32\(Default) = "E:\PROGRA~1\4MUSIC~1\amshellext.dll" ["4Musics, Inc."]
"{FFB699E0–306A–11d3–8BD1–00104B6F7516}" = "Play on my TV helper"
–> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{B9E1D2CB–CCFF–4AA6–9579–D7A4754030EF}" = "iTunes"
–> {CLSID}\InProcServer32\(Default) = "E:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{65756541–C65C–11CD–0000–4B656E696100}" = "Panda Antivirus"
–> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Panda Software\Panda Titanium Antivirus 2004\ShellTit.DLL" ["Panda Software International"]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WebCheck" = "{E6FB5E20–DE35–11CF–9C87–00AA005127ED}"
–> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\ws635910.dll" [null data]


Enabled Screen Saver:
–––––––––––––––––––––

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "E:\WINDOWS\System32\logon.scr" [MS]


Enabled Wallpaper and Active Desktop:
–––––––––––––––––––––––––––––––––––––

Active Desktop is enabled.

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "%APPDATA%\Microsoft\Internet Explorer\Tapeta programu Internet Explorer.bmp"


Startup items in "wielkaradosc" & "All Users" startup folders:
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

E:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"InterVideo WinCinema Manager" –> shortcut to: "E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" ["InterVideo Inc."]
"Microsoft Office" –> shortcut to: "E:\Program Files\Microsoft Office\Office10\OSA.EXE –b –l" [MS]
"Adobe Gamma Loader" –> shortcut to: "E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]


Enabled Scheduled Tasks:
––––––––––––––––––––––––

"Norton AntiVirus – Scan my computer" –> launches: "E:\PROGRA~1\NORTON~1\Navw32.exe /task:"E:\Documents and Settings\All Users\Dane aplikacji\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Norton AntiVirus – Scan my computer – wielkaradosc" –> launches: "E:\PROGRA~1\NORTON~1\NAVW32.EXE /task:"E:\Documents and Settings\All Users\Dane aplikacji\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Symantec NetDetect" –> launches: "E:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" [file not found]


Winsock2 Service Provider DLLs:
–––––––––––––––––––––––––––––––

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
E:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavlsp.dll ["Panda Software "], 01 – 03, 17
%SystemRoot%\system32\mswsock.dll [MS], 04 – 06, 09 – 16
%SystemRoot%\system32\rsvpsp.dll [MS], 07 – 08


Toolbars, Explorer Bars, Extensions:
––––––––––––––––––––––––––––––––––––

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6}"
–> {CLSID}\(Default) = "Norton AntiVirus"
–> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6}"
–> {CLSID}\(Default) = "Norton AntiVirus"
–> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

"{EF99BD32–C1FB–11D2–892F–0090271D4F88}"
–> {CLSID}\(Default) = "&Yahoo! Toolbar"
–> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

"{2318C2B1–4965–11D4–9B18–009027A5CD4F}"
–> {CLSID}\(Default) = "&Google"
–> {CLSID}\InProcServer32\(Default) = "e:\program files\google\googletoolbar1.dll" ["Google Inc."]


Running Services (Display Name, Service Name, Path {Service DLL}):
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

NVIDIA Display Driver Service, NVSvc, "E:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Panda anti–virus service, PAVSRV, ""E:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe"" ["Panda Software"]
Panda IManager Service, PSIMSVC, ""E:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe"" ["Panda Software Internacional"]
Panda Process Protection Service, PavPrSrv, ""E:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe"" ["Panda Software"]
Symantec Core LC, Symantec Core LC, "E:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]


––––––––––
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the –all parameter.
––––––––––

Nie draznisz jeszcze :D .

Tak, masz to usunac. Foldery w Program files rowniez.

Nie chce Cie draznic, El Nino, ale zapytam sie jeszcze: mam usunac wartosci z rejestru, wskazane przez Ciebie, tak?
I za pomoca KillBoxa wywalic przy restarcie te biblioteki dll, zgadza sie?

Np.:

wielkaradosc:

"WebCheck" = "{E6FB5E20–DE35–11CF–9C87–00AA005127ED}"
–> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\ws5392005.dll" [null data]
"IBCC000E" = "{68D04856–2901–0641–39EF–210877FE564A}"
–> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\Hlapaf32.dll" [file not found]
"Wincmd" = "{AB2D83F4–8E94–D479–E16F–98A397B5ADD1}"
–> {CLSID}\InProcServer32\(Default) = "f:\wincmd\wingcojoj32.dll" [file not found]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{FAA356E4–D317–42A6–AB41–A3021C6E7D52}"
–> {CLSID}\(Default) = "ISTbar"
–> {CLSID}\InProcServer32\(Default) = "E:\Program Files\ISTbar\istbarcm.dll" [file not found]

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{8CBA1B49–8144–4721–A7B1–64C578C9EED7}\
–> {CLSID}\(Default) = "SideFind"
–> {CLSID}\InProcServer32\(Default) = "E:\Program Files\SideFind\sidefind.dll" [file not found]

Usunalem wszystko, co wskazywal analizator hijacka do usuniecia. Szukalem trojkowcow na liscie, ale nie znalazlem. A na SR sie nie znam zupelnie, wiec nawet nie probuje kombinowac.

wielkaradosc:

Analiza loga nie wykazuje bledow...

Jestes pewien ? Usunales wszystko ?
Silent Runners rowniez pokazuje kilka pozycji do usuniecia.

Nie wiem juz, co dalej robic. Analiza loga nie wykazuje bledow, mks nie znajduje wirusa zadnego, Panda tez. Przeszukalem rejestr zgodnie ze wskazowkami dotyczaci topicu 'your system is infected', przywrocilem tapete.
Mimo to, po uruchomieniu kompa, wciaz trzeba czekac 3min na pokazanie sie ikon wszystkich.
Pomozcie.