Problem z iexplore.exe
#1
Napisano 11 12 2007 - 19:55
#2
Napisano 11 12 2007 - 21:03
#3
Napisano 11 12 2007 - 21:06
#4
Napisano 11 12 2007 - 21:10
odznaczasz Internet Explorer
dalej, dalej, dalej...
i nie ma IE
#5
Napisano 11 12 2007 - 21:11
Daj loga z hjt.
#6
Napisano 11 12 2007 - 21:15
#8
Napisano 11 12 2007 - 21:57
Scan saved at 20:33:58, on 2007-12-11
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
D:\OmniPageSE4.0\OpwareSE4.exe
C:\windows\system32\ctfmon.exe
D:\Pogoda\pogoda.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\system32\nvsvc32.exe
d:\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\windows\system32\svchost.exe
D:\Mozilla Firefox\firefox.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
D:\Gadu-Gadu\gg.exe
d:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [SSBkg[beeep]date] "C:\Program Files\Common Files\Scansoft Shared\SSBkg[beeep]date\SSBkg[beeep]date.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "D:\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "d:\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [NBJ] "D:\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [tray] D:\Pogoda\pogoda.exe /tray
O4 - HKCU\..\Run: [Uniblue Spee[beeep]MyPC] d:\Spee[beeep]MyPC 3\Spee[beeep]MyPC.exe -s
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint – Dodaj do listy drukowania - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint – Drukuj - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint – Drukuj z dużą szybkością - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint – Podgląd - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{D5924E53-C833-40A0-B7CD-FE0052F9C1D8}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - d:\Alcohol 52\StarWind\StarWindServiceAE.exe
--
End of file - 5613 bytes
I co dalej?
#9
Napisano 11 12 2007 - 22:49
O4 - HKCU\..\Run: [Uniblue Spee[beeep]MyPC] d:\Spee[beeep]MyPC 3\Spee[beeep]MyPC.exe -s
Dodatkowo ściągnij Killbox w celu usunięcia poniżeszego piku
d:\Spee[beeep]MyPC 3\Spee[beeep]MyPC.exe -s
instrukcja do killbox'a:
1.Po instalacji odpal go
2.Jak odpalisz go to wciśnij obrazek na prawo od rączki w celu odnalezienia powyższego pliku
3.Jak go znajdziesz to wciśnij strzał( klawisz na prawo od rączki(czerwony).
Po wykonaniu tego nowe logi combofix+hjt
#10
Napisano 11 12 2007 - 23:04
Scan saved at 22:16:43, on 2007-12-11
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
D:\OmniPageSE4.0\OpwareSE4.exe
C:\windows\system32\ctfmon.exe
D:\Pogoda\pogoda.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\system32\nvsvc32.exe
d:\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\windows\system32\svchost.exe
D:\Mozilla Firefox\firefox.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
D:\Gadu-Gadu\gg.exe
C:\ComboFix\nircmd.cfexe
D:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [SSBkg[beeep]date] "C:\Program Files\Common Files\Scansoft Shared\SSBkg[beeep]date\SSBkg[beeep]date.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "D:\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "d:\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [NBJ] "D:\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [tray] D:\Pogoda\pogoda.exe /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint ? Dodaj do listy drukowania - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint ? Drukuj - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint ? Drukuj z dużą szybkością - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint ? Podgląd - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{D5924E53-C833-40A0-B7CD-FE0052F9C1D8}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - d:\Alcohol 52\StarWind\StarWindServiceAE.exe
--
End of file - 5562 bytes
A tego combofixa nie umiem obsłużyć. Po właczeniu pojawia się niebieskie okienko i nic...
#11
Napisano 11 12 2007 - 23:08
#12
Napisano 11 12 2007 - 23:15
#13
Napisano 11 12 2007 - 23:37
Mozliwe jest, że Combofix zrestaruje komputer by cos usunąc - więc - bez paniki wówczas
#14
Napisano 11 12 2007 - 23:38
#15
Napisano 11 12 2007 - 23:47
jak tak to ściągnij Deckard's System Scanner i przeskanuj nim system. Oba logi pokaż z niego.
#16
Napisano 12 12 2007 - 15:00
Run by Michał on 2007-12-12 14:10:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
14: 2007-12-12 13:10:37 UTC - RP120 - Deckard's System Scanner Restore Point
13: 2007-12-12 13:02:21 UTC - RP119 - Punkt kontrolny systemu
12: 2007-12-11 07:24:42 UTC - RP118 - Punkt kontrolny systemu
11: 2007-12-09 20:33:16 UTC - RP117 - Punkt kontrolny systemu
10: 2007-12-08 19:47:29 UTC - RP116 - Zainstalowano: Adobe Reader 6.0.2 CE
-- First Restore Point --
1: 2007-12-05 14:28:33 UTC - RP107 - Installed InstallScriptMSIEngine
Backed up registry hives.
Performed disk cleanup.
System Drive C: has 0.25 GiB (less than 15%) free.
-- HijackThis (run as Michał.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:10:59, on 2007-12-12
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
D:\OmniPageSE4.0\OpwareSE4.exe
C:\windows\system32\ctfmon.exe
D:\Pogoda\pogoda.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\system32\nvsvc32.exe
d:\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\windows\system32\svchost.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
\?\C:\windows\system32\WBEM\WMIADAP.EXE
H:\dss.exe
D:\HIJACK~1\Michał.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [SSBkg[beeep]date] "C:\Program Files\Common Files\Scansoft Shared\SSBkg[beeep]date\SSBkg[beeep]date.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "D:\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "d:\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [NBJ] "D:\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [tray] D:\Pogoda\pogoda.exe /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint – Dodaj do listy drukowania - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint – Drukuj - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint – Drukuj z dużą szybkością - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint – Podgląd - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{D5924E53-C833-40A0-B7CD-FE0052F9C1D8}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - d:\Alcohol 52\StarWind\StarWindServiceAE.exe
--
End of file - 5510 bytes
-- HijackThis Fixed Entries (D:\HIJACK~1\backups\) -----------------------------
backup-20071211-220930-528 O4 - HKCU\..\Run: [Uniblue Spee[beeep]MyPC] d:\Spee[beeep]MyPC 3\Spee[beeep]MyPC.exe -s
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 srosa (Megadrv3) - c:\windows\system32\drivers\srosa.sys
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 StarWindServiceAE (StarWind AE Service) - d:\alcohol 52\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>
S4 aswUpdSv (avast! iAVS4 Control Service) - "c:\program files\alwil software\avast4\aswupdsv.exe" (file missing)
S4 avast! Antivirus - "c:\program files\alwil software\avast4\ashserv.exe" (file missing)
S4 avast! Mail Scanner - "c:\program files\alwil software\avast4\ashmaisv.exe" /service (file missing)
S4 avast! Web Scanner - "c:\program files\alwil software\avast4\ashwebsv.exe" /service (file missing)
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Kontroler pamięci PCI
Device ID: PCI\VEN_10DE&DEV_005E&SUBSYS_815A1043&REV_A3\3&2411E6FE&0&00
Manufacturer:
Name: Kontroler pamięci PCI
PNP Device ID: PCI\VEN_10DE&DEV_005E&SUBSYS_815A1043&REV_A3\3&2411E6FE&0&00
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Kontroler magistrali zarządzania systemem
Device ID: PCI\VEN_10DE&DEV_0052&SUBSYS_815A1043&REV_A2\3&2411E6FE&0&09
Manufacturer:
Name: Kontroler magistrali zarządzania systemem
PNP Device ID: PCI\VEN_10DE&DEV_0052&SUBSYS_815A1043&REV_A2\3&2411E6FE&0&09
Service:
Class GUID:
Description: USB Device
Device ID: USB\VID_046D&PID_08D7&MI_00\6&39FAB9F5&0&0000
Manufacturer:
Name: USB Device
PNP Device ID: USB\VID_046D&PID_08D7&MI_00\6&39FAB9F5&0&0000
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Inne urządzenia typu mostek PCI
Device ID: PCI\VEN_10DE&DEV_0057&SUBSYS_81411043&REV_A3\3&2411E6FE&0&50
Manufacturer:
Name: Inne urządzenia typu mostek PCI
PNP Device ID: PCI\VEN_10DE&DEV_0057&SUBSYS_81411043&REV_A3\3&2411E6FE&0&50
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\ATK0110\1010110
Manufacturer:
Name:
PNP Device ID: ACPI\ATK0110\1010110
Service:
-- Scheduled Tasks -------------------------------------------------------------
2007-12-11 20:03:11 228 --a------ C:\windows\Tasks\Uniblue Spee[beeep]MyPC Nag.job
2007-12-11 20:03:09 306 --a------ C:\windows\Tasks\Uniblue Spee[beeep]MyPC.job
-- Files created between 2007-11-12 and 2007-12-12 -----------------------------
2007-12-11 22:10:55 0 d-------- C:\!KillBox
2007-12-09 11:18:03 0 d-------- C:\windows\pss
2007-12-08 20:47:33 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-08 20:43:43 0 d-------- C:\windows\Cache
-- Find3M Report ---------------------------------------------------------------
2007-12-12 14:07:09 448348 --a------ C:\windows\system32\perfh015.dat
2007-12-12 14:07:09 74450 --a------ C:\windows\system32\perfc015.dat
2007-12-12 14:05:58 0 d-------- C:\Program Files\Neostrada TP
2007-12-11 20:03:23 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\Uniblue
2007-12-08 21:11:11 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\Adobe
2007-12-08 20:47:33 0 d-------- C:\Program Files\Common Files
2007-12-05 15:39:43 0 dr-h----- C:\Documents and Settings\Michał\Dane aplikacji\SecuROM
2007-11-29 16:13:38 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\Hamachi
2007-11-28 11:26:19 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\Ahead
2007-11-03 17:23:04 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\Help
2007-11-01 10:16:43 4990 --a------ C:\windows\mozver.dat
2007-10-12 20:20:06 0 d-------- C:\Program Files\DivX
2007-09-19 22:20:05 335 --a------ C:\windows\mozregistry.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 20:07]
"nwiz"="nwiz.exe" [2005-07-20 20:07 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-07-20 20:07]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 16:12]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2005-03-21 09:09]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 10:38]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 17:07]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 17:07]
"SSBkg[beeep]date"="C:\Program Files\Common Files\Scansoft Shared\SSBkg[beeep]date\SSBkg[beeep]date.exe" [2003-09-29 23:14]
"OpwareSE4"="D:\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 12:19]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" []
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 11:31 C:\WINDOWS\KHALMNPR.Exe]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\windows\system32\ctfmon.exe" [2004-08-04 13:00]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-12-02 20:40]
"AlcoholAutomount"="d:\Alcohol 52\axcmd.exe" [2007-07-02 11:22]
"NBJ"="D:\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 15:10]
"tray"="D:\Pogoda\pogoda.exe" [2006-07-22 12:30]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-09-05 16:21:24]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2007-09-05 16:19:34]
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
AutoRun\command- I:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2110043-4042-11db-a6c6-806d6172696f}]
AutoRun\command- I:\Autorun.exe
*Newly Created Service* - WMIAPSRV
-- End of Deckard's System Scanner: finished at 2007-12-12 14:11:29 ------------
#17
Napisano 13 12 2007 - 11:13
Beagle.
Skasuj plik c:\windows\system32\drivers\srosa.sys - killboxem jakimś albo z poziomu konsoli odzyskiwania.
Tryb awaryjny - masz uszkodzone wpisy - zrób tak jak tu - /Problem-z-insta...usa-t13896/
To:
mi się nie odoba jeszcze.C:\windows\Tasks\Uniblue Spee[beeep]MyPC Nag.job
C:\windows\Tasks\Uniblue Spee[beeep]MyPC.job
Skasuj te zadania z Harmonogramu zadań (Start -> programy -> narzedzia systemowe -> zaplanowane zadania) jak ich nie znasz
Użytkownicy przeglądający ten temat: 0
0 użytkowników, 0 gości, 0 anonimowych