Pomoc - Szukaj - Użytkownicy - Kalendarz
Pełna wersja: Log, wirusy w javie
Forum MKS > Inne > Archiwum > Forum mks_vir > Wirusy, logi do sprawdzenia
grafi
Apr 29 2006, 08:43 PM
Antywir wykryl u mnie owe wirusy:


Log:Logfile of HijackThis v1.99.1
Scan saved at 22:14:24, on 2006-04-29
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
D:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
D:\Program Files\cSpeed NEt\cFosSpeed.exe
D:\Tlen\tlen.exe
C:\WINDOWS\services.exe
D:\Program Files\HACE\Mmm\Mmm.exe
C:\Program Files\22M WLAN Adapter\WLANMON.exe
D:\Program Files\GetRight\getright.exe
D:\Program Files\GetRight\getright.exe
D:\Program Files\cSpeed NEt\spd.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
d:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Patryk\USTAWI~1\Temp\Rar$EX00.567\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 219.142.40.82:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\a\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [D_V_T] C:\\dvt.exe /S \C:\\d_v_t.reg\
O4 - HKLM\..\Run: [nod32upd] rundll32 "d:\Program Files\Eset\fc_upd.dll",NOD32Ioctl
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "D:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [cFosSpeed] D:\Program Files\cSpeed NEt\cFosSpeed.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Komunikator] "D:\Tlen\tlen.exe" --confdir=home
O4 - HKCU\..\Run: [nvmode] C:\WINDOWS\services.exe
O4 - HKCU\..\Run: [Mmm] "d:\Program Files\HACE\Mmm\Mmm.exe"
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: 22M WLAN Adapter.lnk = C:\Program Files\22M WLAN Adapter\WLANMON.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = D:\Program Files\GetRight\getright.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\a\Reader\reader_sl.exe
O4 - Global Startup: hamachi.lnk = D:\Program Files\Hamachi\hamachi.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{376009E2-3533-4714-836E-2CBFC4A20AD6}: NameServer = 10.254.0.254,194.204.159.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{376009E2-3533-4714-836E-2CBFC4A20AD6}: NameServer = 10.254.0.254,194.204.159.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ArcaVir Antivirus Monitor Service (ArcaVirMonitor) - Unknown owner - D:\Program Files\ArcaBit\ArcaVir\AvMon.exe (file missing)
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - D:\Program Files\cSpeed NEt\spd.exe" -service (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)



POMOCY!

edit LiseK: logi nalezy wstawiac w tagach qoute - tak jak to jest napisane w regulaminie
Bieniol
Apr 29 2006, 08:58 PM
Wyłączasz przywracanie systemu:
Panel sterowania --> System --> Przywracanie systemu
Tam zaznacz opcję Turn off System Restore lub Turn off System Restore on all drives (Wyłącz przywracanie na wszystkich dyskach). Zatwierdzasz wszystkie zmiany.

Włączasz tryb awaryjny:
W momencie kiedy komputer się resetuje i ma jeszcze czarny ekran klikamy nieustannie i bardzo szybko w klawisz F8. Problem z metodą F8 polega na strzelaniu w ten klawisz WE WŁAŚCIWYM MOMENCIE: na czarnym ekranie ale nie za wcześnie (inaczej wystąpi błąd klawiatury) i nie za późno (inaczej załaduje się Windows w trybie Normalnym). Po pojawieniu się menu tekstowego należy wybrać opcję: Tryb awaryjny

Odpalasz Hijacka --> do a system scan only i zaznaczasz wpisy:
F2 - REG:system.ini: Shell=explorer.exe
O4 - HKCU\..\Run: [nvmode] C:\WINDOWS\services.exe

I bierzesz na dole "fix checked" smile.gif

Uruchamiasz narzędzie KillBox, zaznaczasz Delete on reboot, w polu full path of file wklej ścieżkę:
C:\WINDOWS\services.exe
Klikasz X i restart kompa smile.gif

Jeżeli nie masz już Arca_vira, to wejdź (oczywiście w awaryjnym):
Start --> uruchom --> services.msc --> zatrzymaj i wyłącz usługe ArcaVir Antivirus Monitor Service
Otwórz hijackthis --> open misc tools section --> delete a NT service --> wpisz ArcaVirMonitor i ok
Następnie odpalasz Hijacka i usuwasz nim wpis:
O23 - Service: ArcaVir Antivirus Monitor Service (ArcaVirMonitor) - Unknown owner - D:\Program Files\ArcaBit\ArcaVir\AvMon.exe (file missing)


Usuwasz ręcznie z dysku folder:
D:\Program Files\ArcaBit

Po zabiegach nowy log z Hijacka + log z Silent Runners (prawy przycisk myszy --> zapisz element docelowy jako --> włączasz i czekasz, aż się pojawi że log jest skończony smile.gif
grafi
Apr 29 2006, 09:11 PM
"Wyłączasz przywracanie systemu:
Cytat:
Panel sterowania --> System --> Przywracanie systemu
Tam zaznacz opcję Turn off System Restore lub Turn off System Restore on all drives (Wyłącz przywracanie na wszystkich dyskach). Zatwierdzasz wszystkie zmiany."

A po co to, niechce nic powaznego namies\ac pozniej mam to znow zaznaczyc czy jak?
grafi
Apr 29 2006, 09:39 PM
Logfile of HijackThis v1.99.1
Scan saved at 23:34:37, on 2006-04-29
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
D:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
D:\Program Files\cSpeed NEt\cFosSpeed.exe
D:\Tlen\tlen.exe
D:\Program Files\HACE\Mmm\Mmm.exe
D:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\22M WLAN Adapter\WLANMON.exe
D:\Program Files\GetRight\getright.exe
E:\Program Files\a\Reader\reader_sl.exe
D:\Program Files\GetRight\getright.exe
D:\Program Files\cSpeed NEt\spd.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\WScript.exe
C:\Documents and Settings\Patryk\Pulpit\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 219.142.40.82:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\a\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nod32upd] rundll32 "d:\Program Files\Eset\fc_upd.dll",NOD32Ioctl
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "D:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [cFosSpeed] D:\Program Files\cSpeed NEt\cFosSpeed.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Komunikator] "D:\Tlen\tlen.exe" --confdir=home
O4 - HKCU\..\Run: [Mmm] "d:\Program Files\HACE\Mmm\Mmm.exe"
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: 22M WLAN Adapter.lnk = C:\Program Files\22M WLAN Adapter\WLANMON.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = D:\Program Files\GetRight\getright.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\a\Reader\reader_sl.exe
O4 - Global Startup: hamachi.lnk = D:\Program Files\Hamachi\hamachi.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{376009E2-3533-4714-836E-2CBFC4A20AD6}: NameServer = 10.254.0.254,194.204.159.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{376009E2-3533-4714-836E-2CBFC4A20AD6}: NameServer = 10.254.0.254,194.204.159.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - D:\Program Files\cSpeed NEt\spd.exe" -service (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)

i

"Silent Runners.vbs", revision 45, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Komunikator" = ""D:\Tlen\tlen.exe" --confdir=home" ["o2.pl Sp. z o.o."]
"Mmm" = ""d:\Program Files\HACE\Mmm\Mmm.exe"" [null data]
"Skype" = ""D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"nod32upd" = "rundll32 "d:\Program Files\Eset\fc_upd.dll",NOD32Ioctl" [MS]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" ["HP"]
"SPAMfighter Agent" = ""D:\Program Files\SPAMfighter\SFAgent.exe" update delay 60" ["SPAMfighter ApS"]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0\bin\jusched.exe" ["Sun Microsystems, Inc."]
"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]
"cFosSpeed" = "D:\Program Files\cSpeed NEt\cFosSpeed.exe" ["cFos Software GmbH"]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS]

HKLM\Software\Microsoft\Active Setup\Installed Components\
>{26923b43-4d38-484f-9b9e-de460746276c}\(Default) = "Internet Explorer"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "E:\Program Files\a\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office\OLKFSTUB.DLL" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "d:\Program Files\WinRAR\rarext.dll" [null data]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Eksplorator pulpitów"
-> {HKLM...CLSID} = "Eksplorator pulpitów"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{ED65AC21-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens Device"
-> {HKLM...CLSID} = "Siemens Device"
\InProcServer32\(Default) = "D:\Program Files\mpm\DES\DESShellExt.dll" ["Siemens AG"]
"{ED65AC22-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens Device ContextMenuHandler"
-> {HKLM...CLSID} = "Siemens Device ContextMenuHandler"
\InProcServer32\(Default) = "D:\Program Files\mpm\DES\DESShellExt.dll" ["Siemens AG"]
"{ED65AC23-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens SX1 PropertySheetHandler"
-> {HKLM...CLSID} = "Siemens Device PropertySheetHandler"
\InProcServer32\(Default) = "D:\Program Files\mpm\DES\DESShellExt.dll" ["Siemens AG"]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "E:\Program Files\a\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "d:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "d:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "d:\Program Files\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in "Patryk" & "All Users" startup folders:
--------------------------------------------------------

C:\Documents and Settings\Patryk\Menu Start\Programy\Autostart
"Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart
"22M WLAN Adapter" -> shortcut to: "C:\Program Files\22M WLAN Adapter\WLANMON.exe" [empty string]
"GetRight - Tray Icon" -> shortcut to: "D:\Program Files\GetRight\getright.exe" ["Headlight Software, Inc."]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
"Adobe Reader Speed Launch" -> shortcut to: "E:\Program Files\a\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"hamachi" -> shortcut to: "D:\Program Files\Hamachi\hamachi.exe" ["Applied Networking"]


Enabled Scheduled Tasks:
------------------------

"mks_vir - Zadanie 0" -> WARNING -- The file "mks_vir - Zadanie 0.job" is corrupt! (no executable)
"ArcaVir - Zadanie 0" -> WARNING -- The file "ArcaVir - Zadanie 0.job" is corrupt! (no executable)


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 11
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 12 - 21
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}"
-> {HKLM...CLSID} = "Java Plug-in 1.5.0"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll" ["Sun Microsystems, Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

cFosSpeed System Service, cFosSpeedS, ""D:\Program Files\cSpeed NEt\spd.exe" -service" ["cFos Software GmbH"]
NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]
NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzlnt04\Driver = "hpzlnt04.dll" ["HP"]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 60 seconds, including 11 seconds for message boxes)


edit LiseK: logi nalezy wstawiac w tagach qoute - tak jak to jest napisane w regulaminie
Bieniol
Apr 29 2006, 09:52 PM
W logach już czysto smile.gif

Jeżeli wyłączyłes to przywracanie systemu, to możesz je teraz ponownie włączyć smile.gif
grafi
Apr 29 2006, 09:53 PM
thx, a mozesz mi powiedziec jakie mialem wirusy w
F2 - REG:system.ini: Shell=explorer.exe
O4 - HKCU\..\Run: [nvmode] C:\WINDOWS\services.exe
Bieniol
Apr 29 2006, 09:58 PM
Trojan.W32.Sober smile.gif
Ale już tego nie ma smile.gif

Dla pewności zrób skan EWIDO po update smile.gif
grafi
Apr 29 2006, 11:49 PM
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 01:41:08, 2006-04-30
+ Report-Checksum: 77403079

+ Scan result:

C:\Program Files\ESET\infected\PNCNIGDA.NQF -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\Windows\Cookies\__________@ad.adocean[2].txt -> TrackingCookie.Adocean : Cleaned with backup
C:\Documents and Settings\Windows\Cookies\__________@gde.adocean[2].txt -> TrackingCookie.Adocean : Cleaned with backup
C:\Documents and Settings\Windows\Cookies\__________@ad.adocean[1].txt -> TrackingCookie.Adocean : Cleaned with backup
C:\Documents and Settings\Windows\Cookies\__________@gde.adocean[3].txt -> TrackingCookie.Adocean : Cleaned with backup
C:\Documents and Settings\Windows\Cookies\__________@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Windows\Cookies\__________@gde.adocean[4].txt -> TrackingCookie.Adocean : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookiesnew.txt -> TrackingCookie.Adocean : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookiesnew.txt -> TrackingCookie.Adocean : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookiesnew.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookiesnew.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookiesnew.txt -> TrackingCookie.Adocean : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookiesnew.txt -> TrackingCookie.Adocean : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.324:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.325:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.333:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.427:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.428:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.429:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.536:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.539:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned with backup
:mozilla.578:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.579:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.635:C:\Documents and Settings\Windows\Dane aplikacji\Mozilla\Firefox\Profiles\8egp8hg9.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
C:\Documents and Settings\Patryk\Cookies\patryk@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Patryk\Cookies\patryk@www.tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Patryk\Cookies\patryk@my.adocean[1].txt -> TrackingCookie.Adocean : Cleaned with backup
C:\Documents and Settings\Patryk\Cookies\patryk@gde.adocean[2].txt -> TrackingCookie.Adocean : Cleaned with backup
C:\Documents and Settings\Patryk\Cookies\patryk@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Patryk\Cookies\patryk@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Patryk\Cookies\patryk@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Patryk\Cookies\patryk@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Patryk\Cookies\patryk@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Patryk\Cookies\patryk@ad.adocean[1].txt -> TrackingCookie.Adocean : Cleaned with backup
C:\Documents and Settings\Patryk\Cookies\patryk@gde.adocean[3].txt -> TrackingCookie.Adocean : Cleaned with backup
C:\Documents and Settings\Patryk\Cookies\patryk@tradedoubler[3].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
D:\Program Files\Tlen.pl\plugins\DozaKultury.tpl -> Adware.Doza : Cleaned with backup
D:\rozne II\[.haker.com.pl]GG-AntiGG_1.02.zip/AntiGG 1.02/antigg.exe -> Not-A-Virus.EmailFlooder.Win32.Delf.ah : Cleaned with backup
D:\rozne II\[.haker.com.pl]GG-AntiGG_1.02\AntiGG 1.02\antigg.exe -> Not-A-Virus.EmailFlooder.Win32.Delf.ah : Cleaned with backup


::Report End


edit LiseK: logi nalezy wstawiac w tagach qoute - tak jak to jest napisane w regulaminie
Bieniol
Apr 30 2006, 07:51 AM
Jak widać EWIDO usunął wszystko co znalazł smile.gif
JAk wygląda teraz sytuacja z tymi "wirusami" ?
grafi
Apr 30 2006, 04:45 PM
Chyba czysto smile.gif
Czas skanowania: 2006-04-30 18:21:17

Dziennik skanowania

NOD32 wersja 1.1514 (20060430) NT

Pamięć operacyjna  - jest OK



data: 30.4.2006  czas: 18:21:30

Sprawdzone dyski, foldery i zbiory: C:; D:; E:

C:\pagefile.sys - błąd otwarcia (Dostęp zabroniony) [4]

C:\hiberfil.sys - błąd otwarcia (Dostęp zabroniony) [4]

C:\WINDOWS\SYSTEM32\config\system.LOG - błąd otwarcia (Zbiór jest zablokowany) [4]

C:\WINDOWS\SYSTEM32\config\software.LOG - błąd otwarcia (Zbiór jest zablokowany) [4]

C:\WINDOWS\SYSTEM32\config\default.LOG - błąd otwarcia (Zbiór jest zablokowany) [4]

C:\WINDOWS\SYSTEM32\config\SECURITY - błąd otwarcia (Zbiór jest zablokowany) [4]

C:\WINDOWS\SYSTEM32\config\SAM - błąd otwarcia (Zbiór jest zablokowany) [4]

C:\WINDOWS\SYSTEM32\config\SAM.LOG - błąd otwarcia (Zbiór jest zablokowany) [4]

C:\WINDOWS\SYSTEM32\config\SECURITY.LOG - błąd otwarcia (Zbiór jest zablokowany) [4]

C:\WINDOWS\SYSTEM32\config\SYSTEM - błąd otwarcia (Zbiór jest zablokowany) [4]

C:\WINDOWS\SYSTEM32\config\SOFTWARE - błąd otwarcia (Zbiór jest zablokowany) [4]

C:\WINDOWS\SYSTEM32\config\DEFAULT - błąd otwarcia (Zbiór jest zablokowany) [4]

C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb - błąd otwarcia (Zbiór jest zablokowany) [4]

C:\WINDOWS\SYSTEM32\CatRoot2\edb.log - błąd otwarcia (Zbiór jest zablokowany) [4]

C:\WINDOWS\SoftwareDistribution\EventCache\{8B48B550-3EFC-4898-837A-716CDE049F5C}.bin - błąd otwarcia (Zbiór jest zablokowany) [4]

C:\Documents and Settings\NetworkService\NTUSER.DAT - błąd otwarcia (Zbiór jest zablokowany) [4]

C:\Documents and Settings\NetworkService\ntuser.dat.LOG - błąd otwarcia (Zbiór jest zablokowany) [4]

C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat - błąd otwarcia (Zbiór jest zablokowany) [4]

C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG - błąd otwarcia (Zbiór jest zablokowany) [4]

C:\Documents and Settings\LocalService\NTUSER.DAT - błąd otwarcia (Zbiór jest zablokowany) [4]

C:\Documents and Settings\LocalService\ntuser.dat.LOG - błąd otwarcia (Zbiór jest zablokowany) [4]

C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat - błąd otwarcia (Zbiór jest zablokowany) [4]

C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG - błąd otwarcia (Zbiór jest zablokowany) [4]

C:\Documents and Settings\Patryk\NTUSER.DAT - błąd otwarcia (Zbiór jest zablokowany) [4]

C:\Documents and Settings\Patryk\ntuser.dat.LOG - błąd otwarcia (Zbiór jest zablokowany) [4]

C:\Documents and Settings\Patryk\Ustawienia lokalne\Temporary Internet Files\Content.IE5\8LEVG9UB\

- błąd otwarcia [4]

C:\Documents and Settings\Patryk\Ustawienia lokalne\Temporary Internet Files\Content.IE5\8LEVG9UB\đ   vk - błąd otwarcia [4]

C:\Documents and Settings\Patryk\Ustawienia lokalne\Temporary Internet Files\Content.IE5\8LEVG9UB\đ   vk - błąd otwarcia [4]

C:\Documents and Settings\Patryk\Ustawienia lokalne\Temporary Internet Files\Content.IE5\8LEVG9UB\đ   vk - błąd otwarcia [4]

C:\Documents and Settings\Patryk\Ustawienia lokalne\Temporary Internet Files\Content.IE5\8LEVG9UB\đ   vk - błąd otwarcia [4]

C:\Documents and Settings\Patryk\Ustawienia lokalne\Temporary Internet Files\Content.IE5\8LEVG9UB\Ó   vk - błąd otwarcia [4]

C:\Documents and Settings\Patryk\Ustawienia lokalne\Temporary Internet Files\Content.IE5\8LEVG9UB\Ó   vk - błąd otwarcia [4]

C:\Documents and Settings\Patryk\Ustawienia lokalne\Temporary Internet Files\Content.IE5\8LEVG9UB\Ó   vk - błąd otwarcia [4]

C:\Documents and Settings\Patryk\Ustawienia lokalne\Temporary Internet Files\Content.IE5\8LEVG9UB\<  - błąd otwarcia [4]

C:\Documents and Settings\Patryk\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat - błąd otwarcia (Zbiór jest zablokowany) [4]

C:\Documents and Settings\Patryk\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG - błąd otwarcia (Zbiór jest zablokowany) [4]

C:\Documents and Settings\Patryk\Dane aplikacji\Tlen.pl\Profiles\grafi1001\database.sai - błąd otwarcia (Zbiór jest zablokowany) [4]

C:\Documents and Settings\Patryk\Dane aplikacji\Tlen.pl\Profiles\grafi1001\db_index.sai - błąd otwarcia (Zbiór jest zablokowany) [4]

C:\Documents and Settings\Patryk\Dane aplikacji\Tlen.pl\Profiles\grafi1001\database.info - błąd otwarcia (Zbiór jest zablokowany) [4]

C:\Documents and Settings\Patryk\Dane aplikacji\Tlen.pl\Profiles\grafi1001\db_index.info - błąd otwarcia (Zbiór jest zablokowany) [4]

C:\Documents and Settings\Patryk\Dane aplikacji\Mozilla\Firefox\Profiles\uajev7n5.default\parent.lock - błąd otwarcia (Zbiór jest zablokowany) [4]

liczba sprawdzonych zbiorów: 103919

liczba znalezionych wirusów: 0

godzina zakończenia: 18:39:38 łączny czas skanowania: 1088 sec (00:18:08)



Uwagi:

[4] Zbiór nie może być otwarty. Jest używany przez inny program.
Bieniol
Apr 30 2006, 04:50 PM
Przeczyść rejestr (polecam do tego RegCleaner 4.3.0.780)

Opróżnij TEMP i Temporary Internet Files (w awaryjnym):
Start --> Uruchom --> cmd

RD /S /Q "C:\Documents and Settings\Nazwa twojego konta\Ustawienia lokalne\Temporary Internet Files"


RD /S /Q "C:\Documents and Settings\Nazwa twojego konta\Ustawienia lokalne\Temp"
grafi
May 1 2006, 08:46 AM



Po screenach widac ze chyba nic nie usunieto.

Wyczyscilem rejestr smile.gif.
Bieniol
May 1 2006, 09:07 AM
W takim razie ręcznie wyczyść te dwa foldery smile.gif
grafi
May 1 2006, 09:43 AM


Kurka wodna nie da rady.
Bieniol
May 1 2006, 09:59 AM
A próbowałeś to w awaryjnym?
grafi
May 1 2006, 11:16 AM
nie, ale zaraz sprobuje
grafi
May 1 2006, 11:35 AM
ok, w awaryjnym wywalilo ;]
Bieniol
May 1 2006, 04:17 PM
Mam nadzieje, że teraz już wszystko dobrze?
grafi
May 1 2006, 04:26 PM
narazie tak, jak co sto mapisze
grafi
Jul 31 2006, 11:26 AM
Ostatnio cos mi komp przymula, i jakies nowe badziewia sie w procesach pojawily wiec wkleje logi:

Logfile of HijackThis v1.99.1
Scan saved at 13:12:23, on 2006-07-31
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\SPAMfighter\SFAgent.exe
D:\Program Files\cfosSpeed\cFosSpeed.exe
D:\PROGRA~2\MyPortal\Speed-X\SpeedX.exe
C:\Program Files\22M WLAN Adapter\WLANMON.exe
D:\Program Files\cfosSpeed\spd.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Mozilla Firefox 2 Beta 1\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Patryk\Pulpit\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 219.142.40.82:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nod32upd] rundll32 "d:\Program Files\Eset\fc_upd.dll",NOD32Ioctl
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "D:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [cFosSpeed] D:\Program Files\cfosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Komunikator] D:\Tlen\tlen.exe
O4 - HKCU\..\Run: [Spamihilator] "d:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [SpeedX] D:\PROGRA~2\MyPortal\Speed-X\SpeedX.exe
O4 - Global Startup: 22M WLAN Adapter.lnk = C:\Program Files\22M WLAN Adapter\WLANMON.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{376009E2-3533-4714-836E-2CBFC4A20AD6}: NameServer = 10.254.0.254,194.204.159.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{376009E2-3533-4714-836E-2CBFC4A20AD6}: NameServer = 10.254.0.254,194.204.159.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - D:\Program Files\cfosSpeed\spd.exe" -service (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


"Silent Runners.vbs", revision 45, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Komunikator" = "D:\Tlen\tlen.exe" ["o2.pl Sp. z o.o."]
"SpeedX" = "D:\PROGRA~2\MyPortal\Speed-X\SpeedX.exe" ["MyPortal.pl"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"nod32upd" = "rundll32 "d:\Program Files\Eset\fc_upd.dll",NOD32Ioctl" [MS]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" ["HP"]
"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
"SPAMfighter Agent" = ""D:\Program Files\SPAMfighter\SFAgent.exe" update delay 60" ["SPAMfighter ApS"]
"cFosSpeed" = "D:\Program Files\cfosSpeed\cFosSpeed.exe" ["cFos Software GmbH"]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS]

HKLM\Software\Microsoft\Active Setup\Installed Components\
>{26923b43-4d38-484f-9b9e-de460746276c}\(Default) = "Internet Explorer"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office\OLKFSTUB.DLL" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "d:\Program Files\WinRAR\rarext.dll" [null data]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Eksplorator pulpitów"
-> {HKLM...CLSID} = "Eksplorator pulpitów"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "E:\Program Files\a\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "d:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "d:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "d:\Program Files\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in "Patryk" & "All Users" startup folders:
--------------------------------------------------------

C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart
"22M WLAN Adapter" -> shortcut to: "C:\Program Files\22M WLAN Adapter\WLANMON.exe" [empty string]


Enabled Scheduled Tasks:
------------------------

"mks_vir - Zadanie 0" -> WARNING -- The file "mks_vir - Zadanie 0.job" is corrupt! (no executable)
"ArcaVir - Zadanie 0" -> WARNING -- The file "ArcaVir - Zadanie 0.job" is corrupt! (no executable)


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 11
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 12 - 21
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

cFosSpeed System Service, cFosSpeedS, ""D:\Program Files\cfosSpeed\spd.exe" -service" ["cFos Software GmbH"]
NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]
NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzlnt04\Driver = "hpzlnt04.dll" ["HP"]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 64 seconds, including 5 seconds for message boxes)
Troy
Jul 31 2006, 11:36 AM
logi czyste,

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k


wpis informuje iż wystapił u ciebie error i zrzut pamięci, możesz zapobiec jego pojawianiu się przez:

panel sterowania>>>system>>>zaawansowane>>>uruchamianie i odzyskiwanie>>>wchodzisz w ustawienia>>>w sekcji zapisywanie informacji o debugowaniu ustawiasz na (brak)

Przeczyść rejestr np. programem jv16 PowerTools 1.3.0.195, zrób defragmentacje np. programem Diskeeper Lite 7.0, przeczyść cach przeglądarki i katalog plików tymczasowych np. programem CCleaner.
Start>>>uruchom>>>msconfig>>>zakładka uruchamianie>>>odznacz zbędne rzeczy w autostarcie
Przejrzyj Optymalizacja XP.
grafi
Sep 20 2006, 03:27 PM
Ostatnio komputer mi sie restartuje sad.gif Kuplem nowy dysk twardy 80gb sagema ale 4 dni nic sie nie dzialo.
Logfile of HijackThis v1.99.1

Scan saved at 17:26:14, on 2006-09-20

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\savedump.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe

C:\WINDOWS\system32\RunDll32.exe

H:\Program Files\winpatrol\winpatrol.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

D:\Program Files\Eset\nod32kui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Tlen.pl\tlen.exe

D:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe

C:\Program Files\22M WLAN Adapter\WLANMON.exe

C:\Program Files\GetRight\getright.exe

d:\Program Files\Eset\nod32krn.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox 2 Beta 2\firefox.exe

D:\Getright\hijackthis\HijackThis.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F2 - REG:system.ini: Shell=explorer.exe

O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [WinPatrol] H:\Program Files\winpatrol\winpatrol.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [nod32kui] "d:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU\..\Run: [SpeedX] D:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe

O4 - Global Startup: 22M WLAN Adapter.lnk = ?

O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{D69A0B65-C243-4FEB-A36A-D7DCA84F0A1D}: NameServer = 80.48.241.253,194.204.159.1

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - d:\Program Files\Eset\nod32krn.exe

"Silent Runners.vbs", revision 48, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"





Startup items buried in registry:

---------------------------------



HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"Komunikator" = "C:\Program Files\Tlen.pl\tlen.exe" ["o2.pl Sp. z o.o."]

"SpeedX" = "D:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe" ["MyPortal.pl"]



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"ATICCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay" [null data]

"SoundMan" = "SOUNDMAN.EXE" ["Avance Logic, Inc."]

"iKeyWorks" = "C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" ["A4Tech Co.,Ltd."]

"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]

"WinPatrol" = "H:\Program Files\winpatrol\winpatrol.exe" ["BillP Studios"]

"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" ["HP"]

"nod32kui" = ""d:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]

"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS]



HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"

  -> {HKLM...CLSID} = "SimpleShlExt Class"

                   \InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]

"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

  -> {HKLM...CLSID} = "Portable Media Devices"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

  -> {HKLM...CLSID} = "Portable Media Devices Menu"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{D7B7A5AE-9D19-4F9E-9C6F-46C82D22D71C}" = "Wyślij na Fotosik.pl"

  -> {HKLM...CLSID} = "Wyślij na Fotosik.pl"

                   \InProcServer32\(Default) = "d:\PROGRA~1\FOTOSI~1\FOTOSI~1.DLL" [null data]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "H:\Program Files\WinRAR\rarext.dll" [null data]

"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"

  -> {HKLM...CLSID} = "Shell Search Band"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"

  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

                   \InProcServer32\(Default) = "d:\Program Files\Eset\nodshex.dll" [null data]



HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]



HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

  -> {HKLM...CLSID} = "PDF Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]



HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

                   \InProcServer32\(Default) = "d:\Program Files\Eset\nodshex.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "H:\Program Files\WinRAR\rarext.dll" [null data]



HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "H:\Program Files\WinRAR\rarext.dll" [null data]

{D7B7A5AE-9D19-4F9E-9C6F-46C82D22D71C}\(Default) = "{D7B7A5AE-9D19-4F9E-9C6F-46C82D22D71C}"

  -> {HKLM...CLSID} = "Wyślij na Fotosik.pl"

                   \InProcServer32\(Default) = "d:\PROGRA~1\FOTOSI~1\FOTOSI~1.DLL" [null data]



HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

                   \InProcServer32\(Default) = "d:\Program Files\Eset\nodshex.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "H:\Program Files\WinRAR\rarext.dll" [null data]





Active Desktop and Wallpaper:

-----------------------------



Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState



HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"





Startup items in "Dom" & "All Users" startup folders:

-----------------------------------------------------



C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"22M WLAN Adapter" -> shortcut to: "C:\Program Files\22M WLAN Adapter\WLANMON.exe" [empty string]

"GetRight - Tray Icon" -> shortcut to: "C:\Program Files\GetRight\getright.exe" ["Headlight Software, Inc."]





Winsock2 Service Provider DLLs:

-------------------------------



Namespace Service Providers



HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]



Transport Service Providers



HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 21

%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 20

%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10





Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------



Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]

Karta wydajności WMI, WmiApSrv, "C:\WINDOWS\system32\wbem\wmiapsrv.exe" [MS]

NOD32 Kernel Service, NOD32krn, ""d:\Program Files\Eset\nod32krn.exe"" ["Eset "]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]





Print Monitors:

---------------



HKLM\System\CurrentControlSet\Control\Print\Monitors\

hpzlnt04\Driver = "hpzlnt04.dll" ["HP"]





----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

  use the -supp parameter or answer "No" at the first message box.

---------- (total run time: 42 seconds, including 4 seconds for message boxes)
Bieniol
Sep 20 2006, 03:41 PM
Kosmetycznie do usunięcia te wpisy:
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)


Wejdź w dziennik zdarzeń:
Start --> uruchom --> eventvwr i sprawdź, czy nie masz błędów zaznaczonych kolorem czerwonym - jeżeli są to wrzuć ich screeny smile.gif
:arrow: Jak wstawić zrzut pulpitu?
Troy
Sep 20 2006, 05:43 PM
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS]

Lepiej aby skopiował opis błędu do schowka i wkleił tutaj, przecież nikt nie będzie tego przepisywał, bardziej trafne: Debugger Windows. Lekarstwo Na Blue Screen I Resety + wkleić raport z debuggera.
To jest wersja lo-fi głównej zawartości. Aby zobaczyć pełną wersję z większą zawartością, obrazkami i formatowaniem proszę kliknij tutaj.
Invision Power Board © 2001-2010 Invision Power Services, Inc.