CentrumXP Forum Tematyka portalu CentrumXP.pl Windows XP Problem z uruchamianiem niektórych aplikacji

Problem z uruchamianiem niektórych aplikacji

Mam pewien problem. Otóż ostatnio instalowałem jakiś program i przed instalacją skanowałem go Avastem(nic nie znalazł). Po instalacji i restarcie kompa zauważyłem że nie odpalił mi się Avast w tle, nie chciał się też uruchomić z ikonki(Reinstalacja nic nie pomogła). Oprócz tego nie chce mi się uruchamiać "odzyskiwanie systemu", "Pomoc i obsługa techniczna" i sporo innych Widowsowych rzeczy... Jak wchodzę w wyszukaj to podbiega ten piesek i nic się dalej nie dzieje. Sporo programów nie chce się uruchamiać. I jeszcze pobierałem aktualizacje systemu jak zrestartowałem kompa po instalacji. Sądzę że to albo jakiś wirus z tego programu, albo to że przerwałem te aktualizacje. Windowsa XP używam 3 miesiące i jeszcze nie do końca go poznałem. Proszę o pomoc, co mogło się stać, i jak to naprawić?

Odpowiedzi: 13

killboxem tylko sie dalo, nic sie nie zmieniło niestety, zrestartowałem kompa i też nic.
maciieq
Dodano
13.09.2007 22:40:29
Nie mam tego wirusa. Ten programik pomógł:d/ Mi się nic nie chciało usunąć, ale jak robiłem logi to się komp zrestartował i się usunął ten wirus:mryellow: Wielkie dzięki, jakby co będę pytał:lol:
Bombasarkadian
Dodano
13.09.2007 22:26:34
Otworzyć ?? Włącz sobie pokazywanie plików ukrytych i nakaż pokazywanie plików chronionych przez system w opcjach folderów -> widok. A jak nie to Killboxem go usun
Żółty
Dodano
13.09.2007 22:19:53
Zafixowalem te 3 opcje, ale z tym plikiem mam problem, bo nic nie da się zrobić, windows go nie widzi, da sie go otworzyć przez wpisanie adresu w belkę, nie da sie zmienić, ani w żaden sposób usunąć, próbowałem z poziomu cmd, ale też nie da rady usunąć, tylko otworzyć :( Póki co nie pomogło jeszcze.
maciieq
Dodano
13.09.2007 22:03:05
maciieq - zafixuj w HIjacku [quote] O2 - BHO: (no name) - AutorunsDisabled - (no file) O9 - Extra button: (no name) - AutorunsDisabled - (no file) O24 - Desktop Component AutorunsDisabled: (no name) - (no file)[/quote] Skasuj plik C:\WINDOWS\system32\eecaaecf0_g.dll Poprawiło się ?? Bombasarkadian - tu -> [url]http://wirusy.antivirenkit.pl/pl/opis/Email-Worm.Win32.Bagle.eh.html[/url] masz opis tego co (jak mówisz) masz - posprawdzaj sobie obecność plików i kasuj jak są. Jak nie to też walisz logami - Silent Runners i ComboFix.
Żółty
Dodano
13.09.2007 21:25:14
Avast mi nie działa bo prawdopodobnie mam wirusa który usuwa jego pliki (Email-Worm.Win32.Bagle.eh). Trzeba przeskanować kompa:-#
Bombasarkadian
Dodano
13.09.2007 21:21:20
Log SmitFraudFixa [quote]SmitFraudFix v2.223 Scan done at 18:34:32,73, 2007-09-13 Run from C:\Documents and Settings\maciek\Desktop\SmitfraudFix OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{8d8c2387-7f80-4022-9be6-43630a969558}"="carbinyl" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\Program Files\AntiVerminser\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Intel(R) PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport DNS Server Search Order: 81.15.226.2 DNS Server Search Order: 88.156.63.9 DNS Server Search Order: 213.172.186.4 HKLM\SYSTEM\CCS\Services\Tcpip\..\{DC451DF9-79DC-4AE8-8DAF-D9FA15BBCA7E}: DhcpNameServer=81.15.226.2 88.156.63.9 213.172.186.4 HKLM\SYSTEM\CS1\Services\Tcpip\..\{DC451DF9-79DC-4AE8-8DAF-D9FA15BBCA7E}: DhcpNameServer=81.15.226.2 88.156.63.9 213.172.186.4 HKLM\SYSTEM\CS3\Services\Tcpip\..\{DC451DF9-79DC-4AE8-8DAF-D9FA15BBCA7E}: DhcpNameServer=81.15.226.2 88.156.63.9 213.172.186.4 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=81.15.226.2 88.156.63.9 213.172.186.4 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=81.15.226.2 88.156.63.9 213.172.186.4 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=81.15.226.2 88.156.63.9 213.172.186.4 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End [/quote] Log ComboFix [quote]ComboFix 07-09-13.3 - "maciek" 2007-09-13 18:43:55.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.493 [GMT 2:00] * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-08-13 to 2007-09-13 ))))))))))))))))))))))))))))))) . 2007-09-13 18:42 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-13 18:34 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-09-13 18:34 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-09-13 18:34 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-09-13 18:34 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-09-13 18:34 1,966 --a------ C:\WINDOWS\system32\tmp.reg 2007-09-13 15:59 d-------- C:\Program Files\Trend Micro 2007-09-13 14:58 d---s---- C:\DOCUME~1\maciek\UserData 2007-09-13 14:24 d-------- C:\Program Files\SkanerOnline 2007-09-13 00:29 1,056,768 --------- C:\WINDOWS\system32\ROBOEX32.DLL 2007-09-13 00:06 23 --ahs---- C:\WINDOWS\system32\eecaaecf0_g.dll 2007-09-13 00:06 d-------- C:\Program Files\RegSupreme 2007-09-13 00:02 d-------- C:\WINDOWS\system32\RegVac 2007-09-13 00:02 d-------- C:\Program Files\RegVac Registry Cleaner 2007-09-10 01:23 d-------- C:\DOCUME~1\maciek\APPLIC~1\vlc 2007-09-10 01:22 d-------- C:\Program Files\VideoLAN 2007-09-10 01:14 d-------- C:\Program Files\marbit 2007-09-10 01:14 d-------- C:\DOCUME~1\maciek\BigBrother Foto 2007-09-10 01:14 d-------- C:\DOCUME~1\maciek\BigBrother Filmy 2007-09-08 23:13 d-------- C:\Synaptics Touchpad.temp 2007-09-07 00:28 d-------- C:\DOCUME~1\maciek\APPLIC~1\SmartFTP 2007-09-05 15:50 d-------- C:\Program Files\Microsoft Silverlight 2007-09-05 13:49 d-------- C:\Program Files\Grupa IMAGE 2007-09-04 15:15 d-------- C:\Program Files\RegCleaner 2007-09-04 15:08 d-------- C:\DOCUME~1\maciek\APPLIC~1\Gadu-Gadu 2007-09-04 15:00 d-------- C:\Program Files\Odkurzacz 2007-09-04 08:15 552 --a------ C:\WINDOWS\system32\d3d8caps.dat 2007-09-04 00:16 d-------- C:\DOCUME~1\maciek\APPLIC~1\Ulead Systems 2007-09-03 23:49 d-------- C:\DOCUME~1\maciek\APPLIC~1\Thunderbird 2007-09-03 23:49 d-------- C:\DOCUME~1\maciek\APPLIC~1\Talkback 2007-09-03 23:48 d-------- C:\DOCUME~1\maciek\APPLIC~1\MEGAUPLOADTOOLBAR 2007-09-03 23:46 d-------- C:\DOCUME~1\maciek\APPLIC~1\toshiba 2007-09-03 23:46 d-------- C:\DOCUME~1\maciek\APPLIC~1\Sonic 2007-09-03 23:46 d-------- C:\DOCUME~1\maciek\APPLIC~1\Intel 2007-09-02 18:24 d-------- C:\Program Files\InfraRecorder 2007-09-01 11:53 d-------- C:\Program Files\GIMP-2.0 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-13 00:49 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-09-13 00:49 --------- d-------- C:\Program Files\Ulead Systems 2007-09-13 00:29 --------- d-------- C:\Program Files\Common Files\Ulead Systems 2007-09-13 00:29 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems 2007-09-12 22:50 --------- d-------- C:\Program Files\ConTEXT 2007-09-04 08:18 --------- d-------- C:\Program Files\Mozilla Thunderbird 2007-08-09 06:48 --------- d-------- C:\Program Files\Audacity 2007-08-01 20:20 --------- d-------- C:\Program Files\Riva 2007-08-01 20:20 --------- d-------- C:\Program Files\Common Files\SWF Studio 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-08 19:01 766 --a--c--- C:\Program Files\Common Files\sms.ico 2007-07-08 19:01 70 --a--c--- C:\Program Files\Common Files\moje.js 2007-06-26 08:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-19 15:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-13 12:23 1033216 --a------ C:\WINDOWS\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-16 16:34] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 01:02] "Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2005-05-23 09:57] "CFSServ.exe"="CFSServ.exe" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-04-25 17:27] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys R1 WRDRV;WRDRV;C:\WINDOWS\system32\drivers\wrdrv.sys R3 BoiHwsetup;Access 32bits INT15 routine;C:\WINDOWS\system32\drivers\BoiHwSetup.sys R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys S3 768ffd54-e5b8-4a0c-bf8f-2bb0983904cf;768ffd54-e5b8-4a0c-bf8f-2bb0983904cf;\??\D:\Player\cds300.dll S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys S3 P1171VID;Creative WebCam Notebook #2;C:\WINDOWS\system32\DRIVERS\P1171Vid.sys S3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\C:\WINDOWS\system32\ZDCndis5.SYS S4 WRLite;WinRoute Lite 4.2;"C:\Program Files\WinRoute Lite\wrlite.exe" *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder "2007-09-05 14:07:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-13 18:45:12 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-09-13 18:45:35 . --- E O F --- [/quote] Log Hijacka [quote]Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:37:44, on 2007-09-13 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe c:\usr\MYSQL\bin\mysqld.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dllhost.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: MySql - Unknown owner - c:\usr/MYSQL/bin/mysqld.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O24 - Desktop Component AutorunsDisabled: (no name) - (no file) -- End of file - 4369 bytes [/quote] I ostatni log - Silent Runners [quote]"Silent Runners.vbs", revision 52, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."] "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."] "Ulead AutoDetector v2" = "C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" ["Ulead Systems, Inc."] "CFSServ.exe" = "CFSServ.exe -NoClient" ["TOSHIBA CORPORATION"] HKLM\Software\Microsoft\Active Setup\Installed Components{44BBA842-CC51-11CF-AAFA-00AA00B6015B}\(Default) = "NetMeeting 3.01" \StubPath = "rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = (no title provided) -> {HKLM...CLSID} = "DriveLetterAccess" \InProcServer32\(Default) = "C:\WINDOWS\System32\DLA\DLASHX_W.DLL" ["Sonic Solutions"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {HKLM...CLSID} = "Display Panning CPL Extension" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."] "{2F5AC606-70CF-461C-BFE1-6063670C3484}" = "Display CPL Extension" -> {HKLM...CLSID} = "DisplayCplExt Class" \InProcServer32\(Default) = "C:\Program Files\Toshiba\TouchED\TouchED.DLL" ["TOSHIBA Inc."] "{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt" -> {HKLM...CLSID} = "RecordNow! SendToExt" \InProcServer32\(Default) = "C:\Program Files\Sonic\RecordNow!\shlext.dll" [null data] "{E91B2703-013E-4A99-AD33-2B6FB00AA356}" = "RecordNow! ContextMenuExt" -> {HKLM...CLSID} = "RecordNow! ContextMenuExt" \InProcServer32\(Default) = "C:\Program Files\Sonic\RecordNow!\shlext.dll" [null data] "{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess" -> {HKLM...CLSID} = "DriveLetterAccess" \InProcServer32\(Default) = "C:\WINDOWS\System32\DLA\DLASHX_W.DLL" ["Sonic Solutions"] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{B8323370-FF27-11D2-97B6-204C4F4F5020}" = "SmartFTP Shell Extension DLL" -> {HKLM...CLSID} = "SmartFTP Shell Extension DLL" \InProcServer32\(Default) = "C:\Program Files\SmartFTP Client 2.0\smarthook.dll" ["SmartFTP"] "{ABC70703-32AF-11d4-90C4-D483A70F4825}" = "CMenuExtender" -> {HKLM...CLSID} = "CMenuExtender" \InProcServer32\(Default) = "C:\WINDOWS\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll" ["Revenger inc."] "{AF663E5B-1791-412d-AAD5-8AD52F036B41}" = "ZJ_ShlExt extension" -> {HKLM...CLSID} = "SimpleShlExt Class" \InProcServer32\(Default) = "C:\Program Files\WinAVIVideoConverter\SimpleExt.dll" ["ZJMedia"] "{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Uniwersalne urządzenia Plug and Play" -> {HKLM...CLSID} = "Uniwersalne urządzenia Plug and Play" \InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS] "{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}" = "Bluetooth" -> {HKLM...CLSID} = "Wymiana informacji - Bluetooth" \InProcServer32\(Default) = "C:\WINDOWS\system32\TosBtExt.dll" ["TOSHIBA"] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify<> igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"] HKLM\Software\Classes\PROTOCOLS\Filter<> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\*\shellex\ContextMenuHandlerstosBtShllExt\(Default) = "{6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1}" -> {HKLM...CLSID} = "Bluetooth File Extenstion" \InProcServer32\(Default) = "C:\WINDOWS\system32\TosBtShell.dll" ["TOSHIBA"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] ZJ_ShlExt\(Default) = "{AF663E5B-1791-412d-AAD5-8AD52F036B41}" -> {HKLM...CLSID} = "SimpleShlExt Class" \InProcServer32\(Default) = "C:\Program Files\WinAVIVideoConverter\SimpleExt.dll" ["ZJMedia"] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlersCMenuExtender\(Default) = "{ABC70703-32AF-11d4-90C4-D483A70F4825}" -> {HKLM...CLSID} = "CMenuExtender" \InProcServer32\(Default) = "C:\WINDOWS\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll" ["Revenger inc."] tosBtShllExt\(Default) = "{6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1}" -> {HKLM...CLSID} = "Bluetooth File Extenstion" \InProcServer32\(Default) = "C:\WINDOWS\system32\TosBtShell.dll" ["TOSHIBA"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlersWinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "ClearRecentDocsOnExit" = (REG_BINARY) hex:01 00 00 00 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoCDBurning" = (REG_DWORD) hex:0x00000000 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} "InstallVisualStyle" = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles {unrecognized setting} "InstallTheme" = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Royale.theme {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 29 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.5.0_08" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_08" \InProcServer32\(Default) = "C:\PROGRA~1\Java\JRE15~2.0_0\bin\ssv.dll" ["Sun Microsystems, Inc."] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ ConfigFree Service, CFSvcs, "C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe" ["TOSHIBA CORPORATION"] Intel(R) PROSet/Wireless Event Log, EvtEng, "C:\Program Files\Intel\Wireless\Bin\EvtEng.exe" ["Intel Corporation"] Intel(R) PROSet/Wireless Registry Service, RegSrvc, "C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe" ["Intel Corporation"] Intel(R) PROSet/Wireless Service, S24EventMonitor, "C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe" ["Intel Corporation "] Media Center Extender Service, McrdSvc, "C:\WINDOWS\ehome\mcrdsvc.exe" [MS] MySql, MySql, "c:\usr/MYSQL/bin/mysqld.exe" [null data] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] Usługa Odbiornik Media Center, ehRecvr, "C:\WINDOWS\eHome\ehRecvr.exe" [MS] Usługa Planowanie nagrywania, ehSched, "C:\WINDOWS\eHome\ehSched.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\MonitorsHP Standard TCP/IP Port\Driver = "HpTcpMon.dll" ["Hewlett Packard"] LIDIL hpzll054\Driver = "hpzll054.dll" ["Hewlett-Packard Company"] Toshiba Bluetooth Monitor\Driver = "tbtmon.dll" ["Toshiba America Business Solutions, Inc."] ---------- (launch time: 2007-09-13 18:40:36) <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 33 seconds, including 11 seconds for message boxes) [/quote]
maciieq
Dodano
13.09.2007 20:51:51
Wielkie dzięki:mryellow: Wszystko działa z Windowsowych, a avasta zaraz sprawdzę:rolleyes: A tak z ciekawości, to dla czego to nie chciało działać??
Bombasarkadian
Dodano
13.09.2007 20:28:38
Bombasarkadian - w logu nie widać: 1. Uruchomionych procesów Avasta 2. Wpisów Avasta w kluczach Run które być powinny. Ale syfu też nie widać. Sprawdź czy polecenia [quote] regsvr32 vbscript.dll regsvr32 jscript.dll[/quote] wpisane w start -> uruchom nie poprawią działania rzeczy strict windowsowych (typu Przywracanie systemu, Pomoc itd). Natomiast z Avastem spróbuj odinstalować go całkowicie, uzyć na dokładkę tego -> [url]http://www.avast.com/eng/avast-uninstall-utility.html[/url] i zainstalować go ponownie. maciieq - Ty natomiast ściągnij [url=http://cybertrash.pl/images/tata/Smitfraudfix/SmitFraudFix.html]SmitfraudFix[/url], rozpakuj, wystartuj do trybu awaryjnego i skorzystaj z opcji 2 - Clean. Po robocie chcę obejrzeć Twoje logi - Hijacka, SilentRunners, ComboFixa i raport usuwania wygenerowany przez SmitfraudFix
Żółty
Dodano
13.09.2007 20:11:32
A to mój log :) [quote]Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:01:44, on 2007-09-13 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe c:\usr\MYSQL\bin\mysqld.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O22 - SharedTaskScheduler: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - (no file) O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: MySql - Unknown owner - c:\usr/MYSQL/bin/mysqld.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O24 - Desktop Component AutorunsDisabled: (no name) - (no file) -- End of file - 4410 bytes [/quote]
maciieq
Dodano
13.09.2007 20:04:04
Log HijackThis [quote]Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:39:01, on 2007-09-13 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\Explorer.EXE C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\Restore\rstrui.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\IH_iexplore.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\IH_iexplore.dll O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1045 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Pobierz w Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing) O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 4420 bytes [/quote]
Bombasarkadian
Dodano
13.09.2007 19:39:20
Pokaż loga Hijacka. Bo może to być taki np Jeefo.
Żółty
Dodano
13.09.2007 19:15:24
Witam, mam podobny problem to i ja się dopiszę :) Mam WinXP Media Center, od pewnego czasu część programów przestała się ot tak po prostu włączać, najgorszym problemem stał się program graficzny, którego próba włączenia zawsze kończyła się na przestawieniu grafiki na 8 bitów i brakiem włączenia się programu, teraz już w ogóle się nie włącza. Po uruchomieniu programy, które nie chcą sie włączać widoczne są przez minutę w procesach i znikają. Próbowałem defragmentacji, czyszczenia rejestru i nic. Czy jest tutaj ktoś w stanie mi napisać co może być nie tak?:) Pozdrawiam :)
maciieq
Dodano
13.09.2007 19:12:57
Bombasarkadian
Dodano:
12.09.2007 20:40:12
Komentarzy:
13
Strona 1 / 1