A ja powtarzam! Daj loga z Silent`a! Przy okazji daj także z ComboFix.
Przestarzałe tematy dotyczące sprawdzania logów
Rozpoczęty przez
warrez
, 12 01 2007 23:57
-
Temat jest zamknięty
180 odpowiedzi w tym temacie
#22
Pecet
-
-
- 106 postów
Początkujący
Napisano 21 01 2007 - 11:22
No i mówiłem, że sterowniki Radeonka tutaj zwalniają kompa?! Ale czywiście nikt nie chciał mnie słuchać...
Sterowniki ATI po miesiącu od formata spowalniają system.
Sterowniki ATI po miesiącu od formata spowalniają system.
#23
Gość_Wasacz_*
Gość_Wasacz_*
Napisano 21 01 2007 - 13:52
Apropo tematu: Niestety to z ATI nie pomogło...
No i mówiłem, że sterowniki Radeonka tutaj zwalniają kompa?! Ale czywiście nikt nie chciał mnie słuchać...
Najlepiej poczekajmy na odpowiedź autora tematu.
#24
warrez
-
-
- 14 postów
Początkujący
Napisano 21 01 2007 - 18:27
Czyli powinienem zainstalować nowe? Ale omegi?
#25
Gość_Wasacz_*
Gość_Wasacz_*
Napisano 21 01 2007 - 18:32
Totalna głupota...Czyli powinienem zainstalować nowe? Ale omegi?
warrez, czytasz własne posty?
Doczekamy się tych logów?
#26
warrez
-
-
- 14 postów
Początkujący
Napisano 21 01 2007 - 20:14
Ludzie zrozumcie mnie, ja pomagam osobie z USA kompletnie odciętej od ludzi, którzy mogą jej pomóc z komputerami.
Przesłałem Silenta ale niestety nie udało się go otworzyć, to co ja mam niby zrobić?
Musiałbym teraz zacząć tłumaczyć i zgadywaćczemu wyskakuje jakiś problem...
Przesłałem Silenta ale niestety nie udało się go otworzyć, to co ja mam niby zrobić?
Musiałbym teraz zacząć tłumaczyć i zgadywaćczemu wyskakuje jakiś problem...
#27
Maciej13
-
-
- 261 postów
SecurityMaster
Napisano 22 01 2007 - 07:40
Rozumiemy Cię ale bez loga z Hijack This nie pojedziemy dalej. Jak to się nie dało odtworzyć Silent`a?! Daj także log z ComboFix.
#28
warrez
-
-
- 14 postów
Początkujący
Napisano 22 01 2007 - 18:33
Ufffff, wreszcie mi się udało....
Oto log z Silenta:
Przepraszam za złe wklejenie ale nie mogłe odnaleźć tego -cytatu.
//edit:
A ja znalazłem
Cytat nie jest wymagany, ale dzięki niemu logi wyglądają bardziej przejrzyście.
Wasacz
Oto log z Silenta:
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Komunikator" = "C:\Program Files\Tlen.pl\tlen.exe" [null data]
"SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CorelDRAW Graphics Suite 11b" = "C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=033105 serial=DR12WTX-9999998-YSP lang=EN" [file not found]
"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]
"MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Companion BHO"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C}\(Default) = "CBTB00001"
-> {HKLM...CLSID} = "CBTB00001 Class"
\InProcServer32\(Default) = "C:\PROGRA~1\Skype\toolbars\SKYPEF~1\toolbar.dll" ["IE Toolbar"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{5E44E225-A408-11CF-B581-008029601108}" = "Adaptec DirectCD Shell Extension"
-> {HKLM...CLSID} = "Adaptec DirectCD Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\Roxio\EASYCD~1\DirectCD\Shellex.dll" ["Roxio"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{0E40CBF0-0263-4AD4-A71B-11316667CBB7}" = "MuVo V200 Media Explorer"
-> {HKLM...CLSID} = "MuVo V200 Media Explorer"
\InProcServer32\(Default) = "C:\Program Files\Creative\Creative MuVo V200\CTMvns.dll" ["Creative Technology Ltd"]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVK9CM\(Default) = "{CAF4C320-32F5-11D3-A222-004095200FF2}"
-> {HKLM...CLSID} = "AVK9ContextMenue"
\InProcServer32\(Default) = "C:\Program Files\G DATA\AntiVirus 2007\AVK\ShellExt.dll" [empty string]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVK9CM\(Default) = "{CAF4C320-32F5-11D3-A222-004095200FF2}"
-> {HKLM...CLSID} = "AVK9ContextMenue"
\InProcServer32\(Default) = "C:\Program Files\G DATA\AntiVirus 2007\AVK\ShellExt.dll" [empty string]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 29
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 28
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{B13721C7-F507-4982-B2E5-502A71474FED}"
-> {HKLM...CLSID} = "Skype™ For Internet Explorer"
\InProcServer32\(Default) = "C:\Program Files\Skype\toolbars\Skype for Internet Explorer\toolbar.dll" ["IE Toolbar"]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {HKLM...CLSID} = "Yahoo! Companion"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll" ["Yahoo! Inc."]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
"{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}"
-> {HKLM...CLSID} = "BearShare MediaBar"
\InProcServer32\(Default) = "C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll" [file not found]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Companion"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll" ["Yahoo! Inc."]
"{B13721C7-F507-4982-B2E5-502A71474FED}" = (no title provided)
-> {HKLM...CLSID} = "Skype™ For Internet Explorer"
\InProcServer32\(Default) = "C:\Program Files\Skype\toolbars\Skype for Internet Explorer\toolbar.dll" ["IE Toolbar"]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.5.0_09"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_09"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll" ["Sun Microsystems, Inc."]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AVK Service, AVKService, "C:\Program Files\G DATA\AntiVirus 2007\AVK\AVKService.exe" ["G DATA Software AG"]
AVKProxy, AVKProxy, ""C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe"" ["G DATA Software AG"]
Diskeeper, Diskeeper, ""C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe"" ["Diskeeper Corporation"]
HP Configuration Interface Service, HPConfig, "C:\WINDOWS\system32\HPConfig.exe" ["Hewlett-Packard"]
HPWirelessMgr, HPWirelessMgr, "C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe" ["Hewlett-Packard Co."]
Karta wydajności WMI, WmiApSrv, "C:\WINDOWS\system32\wbem\wmiapsrv.exe" [MS]
NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]
Strażnik AVK, AVKWCtl, "C:\Program Files\G DATA\AntiVirus 2007\AVK\AVKWCtl.exe" [empty string]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzlnt06\Driver = "hpzlnt06.dll" ["HP"]
hpzlnt09\Driver = "hpzlnt09.dll" ["HP"]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 116 seconds, including 18 seconds for message boxes)
Przepraszam za złe wklejenie ale nie mogłe odnaleźć tego -cytatu.
//edit:
A ja znalazłem
Cytat nie jest wymagany, ale dzięki niemu logi wyglądają bardziej przejrzyście.
Wasacz
Użytkownik Wasacz edytował ten post 22 01 2007 - 18:37
#31
Maciej13
-
-
- 261 postów
SecurityMaster
Napisano 22 01 2007 - 19:02
Kosmetyka:
Otwórz Notatnik i wklej tekst:
Plik => Zapisz jako => Zmień rozszerzenie z .txt na wszystkie pliki => Zapisz pod nazwą FIX.REG
Odpal plik FIX.REG w Awaryjnym, potwierdź dodanie do rejestru i zresetuj komputer.
Otwórz Notatnik i wklej tekst:
Windows Registry Editor Version 5.00
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}"=-Plik => Zapisz jako => Zmień rozszerzenie z .txt na wszystkie pliki => Zapisz pod nazwą FIX.REG
Odpal plik FIX.REG w Awaryjnym, potwierdź dodanie do rejestru i zresetuj komputer.
#32
warrez
-
-
- 14 postów
Początkujący
Napisano 22 01 2007 - 23:47
A coś bardziej konkretnego? Brak pomysłów?
#33
mikus39
-
-
- 1 postów
Nowy
Napisano 01 02 2007 - 19:09
Proszę o sprawdzenie logu.Ja zupełnie tego nie rozumiem. 
Edit: Regulamin forum, § 8. Zmieniam nazwę tematu. Pioteer
A ja dorzucam cytat. Wasacz
Logfile of HijackThis v1.99.1
Scan saved at 17:09:55, on 2007-02-01
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Eset\nod32kui.exe
D:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
D:\Program Files\DAEMON Tools\daemon.exe
D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Spik\Spik.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Kalendarz XP\Kalendarz.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\Program Files\Skype\Plugin Manager\SkypePM.exe
E:\Programy\p2p\DC ++\StrongDC\StrongDC.exe
Z:\PROGRAMY\Narzędzia systemowe\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [AtiPTA] D:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1045
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Spik] D:\Program Files\Spik\Spik.exe -autostart
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kalendarz XP.lnk = D:\Program Files\Kalendarz XP\Kalendarz.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - (no file)
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - D:\Program Files\Spik\url_wpmsg.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: odserv - Unknown owner - D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing)
Edit: Regulamin forum, § 8. Zmieniam nazwę tematu. Pioteer
A ja dorzucam cytat. Wasacz
#34
Maciej13
-
-
- 261 postów
SecurityMaster
Napisano 01 02 2007 - 23:08
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - (no file)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - (no file)
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =Fix.
Ogólnie ok.
#35
DanBK
-
-
- 292 postów
Stały użytkownik
Napisano 06 02 2007 - 00:51
Logfile of HijackThis v1.99.1
Scan saved at 23:49:59, on 2007-02-05
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Desktop Sidebar\dsidebar.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\DOCUME~1\Master\USTAWI~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Winamp\<a href="http://www.download.net.pl/1/Winamp/">winamp</a>.exe
C:\Program Files\Winamp\<a href="http://www.download.net.pl/1/Winamp/">winamp</a>.exe
C:\WINDOWS\explorer.exe
C:\Program Files\WinFast\WFTVFM\WFTV.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Master\USTAWI~1\Temp\Rar$EX00.094\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\IH_iexplore.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\IH_iexplore.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\<a href="http://www.download.net.pl/1/Winamp/">winamp</a>a.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [SIDEBAR] "C:\Program Files\Desktop Sidebar\dsidebar.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169900044171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169912895921
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe// Edit by Maciej13 - Przenoszę do prawidłowego działu.
#36
Maciej13
-
-
- 261 postów
SecurityMaster
Napisano 06 02 2007 - 01:26
Użyj ATF-Cleaner w Trybie Awaryjnym. Zaznacz ptaszki w kwadracikach przy 1, 2 i 3 wpisie. Na koniec naciśnij Empty Selected.
Nowy log z Hjt oraz Silent!
Nowy log z Hjt oraz Silent!
#37
Fresh
-
-
- 3 postów
Nowy
Napisano 10 02 2007 - 15:09
Witam,
mam problem ponieważ komp mi się restartuje podczas pracy, proszę o sprawdzenie poniższego loga z hijcak.
mam problem ponieważ komp mi się restartuje podczas pracy, proszę o sprawdzenie poniższego loga z hijcak.
Logfile of HijackThis v1.99.1Scan saved at 16:30:46, on 2007-02-10Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\Program Files\VIA\RAID\raid_tool.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exeC:\Program Files\Java\jre1.5.0_04\bin\jusched.exeC:\WINDOWS\system32\appconf.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\eHome\ehmsas.exeC:\WINDOWS\System32\svchost.exeD:\NAVSetup.exeC:\WINDOWS\system32\msiexec.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exeC:\Documents and Settings\kasia\Desktop\hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url="http://www.tweaks.pl/open.php?url=http://www.google.pl/"]http://www.google.pl/[/url]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.tweaks.pl/open.php?url=http://www.onet.pl/"]http://www.onet.pl/[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.tweaks.pl/open.php?url=http://www.pcf.pl/"]http://www.pcf.pl/[/url]O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exeO4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exeO4 - HKLM\..\Run: [gemstrmw] C:\WINDOWS\system32\gemstrmw.exe /rO4 - HKLM\..\Run: [audiag] C:\WINDOWS\system32\audconf.exeO4 - HKLM\..\Run: [brwdiag] C:\WINDOWS\system32\brwconf.exeO4 - HKLM\..\Run: [appdiag] C:\WINDOWS\system32\appconf.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [WinMedia] "C:\WINDOWS\loader.9013671.exe "O4 - HKCU\..\Run: [sys32] C:\WINDOWS\alerter.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://www.pcf.pl/O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url="http://www.tweaks.pl/open.php?url=http://go.microsoft.com/fwlink/?linkid=39204"]http://go.microsoft.com/fwlink/?linkid=39204[/url]O20 - AppInit_DLLs: e1.dll confapp.dll appstat.dllO20 - Winlogon Notify: appmgr - C:\WINDOWS\SYSTEM32\appmgr32.dllO20 - Winlogon Notify: dsseds32 - C:\WINDOWS\system32\dsseds32.dll (file missing)O20 - Winlogon Notify: osunuxth - C:\WINDOWS\system32\osunuxth.dll (file missing)O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
#38
Maciej13
-
-
- 261 postów
SecurityMaster
Napisano 10 02 2007 - 20:40
Użyj WWDC. Wszystkie znaczki mają być na zielono! Po użyciu zresetuj komputer!
Ściągasz KillBox`a,
Odpalasz program w Trybie Awaryjnym.
W polu Full Path of File wklejasz:
C:\WINDOWS\system32\osunuxth.dll
C:\WINDOWS\system32\dsseds32.dll
C:\WINDOWS\system32\confapp.dll
C:\WINDOWS\system32\appstat.dll
C:\WINDOWS\system32\e1.dll
C:\WINDOWS\alerter.exe
C:\WINDOWS\loader.9013671.exe
C:\WINDOWS\system32\audconf.exe
C:\WINDOWS\system32\gemstrmw.exe
Zaznaczamy Delete on Reboot. Na koniec naciśnij X i zresetuj komputer.
Fix!
Plik przeskanuj na stronie -> http://virusscan.jotti.org i podaj wyniki.
Nowy log z Hjt oraz Silent`a!
Ściągasz KillBox`a,
Odpalasz program w Trybie Awaryjnym.
W polu Full Path of File wklejasz:
C:\WINDOWS\system32\osunuxth.dll
C:\WINDOWS\system32\dsseds32.dll
C:\WINDOWS\system32\confapp.dll
C:\WINDOWS\system32\appstat.dll
C:\WINDOWS\system32\e1.dll
C:\WINDOWS\alerter.exe
C:\WINDOWS\loader.9013671.exe
C:\WINDOWS\system32\audconf.exe
C:\WINDOWS\system32\gemstrmw.exe
Zaznaczamy Delete on Reboot. Na koniec naciśnij X i zresetuj komputer.
O4 - HKLM\..\Run: [gemstrmw] C:\WINDOWS\system32\gemstrmw.exe /r O4 - HKLM\..\Run: [audiag] C:\WINDOWS\system32\audconf.exe O4 - HKLM\..\Run: [brwdiag] C:\WINDOWS\system32\brwconf.exe O4 - HKLM\..\Run: [appdiag] C:\WINDOWS\system32\appconf.exe O4 - HKCU\..\Run: [WinMedia] "C:\WINDOWS\loader.9013671.exe " O4 - HKCU\..\Run: [sys32] C:\WINDOWS\alerter.exe O20 - AppInit_DLLs: e1.dll confapp.dll appstat.dll O20 - Winlogon Notify: dsseds32 - C:\WINDOWS\system32\dsseds32.dll (file missing) O20 - Winlogon Notify: osunuxth - C:\WINDOWS\system32\osunuxth.dll (file missing)
Fix!
O20 - Winlogon Notify: appmgr - C:\WINDOWS\SYSTEM32\appmgr32.dll
Plik przeskanuj na stronie -> http://virusscan.jotti.org i podaj wyniki.
Nowy log z Hjt oraz Silent`a!
#39
Fresh
-
-
- 3 postów
Nowy
Napisano 11 02 2007 - 00:14
Oto nowy log z Hijack
a to log z Silent Runners
Komp resetuje się nadal, jest lepiej bo przynajmniej mogłem wgrać antywirusa ale jedynie AVG dał mi wgrać, Nortona wogóle nie chce zainstalować "nie pokazuje się nawet okno instalacyjne Nortona", Pande IS 2007 dał zainstalować ale po instalacji komp się restartował nawet już przy ładowaniu windowsa.
Po każdym resecie mam informacje że System odzyskał sprawność działania po poważnym błędzie. Jak klikam nie wysyłaj tej info do microsoft to jeszcze kilka razy mi się to okno pojawia.
Może macie jeszcze jakiś pomysł co tu zrobić, bo uwieżcie mi że format tutaj to katastrofa - to jest komp naszej księgowej
!
Logfile of HijackThis v1.99.1Scan saved at 03:04:27, on 2007-02-11Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\savedump.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\SYSTEM32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\SCardSvr.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Spyware Doctor\sdhelp.exeC:\WINDOWS\eHome\ehRec.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\dumprep.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\ehome\mcrdsvc.exeC:\WINDOWS\eHome\ehmsas.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\wscntfy.exeC:\Documents and Settings\kasia\Desktop\hijackthis\HijackThis.exeC:\WINDOWS\system32\dwwin.exeC:\WINDOWS\system32\dllhost.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url="http://www.tweaks.pl/open.php?url=http://www.google.pl/"]http://www.google.pl/[/url]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.tweaks.pl/open.php?url=http://www.onet.pl/"]http://www.onet.pl/[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.tweaks.pl/open.php?url=http://www.pcf.pl/"]http://www.pcf.pl/[/url]O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\Spyware Doctor\tools\iesdsg.dllO2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\Spyware Doctor\tools\iesdpb.dllO4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeO4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dllO9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\Spyware Doctor\tools\iesdpb.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://www.pcf.pl/O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url="http://www.tweaks.pl/open.php?url=http://go.microsoft.com/fwlink/?linkid=39204"]http://go.microsoft.com/fwlink/?linkid=39204[/url]O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - [url="http://www.tweaks.pl/open.php?url=http://www.mks.com.pl/skaner/SkanerOnline.cab"]http://www.mks.com.pl/skaner/SkanerOnline.cab[/url]O20 - AppInit_DLLs: confapp.dll appstat.dllO20 - Winlogon Notify: appmgr - C:\WINDOWS\SYSTEM32\appmgr32.dllO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exea to log z Silent Runners
"Silent Runners.vbs", revision R50, [url="http://www.tweaks.pl/open.php?url=http://www.silentrunners.org/"]http://www.silentrunners.org/[/url]Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"ehTray" = "C:\WINDOWS\ehome\ehtray.exe" [MS]"ATIPTA" = ""C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."]"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = (no title provided) -> {HKLM...CLSID} = "PCTools Site Guard" \InProcServer32\(Default) = "C:\PROGRA~1\Spyware Doctor\tools\iesdsg.dll" ["PC Tools"]{B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = (no title provided) -> {HKLM...CLSID} = "PCTools Browser Monitor" \InProcServer32\(Default) = "C:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll" ["PC Tools"]HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {HKLM...CLSID} = "Display Panning CPL Extension" \InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\audiodev.dll" [MS]"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\Microsoft Office\Office\OLKFSTUB.DLL" [MS]"{E0D79300-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]"{E0D79301-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]"{E0D79302-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\<<!>> "AppInit_DLLs" = " confapp.dll appstat.dll" [file not found]HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\<<!>> appmgr\DLLName = "appmgr32.dll" [null data]<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]HKLM\Software\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\Software\Classes\*\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]WinZip\(Default) = "{E0D79300-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]WinZip\(Default) = "{E0D79300-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]WinZip\(Default) = "{E0D79300-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]Group Policies {GPedit.msc branch and setting}:-----------------------------------------------Note: detected settings may not have any effect.HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\"DisableRegistryTools" = (REG_DWORD) hex:0x00000000{User Configuration|Administrative Templates|System|Prevent access to registry editing tools}HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) hex:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Devices: Allow undock without having to log on}"InstallVisualStyle" = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles{unrecognized setting}"InstallTheme" = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Royale.theme{unrecognized setting}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCU\Software\Microsoft\Internet Explorer\Desktop\General\"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\kasia\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"Enabled Screen Saver:---------------------HKCU\Control Panel\Desktop\"SCRNSAVE.EXE" = "C:\WINDOWS\system32\nature.scr" [MS]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05Toolbars, Explorer Bars, Extensions:------------------------------------Extensions (Tools menu items, main toolbar menu buttons)HKLM\Software\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\"MenuText" = "Sun Java Console""CLSIDExtension" = "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}" -> {HKLM...CLSID} = "Java Plug-in 1.5.0_04" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."]{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\"ButtonText" = "Spyware Doctor""CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}" -> {HKLM...CLSID} = "PCTools Browser Monitor" \InProcServer32\(Default) = "C:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll" ["PC Tools"]{FB5F1910-F110-11D2-BB9E-00C04F795683}\"ButtonText" = "Messenger""MenuText" = "Windows Messenger""Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]Miscellaneous IE Hijack Points------------------------------C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")Added lines (compared with English-language version):[Strings]: START_PAGE_URL=http://www.pcf.pl/Missing lines (compared with English-language version):[Strings]: 1 lineRunning Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]Media Center Extender Service, McrdSvc, "C:\WINDOWS\ehome\mcrdsvc.exe" [MS]PC Tools Spyware Doctor, SDhelper, "C:\Program Files\Spyware Doctor\sdhelp.exe" ["PC Tools Research Pty Ltd"]Usługa Odbiornik Media Center, ehRecvr, "C:\WINDOWS\eHome\ehRecvr.exe" [MS]Usługa Planowanie nagrywania, ehSched, "C:\WINDOWS\eHome\ehSched.exe" [MS]Print Monitors:---------------HKLM\System\CurrentControlSet\Control\Print\Monitors\HPLJ1020LM\Driver = "ZLhp1020.DLL" ["Zenographics, Inc."]----------<<!>>: Suspicious data at a malware launch point.+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter.+ To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box.---------- (total run time: 39 seconds, including 5 seconds for message boxes)Komp resetuje się nadal, jest lepiej bo przynajmniej mogłem wgrać antywirusa ale jedynie AVG dał mi wgrać, Nortona wogóle nie chce zainstalować "nie pokazuje się nawet okno instalacyjne Nortona", Pande IS 2007 dał zainstalować ale po instalacji komp się restartował nawet już przy ładowaniu windowsa.
Po każdym resecie mam informacje że System odzyskał sprawność działania po poważnym błędzie. Jak klikam nie wysyłaj tej info do microsoft to jeszcze kilka razy mi się to okno pojawia.
Może macie jeszcze jakiś pomysł co tu zrobić, bo uwieżcie mi że format tutaj to katastrofa - to jest komp naszej księgowej
!
#40
Maciej13
-
-
- 261 postów
SecurityMaster
Napisano 11 02 2007 - 00:45
Polecam odinstalowanie Spyware Doctor`a.
Czy użyłeś WWDC?
Ściągasz KillBox`a,
Odpalasz program w Trybie Awaryjnym.
W polu Full Path of File wklejasz:
C:\WINDOWS\system32\confapp.dll
C:\WINDOWS\system32\appstat.dll
Zaznacz Delete on Reboot. Na koniec naciśnij X i zresetuj komputer.
W Trybie Awaryjnym, Start => Uruchom => regedit => Idź do klucza HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows i usuń wpis "AppInit_DLLs". Później idź do klucza HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify i usuń wpis appmgr.
Plik pogrubiony przeskanuj na stronie -> http://virusscan.jotti.org i podaj wyniki na forum!
Nowy log z Hjt oraz Silent`a!
Czy użyłeś WWDC?
Ściągasz KillBox`a,
Odpalasz program w Trybie Awaryjnym.
W polu Full Path of File wklejasz:
C:\WINDOWS\system32\confapp.dll
C:\WINDOWS\system32\appstat.dll
Zaznacz Delete on Reboot. Na koniec naciśnij X i zresetuj komputer.
W Trybie Awaryjnym, Start => Uruchom => regedit => Idź do klucza HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows i usuń wpis "AppInit_DLLs". Później idź do klucza HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify i usuń wpis appmgr.
O20 - Winlogon Notify: appmgr - C:\WINDOWS\SYSTEM32\appmgr32.dll
Plik pogrubiony przeskanuj na stronie -> http://virusscan.jotti.org i podaj wyniki na forum!
Nowy log z Hjt oraz Silent`a!
Użytkownicy przeglądający ten temat: 0
0 użytkowników, 0 gości, 0 anonimowych
