Tempa to Ty sobie lepiej w awaryjnym opróźnij, albo w konsoli odzyskiwania. Polecenia na forum były podawane.

Jest juź ok :D

ten fix nie załatwia pojawiania ci sie przy skanowaniu adwerem. Załatwiał wpisy w rejestrze po syfie który miałaś.

Czyśc tak jak napisałem regularnie katalogi temp i pliki cookies.

Jesli będziesz miała problem z usunięciem jakiegoś pliku w katalogu temp lub jakimkolwiek. Ściągnij i zainstaluj sobie ten program Unlocker 1.7.4. Następnie spróbuj usunąć pliki w temp i jeśli pojawi ci się komunikat źe nie moźna usunąć jakiegoś pliku (będzie podana jego nazwa) kliknij prawawym myszy na ten plik i wybierz opcje Unlocker. Bedziesz wiedziała jaki program uźywa tego pliku. Zaznacz w programie i wybierz opcje uwolnij i teraz spróbuj skasować

Pozdrawiam :)

zrobiłam fixa i usunełam z tempa wszystko co mogłam bo nie wszystkie pliki dały sie wykasować. wklejam jeszcze raz hijacka i silenta
Logfile of HijackThis v1.99.1
Scan saved at 10:59:04, on 2006–01–13
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\System32\WScript.exe
C:\DOCUME~1\Edyta\USTAWI~1\Temp\Rar$EX00.735\HijackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: Yahoo! Toolbar Helper – {02478D38–C3F9–4EFB–9B51–7695ECA05670} – C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 – BHO: SSVHelper Class – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: Yahoo! Toolbar – {EF99BD32–C1FB–11D2–892F–0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 – HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 – HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" ––logon
O4 – HKLM\..\Run: [CARPService] carpserv.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 – HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 – HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 – HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 – HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 – Global Startup: HP Image Zone – szybkie uruchamianie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O9 – Extra 'Tools' menuitem: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O16 – DPF: {1A781DED–C22D–4153–3213–A3211E29DF13} (GameDesire Card Games) – http://67.15.101.3/g_bin/pl/cards_2_0_0_66.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_24.cab
O23 – Service: AntiVir Service (AntiVirService) – H+BEDV Datentechnik GmbH – C:\Program Files\AVPersonal\AVGUARD.EXE
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: AntiVir Update (AVWUpSrv) – H+BEDV Datentechnik GmbH, Germany – C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 – Service: Pml Driver HPZ12 – HP – C:\WINDOWS\System32\HPZipm12.exe





"Silent Runners.vbs", revision 43, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non–default values, except where indicated by "{++}"


Startup items buried in registry:
–––––––––––––––––––––––––––––––––

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"HTpatch" = "C:\WINDOWS\htpatch.exe" [null data]
"SiSUSBRG" = "C:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."]
"ClamWin" = ""C:\Program Files\ClamWin\bin\ClamTray.exe" ––logon" ["alch"]
"CARPService" = "carpserv.exe" ["Conexant Systems"]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
"gcasServ" = ""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" [MS]
"HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett–Packard Company"]
"HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett–Packard Co."]
"AVGCtrl" = ""C:\Program Files\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38–C3F9–4EFB–9B51–7695ECA05670}\(Default) = "Yahoo! Toolbar Helper" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
{761497BB–D6F0–462C–B6EB–D4DAF1D92D43}\(Default) = "SSVHelper Class" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714–76d4–11d1–8b24–00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
–> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560–9AA2–1069–930E–00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{F0CB00CD–5A07–4D91–97F5–A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\K–Lite Codec Pack\Real\rpshell.dll" ["RealNetworks, Inc."]
"{B41DB860–8EE4–11D2–9906–E49FADC173CA}" = "WinRAR shell extension"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{9EF34FF2–3396–4527–9D27–04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ClamWin\(Default) = "{65713842–C410–4f44–8383–BFE01A398C90}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ClamWin\bin\ExpShell.dll" ["alch"]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
ClamWin\(Default) = "{65713842–C410–4f44–8383–BFE01A398C90}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ClamWin\bin\ExpShell.dll" ["alch"]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
–––––––––––––––––––––––––––––

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Edyta\Dane aplikacji\Microsoft\Internet Explorer\Tapeta programu Internet Explorer.bmp"


Enabled Screen Saver:
–––––––––––––––––––––

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in "Edyta" & "All Users" startup folders:
–––––––––––––––––––––––––––––––––––––––––––––––––––––––

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"HP Digital Imaging Monitor" –> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett–Packard Co."]
"HP Image Zone – szybkie uruchamianie" –> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe –s" [null data]


Winsock2 Service Provider DLLs:
–––––––––––––––––––––––––––––––

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 – 03, 06 – 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 – 05


Toolbars, Explorer Bars, Extensions:
––––––––––––––––––––––––––––––––––––

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32–C1FB–11D2–892F–0090271D4F88}" = "Yahoo! Toolbar" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32–C1FB–11D2–892F–0090271D4F88}" = "Yahoo! Toolbar" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0–4FCB–11CF–AAA5–00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC–0015–0000–0006–ABCDEFFEDCBC}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{FB5F1910–F110–11D2–BB9E–00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Messenger"
"Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

AntiVir Service, AntiVirService, ""C:\Program Files\AVPersonal\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"]
AntiVir Update, AVWUpSrv, ""C:\Program Files\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]


Print Monitors:
–––––––––––––––

HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt10\Driver = "hpzsnt10.dll" ["HP"]


––––––––––
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the –all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the –supp parameter or answer "No" at the first message box.
–––––––––– (total run time: 141 seconds, including 7 seconds for message boxes)



jeszcze chce tylko zapytać czy ten fix to tylko załatwia sprawe na ten czas czy blokuje moźliwość pojawienia sie adwara po raz drugi?

Zrób znowu fixa otwórz notatnik i wklej w nim procedura ta sama jak zwykle

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyWebSearch Email Plugin"=–
"Spyware Cleaner"=–

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4D1C4E89–A32A–416B–BCDB–33B3EF3617D3}"=–

w notatniku zakładka plik=>zapisz jako. Nazywasz plik FIX.REG A w zapisz jako typ zmieniasz na wszsytkie pliki i ok. Powstanie ci na pulpicie fix Przejście do trybu awaryjnego Windows.(podczas startu systemu wciskaj F8 i wybierz tryb awaryjny bez sieci) i uruchom fixa.

Juź powinno być OK :D

ze skanu adwara wychodzi mi jeszcze jeden śmieć nazywa sie "tracking co"niby adwar go usuwa, ale przy następnym skanowaniu znów znajduje

Tym się nie przejmuj. Czyść regularnie pliki cookies przeglądarki.(wejdz we właściwosci Internet Explorer i poszukaj opcji usuń pliki cookies.) Oprózniaj foldery temp. NP: wpisz w uruchom %temp%. I usuń wszystko co tam jest.

Logfile of HijackThis v1.99.1
Scan saved at 08:20:56, on 2006–01–13
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WLAN\WConfig\WConfig.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Edyta\USTAWI~1\Temp\Rar$EX02.688\HijackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: Yahoo! Toolbar Helper – {02478D38–C3F9–4EFB–9B51–7695ECA05670} – C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 – BHO: SSVHelper Class – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: Yahoo! Toolbar – {EF99BD32–C1FB–11D2–892F–0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 – HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 – HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" ––logon
O4 – HKLM\..\Run: [CARPService] carpserv.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 – HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 – HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 – HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 – HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 – Global Startup: HP Image Zone – szybkie uruchamianie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O9 – Extra 'Tools' menuitem: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O16 – DPF: {1A781DED–C22D–4153–3213–A3211E29DF13} (GameDesire Card Games) – http://67.15.101.3/g_bin/pl/cards_2_0_0_66.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_24.cab
O23 – Service: AntiVir Service (AntiVirService) – H+BEDV Datentechnik GmbH – C:\Program Files\AVPersonal\AVGUARD.EXE
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: AntiVir Update (AVWUpSrv) – H+BEDV Datentechnik GmbH, Germany – C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 – Service: Pml Driver HPZ12 – HP – C:\WINDOWS\System32\HPZipm12.exe



"Silent Runners.vbs", revision 43, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non–default values, except where indicated by "{++}"


Startup items buried in registry:
–––––––––––––––––––––––––––––––––

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"MyWebSearch Email Plugin" = "C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" [file not found]
"Spyware Cleaner" = ""C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"HTpatch" = "C:\WINDOWS\htpatch.exe" [null data]
"SiSUSBRG" = "C:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."]
"ClamWin" = ""C:\Program Files\ClamWin\bin\ClamTray.exe" ––logon" ["alch"]
"CARPService" = "carpserv.exe" ["Conexant Systems"]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
"gcasServ" = ""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" [MS]
"HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett–Packard Company"]
"HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett–Packard Co."]
"AVGCtrl" = ""C:\Program Files\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38–C3F9–4EFB–9B51–7695ECA05670}\(Default) = "Yahoo! Toolbar Helper" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
{761497BB–D6F0–462C–B6EB–D4DAF1D92D43}\(Default) = "SSVHelper Class" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714–76d4–11d1–8b24–00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
–> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560–9AA2–1069–930E–00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{F0CB00CD–5A07–4D91–97F5–A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\K–Lite Codec Pack\Real\rpshell.dll" ["RealNetworks, Inc."]
"{B41DB860–8EE4–11D2–9906–E49FADC173CA}" = "WinRAR shell extension"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{9EF34FF2–3396–4527–9D27–04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ClamWin\(Default) = "{65713842–C410–4f44–8383–BFE01A398C90}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ClamWin\bin\ExpShell.dll" ["alch"]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
ClamWin\(Default) = "{65713842–C410–4f44–8383–BFE01A398C90}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ClamWin\bin\ExpShell.dll" ["alch"]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
–––––––––––––––––––––––––––––

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Edyta\Dane aplikacji\Microsoft\Internet Explorer\Tapeta programu Internet Explorer.bmp"


Enabled Screen Saver:
–––––––––––––––––––––

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in "Edyta" & "All Users" startup folders:
–––––––––––––––––––––––––––––––––––––––––––––––––––––––

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"HP Digital Imaging Monitor" –> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett–Packard Co."]
"HP Image Zone – szybkie uruchamianie" –> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe –s" [null data]


Winsock2 Service Provider DLLs:
–––––––––––––––––––––––––––––––

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 – 03, 06 – 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 – 05


Toolbars, Explorer Bars, Extensions:
––––––––––––––––––––––––––––––––––––

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{4D1C4E89–A32A–416B–BCDB–33B3EF3617D3}" = "Need2Find Bar" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL" [file not found]

"{EF99BD32–C1FB–11D2–892F–0090271D4F88}" = "Yahoo! Toolbar" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32–C1FB–11D2–892F–0090271D4F88}" = "Yahoo! Toolbar" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0–4FCB–11CF–AAA5–00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC–0015–0000–0006–ABCDEFFEDCBC}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{FB5F1910–F110–11D2–BB9E–00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Messenger"
"Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

AntiVir Service, AntiVirService, ""C:\Program Files\AVPersonal\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"]
AntiVir Update, AVWUpSrv, ""C:\Program Files\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]


Print Monitors:
–––––––––––––––

HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt10\Driver = "hpzsnt10.dll" ["HP"]


––––––––––
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the –all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the –supp parameter or answer "No" at the first message box.
–––––––––– (total run time: 142 seconds, including 4 seconds for message boxes)

daj obydwa logi do sprawdzenia

wiesz co chyba niepotrzebnie zawracałam ci głowe
bo to chyba wina avasta to on zawieszał wszystko jak go wyłączyłam to wszystko działa myśliszźe jak go na nowo zainstaluję będzie ok?
poza tym chce jeszcze zapytać o jeszcze jedną rzecz
ze skanu adwara wychodzi mi jeszcze jeden śmieć nazywa sie "tracking co"niby adwar go usuwa, ale przy następnym skanowaniu znów znajduje.
poza tym strasznie ci dziękuję jesteś wielki jezeli udało ci się pomóc blondynce hi hi hi :lol:

Dzieki to w sumie proste nie wiem czemu nie udało mi sie tego zrobić za pierwszym razem
ukazał mi sie taki komunikat po uruchomieniu tego fixu
informacja w c:\DOCUME~Edyta\Pulpit\FIX.REG została poprawnie wprowadzona do rejestru

ale to nie załatwiło problemu komputer zawiesza mi sie co kilka sekund na kilka sekund co dalej w takim razie?

Daj prawym myszki np na pulpit. Wybierz nowy potem dokument tekstowy. Wklej to w ten dokument tekstowy

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{07B18EA9–A523–4961–B6BB–170DE4475CCA}"=–
"{4D1C4E89–A32A–416B–BCDB–33B3EF3617D3}"=–

potem w notatniku zakładka plik=>zapisz jako. Nazywasz plik FIX.REG A w zapisz jako typ zmieniasz na wszsytkie pliki i ok. Powstanie ci na pulpicie fix Przejście do trybu awaryjnego Windows.(podczas startu systemu wciskaj F8 i wybierz tryb awaryjny bez sieci) i uruchom fixa

to proszę informację jak mam to wykonać z tym notatnikiem
nie wiem ja to sie robi
mam utworzyć ten notatnik
czy do istniejącego juź notatnika silenta
wiem źe to głupie źe tego nie kumam ale dopiero raczkuje i jak rozszerzyć txt na wszystkie pliki

Otwórz notatnik i wklej w nim to

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{07B18EA9–A523–4961–B6BB–170DE4475CCA}"=–
"{4D1C4E89–A32A–416B–BCDB–33B3EF3617D3}"=–

Plik >>> Zapisz jako >>> Ustaw rozszerzenie z TXT na Wszystkie pliki >>> zapisz pod nazwą FIX.REG >>> kliknij podwójnie zrobiony plik i potwierdź >>> reset kompa

nie ma juź ich na dysku. Zastosuj tego fixa i powinno być ok

I daj obydwa logi tylo poczekaj jak silent do końca skonczy

wiesz co do mnie to trzeba duźym i literami bo jestem ciemna jak tabaka w rogu
nie wiem niby usunęłam te pliki
ale w silencie nadal są
czy jest jakaś stronka dla ciemniaków takich jak ja gdzie piszą jak usuwać pliki w trybie awaryjnym
i czy nie ma jakiegoś prostszego sposobu źeby to wywalić?

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 – 03, 06 – 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 – 05


Toolbars, Explorer Bars, Extensions:
––––––––––––––––––––––––––––––––––––

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{07B18EA9–A523–4961–B6BB–170DE4475CCA}" = "My &Web Search" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL" [file not found]

"{4D1C4E89–A32A–416B–BCDB–33B3EF3617D3}" = "Need2Find Bar" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL" [file not found]

"{EF99BD32–C1FB–11D2–892F–0090271D4F88}" = "Yahoo! Toolbar" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32–C1FB–11D2–892F–0090271D4F88}" = "Yahoo! Toolbar" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0–4FCB–11CF–AAA5–00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC–0015–0000–0006–ABCDEFFEDCBC}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{FB5F1910–F110–11D2–BB9E–00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Messenger"
"Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

AntiVir Service, AntiVirService, ""C:\Program Files\AVPersonal\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"]
AntiVir Update, AVWUpSrv, ""C:\Program Files\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]


Print Monitors:
–––––––––––––––

HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt10\Driver = "hpzsnt10.dll" ["HP"]


––––––––––
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the –all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the –supp parameter or answer "No" at the first message box.
–––––––––– (total run time: 154 seconds, including 5 seconds for message boxes)

Otwórz notatnik i wklej wnim to

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyWebSearch Email Plugin"=–
"Spyware Cleaner"=–

Plik >>> Zapisz jako >>> Ustaw rozszerzenie z TXT na Wszystkie pliki >>> zapisz pod nazwą FIX.REG >>> kliknij podwójnie zrobiony plik i potwierdź >>> reset kompa

Natomiast to

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{07B18EA9–A523–4961–B6BB–170DE4475CCA}" = "My &Web Search" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL" ["MyWebSearch.com"]
"{4D1C4E89–A32A–416B–BCDB–33B3EF3617D3}" = "Need2Find Bar" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL" [file not found]

Wyłącz przywracanie systemu. Wejdz w tryb awaryjny. Katalogi zaznaczone na czerwono usuń ręcznie z dysku

Po wszystkim nowe logi HijackThis i Silent Runners.

wszystko pogibałam
sierotka marysia ze mnie prosze oto log silenta
Silent Runners.vbs", revision 43, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non–default values, except where indicated by "{++}"


Startup items buried in registry:
–––––––––––––––––––––––––––––––––

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"MyWebSearch Email Plugin" = "C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" [file not found]
"Spyware Cleaner" = ""C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"HTpatch" = "C:\WINDOWS\htpatch.exe" [null data]
"SiSUSBRG" = "C:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."]
"ClamWin" = ""C:\Program Files\ClamWin\bin\ClamTray.exe" ––logon" ["alch"]
"CARPService" = "carpserv.exe" ["Conexant Systems"]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
"gcasServ" = ""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" [MS]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett–Packard Company"]
"HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett–Packard Co."]
"AVGCtrl" = ""C:\Program Files\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38–C3F9–4EFB–9B51–7695ECA05670}\(Default) = "Yahoo! Toolbar Helper" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
{761497BB–D6F0–462C–B6EB–D4DAF1D92D43}\(Default) = "SSVHelper Class" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714–76d4–11d1–8b24–00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
–> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560–9AA2–1069–930E–00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{472083B0–C522–11CF–8763–00608CC02F24}" = "avast"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{F0CB00CD–5A07–4D91–97F5–A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\K–Lite Codec Pack\Real\rpshell.dll" ["RealNetworks, Inc."]
"{B41DB860–8EE4–11D2–9906–E49FADC173CA}" = "WinRAR shell extension"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{9EF34FF2–3396–4527–9D27–04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0–C522–11CF–8763–00608CC02F24}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
ClamWin\(Default) = "{65713842–C410–4f44–8383–BFE01A398C90}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ClamWin\bin\ExpShell.dll" [null data]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0–C522–11CF–8763–00608CC02F24}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
ClamWin\(Default) = "{65713842–C410–4f44–8383–BFE01A398C90}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ClamWin\bin\ExpShell.dll" ["alch"]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
–––––––––––––––––––––––––––––

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Edyta\Dane aplikacji\Microsoft\Internet Explorer\Tapeta programu Internet Explorer.bmp"


Enabled Screen Saver:
–––––––––––––––––––––

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in "Edyta" & "All Users" startup folders:
–––––––––––––––––––––––––––––––––––––––––––––––––––––––

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"HP Digital Imaging Monitor" –> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett–Packard Co."]
"HP Image Zone – szybkie uruchamianie" –> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe –s" [null data]


Winsock2 Service Provider DLLs:
–––––––––––––––––––––––––––––––

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 – 03, 06 – 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 – 05


Toolbars, Explorer Bars, Extensions:
––––––––––––––––––––––––––––––––––––

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{07B18EA9–A523–4961–B6BB–170DE4475CCA}" = "My &Web Search" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL" ["MyWebSearch.com"]

"{4D1C4E89–A32A–416B–BCDB–33B3EF3617D3}" = "Need2Find Bar" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL" [file not found]

"{EF99BD32–C1FB–11D2–892F–0090271D4F88}" = "Yahoo! Toolbar" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32–C1FB–11D2–892F–0090271D4F88}" = "Yahoo! Toolbar" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0–4FCB–11CF–AAA5–00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC–0015–0000–0006–ABCDEFFEDCBC}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{FB5F1910–F110–11D2–BB9E–00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Messenger"
"Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

AntiVir Service, AntiVirService, ""C:\Program Files\AVPersonal\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"]
AntiVir Update, AVWUpSrv, ""C:\Program Files\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]


Print Monitors:
–––––––––––––––

HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt10\Driver = "hpzsnt10.dll" ["HP"]


––––––––––
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the –all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the –supp parameter or answer "No" at the first message box.
–––––––––– (total run time: 486 seconds, including 18 seconds for message boxes)

usunełam plik i zrobiłam silenta
nie wiem czy dobrze wyświetliły mi sie pliki o których była mowa źe są niezbędne i nic poza tym ale nadal mam ten sam problem coś jest nie tak co prawda nie ma juź komunikatu z avasta źe mam adwara ale wszystko działa w spowolnionym tempie

C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

Z wyłaczonym przywracaniem systemu i w trybie awaryjnym usń ten plik zaznaczony na czerwono


Daj jeszcze loga Silent Runners

http://forum.centrumxp.pl/viewtopic.php?t=35349