nie moźna nic uruchomic, proszę o pomoc
Nie mam pojęcia co się stało z moim komputerem. Skróty do aplikacji z pulpitu wyświetlają się z rozszerzeniem .lnk (czego wcześniej nie było).
Mało tego – system nie wie jak je otwworzyć i wyrzuca mi "otwieranie za pomocą..." Tak jest z większością aplikacji, np: z poleceniami typu: regedit, sfc, msconfig....
Poza tym nie moźna otworzyć narzędzi administracyjnych: podgląd zdarzeń, itd. bo znów napotyka ten sam problem. Skanowałam system antywirusem i znalazł jakiegoś trojana, którego usunął( jpdnssec6.exe w katalogu windows/system32)Sprawdziłam juź go tam nie ma.
Nie moźliwe jest korzystanie z funkcji "Wyszukaj"
Logfile of HijackThis v1.99.1
Scan saved at 22:51:51, on 2005–06–10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: SearchToolbar – {08BEC6AA–49FC–4379–3587–4B21E286C19E} – C:\WINDOWS\system32\ie2cltr.dll (file missing)
O2 – BHO: (no name) – {30190E0A–1399–12EC–0CD7–211CCC9919A4} – (no file)
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 – BHO: (no name) – {817103B8–F49D–E281–170A–AF4346D90CA7} – (no file)
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FLASHGET\jccatch.dll
O2 – BHO: TGTSoft Explorer Toolbar Changer – {C333CF63–767F–4831–94AC–E683D962C63C} – C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – C:\WINDOWS\Downloaded Program Files\CONFLICT.1\googlenav.dll
O4 – HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\STARDOCK\WINCUS~1\BOOTSKIN\BootSkin.exe" /StartupJobs
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 – HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 – HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe –Hide
O4 – HKCU\..\Run: [AWMON] "C:\PROGRA~1\LAVASOFT\AD–AWA~1\Ad–Watch.exe"
O4 – Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 – Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
O6 – HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 – Extra context menu item: &Google Search – res://C:\WINDOWS\Downloaded Program Files\CONFLICT.1\googlenav.dll/cmsearch.html
O8 – Extra context menu item: Backward &Links – res://C:\WINDOWS\Downloaded Program Files\CONFLICT.1\googlenav.dll/cmbacklinks.html
O8 – Extra context menu item: Cac&hed Snapshot of Page – res://C:\WINDOWS\Downloaded Program Files\CONFLICT.1\googlenav.dll/cmcache.html
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Si&milar Pages – res://C:\WINDOWS\Downloaded Program Files\CONFLICT.1\googlenav.dll/cmsimilar.html
O8 – Extra context menu item: Translate into English – res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_all.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\WINDOWS\System32\msjava.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\WINDOWS\System32\msjava.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 – DPF: Interface Chat Wanadoo – http://chat7.x–echo.com/version5/Applet/wchatsign.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100120052832
O16 – DPF: {6CB5E471–C305–11D3–99A8–000086395495} (Google Activate) – http://toolbar.google.com/data/pl/big/1.1.62–big/GoogleNav.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{2EE0E428–D3C4–404A–B808–73A806900A9A}: NameServer = 69.50.176.156 195.225.176.31
O17 – HKLM\System\CCS\Services\Tcpip\..\{5520E192–B71B–4A32–8318–A18E55383538}: NameServer = 69.50.176.156,195.225.176.31
O17 – HKLM\System\CCS\Services\Tcpip\..\{7719E020–CF1E–4F85–9193–5C6CA0EA10FC}: NameServer = 69.50.176.156,195.225.176.31
O17 – HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.176.156,195.225.176.31
O20 – Winlogon Notify: MCPClient – C:\Program Files\Common Files\Stardock\mcpstub.dll
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: StyleXPService – Unknown owner – C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
Dodam jeszcze źe z autostartu nic się nie uruchamia.
Mało tego – system nie wie jak je otwworzyć i wyrzuca mi "otwieranie za pomocą..." Tak jest z większością aplikacji, np: z poleceniami typu: regedit, sfc, msconfig....
Poza tym nie moźna otworzyć narzędzi administracyjnych: podgląd zdarzeń, itd. bo znów napotyka ten sam problem. Skanowałam system antywirusem i znalazł jakiegoś trojana, którego usunął( jpdnssec6.exe w katalogu windows/system32)Sprawdziłam juź go tam nie ma.
Nie moźliwe jest korzystanie z funkcji "Wyszukaj"
Logfile of HijackThis v1.99.1
Scan saved at 22:51:51, on 2005–06–10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: SearchToolbar – {08BEC6AA–49FC–4379–3587–4B21E286C19E} – C:\WINDOWS\system32\ie2cltr.dll (file missing)
O2 – BHO: (no name) – {30190E0A–1399–12EC–0CD7–211CCC9919A4} – (no file)
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 – BHO: (no name) – {817103B8–F49D–E281–170A–AF4346D90CA7} – (no file)
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FLASHGET\jccatch.dll
O2 – BHO: TGTSoft Explorer Toolbar Changer – {C333CF63–767F–4831–94AC–E683D962C63C} – C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – C:\WINDOWS\Downloaded Program Files\CONFLICT.1\googlenav.dll
O4 – HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\STARDOCK\WINCUS~1\BOOTSKIN\BootSkin.exe" /StartupJobs
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 – HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 – HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe –Hide
O4 – HKCU\..\Run: [AWMON] "C:\PROGRA~1\LAVASOFT\AD–AWA~1\Ad–Watch.exe"
O4 – Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 – Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
O6 – HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 – Extra context menu item: &Google Search – res://C:\WINDOWS\Downloaded Program Files\CONFLICT.1\googlenav.dll/cmsearch.html
O8 – Extra context menu item: Backward &Links – res://C:\WINDOWS\Downloaded Program Files\CONFLICT.1\googlenav.dll/cmbacklinks.html
O8 – Extra context menu item: Cac&hed Snapshot of Page – res://C:\WINDOWS\Downloaded Program Files\CONFLICT.1\googlenav.dll/cmcache.html
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Si&milar Pages – res://C:\WINDOWS\Downloaded Program Files\CONFLICT.1\googlenav.dll/cmsimilar.html
O8 – Extra context menu item: Translate into English – res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_all.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\WINDOWS\System32\msjava.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\WINDOWS\System32\msjava.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 – DPF: Interface Chat Wanadoo – http://chat7.x–echo.com/version5/Applet/wchatsign.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100120052832
O16 – DPF: {6CB5E471–C305–11D3–99A8–000086395495} (Google Activate) – http://toolbar.google.com/data/pl/big/1.1.62–big/GoogleNav.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{2EE0E428–D3C4–404A–B808–73A806900A9A}: NameServer = 69.50.176.156 195.225.176.31
O17 – HKLM\System\CCS\Services\Tcpip\..\{5520E192–B71B–4A32–8318–A18E55383538}: NameServer = 69.50.176.156,195.225.176.31
O17 – HKLM\System\CCS\Services\Tcpip\..\{7719E020–CF1E–4F85–9193–5C6CA0EA10FC}: NameServer = 69.50.176.156,195.225.176.31
O17 – HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.176.156,195.225.176.31
O20 – Winlogon Notify: MCPClient – C:\Program Files\Common Files\Stardock\mcpstub.dll
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: StyleXPService – Unknown owner – C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
Dodam jeszcze źe z autostartu nic się nie uruchamia.
Odpowiedzi: 1
Spróbuj ściągnąć ten plik i dodać go do rejestru.
Po wszystkim uruchom system ponownie i powiedz co i jak.
Z loga wylatuje:
Te DNSy mi nie pasują:
Przekonfiguruj sieć, bo chyba masz neostrade z tego co widze, a od niej są inne adresy.
Dodatkowo prosze o log z programu Silent Runners >> www.silentrunners.org
Tą restrykcje zrobił IMO SpyBot więc zostaje:
Po wszystkim uruchom system ponownie i powiedz co i jak.
Z loga wylatuje:
O2 – BHO: SearchToolbar – {08BEC6AA–49FC–4379–3587–4B21E286C19E} – C:\WINDOWS\system32\ie2cltr.dll (file missing)
O2 – BHO: (no name) – {30190E0A–1399–12EC–0CD7–211CCC9919A4} – (no file)
O2 – BHO: (no name) – {817103B8–F49D–E281–170A–AF4346D90CA7} – (no file
)O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
Te DNSy mi nie pasują:
O17 – HKLM\System\CCS\Services\Tcpip\..\{2EE0E428–D3C4–404A–B808–73A806900A9A}: NameServer = 69.50.176.156 195.225.176.31
O17 – HKLM\System\CCS\Services\Tcpip\..\{5520E192–B71B–4A32–8318–A18E55383538}: NameServer = 69.50.176.156,195.225.176.31
O17 – HKLM\System\CCS\Services\Tcpip\..\{7719E020–CF1E–4F85–9193–5C6CA0EA10FC}: NameServer = 69.50.176.156,195.225.176.31
Przekonfiguruj sieć, bo chyba masz neostrade z tego co widze, a od niej są inne adresy.
Dodatkowo prosze o log z programu Silent Runners >> www.silentrunners.org
Tą restrykcje zrobił IMO SpyBot więc zostaje:
O6 – HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
