Automatyczny restart i inny problem + logo do sprawdzenia

Louis555 · 14 Wrzesień 2006 13:29

Witam jestem nowym userem i mam problem bo komputer sam sie restartuje czasami co 2 godziny czasami co 1 godzinę. Gdy np. przeglądam internet, oglądam film, gram to raz na czas pojawia mi sie pulpit (minimalizując zadania) i w tedy komputer sie zawiesza.

Oto log:

Logfile of HijackThis v1.99.1 Scan saved at 15:24:23, on 2006-09-14 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe D:\Program Files\Java\jre1.5.0_07\bin\jusched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe D:\Programy\ZoneAlarm\zlclient.exe D:\Programy\NetMeter\NetMeter.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Neostrada TP\NeostradaTP.exe C:\Program Files\Neostrada TP\ComComp.exe C:\Program Files\Neostrada TP\Watch.exe D:\Programy\Spik\Spik.exe D:\PROGRAMY\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\taskmgr.exe D:\Programy\WinXP Manager\WinXP Manager.exe D:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Programy\FlashGet\jccatch.dll O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - D:\Programy\Desktop Sidebar\sbhelp.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: (no name) - {8036D4D7-AAD3-4793-AB49-329E437155A8} - (no file) O3 - Toolbar: (no name) - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - (no file) O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\Programy\FlashGet\fgiebar.dll O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL O4 - HKLM…\Run: [soundMan] soundman.exe O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [sunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM…\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM…\Run: [LogonStudio] “D:\Programy\LogonStudio\logonstudio.exe” /RANDOM O4 - HKLM…\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S O4 - HKLM…\Run: [Zone Labs Client] “D:\Programy\ZoneAlarm\zlclient.exe” O4 - HKCU…\Run: [D] D:\Programy\NetMeter\NetMeter.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi … jhtml?p=ZN O8 - Extra context menu item: Ściągnij przy pomocy FlashGet’a - D:\Programy\FlashGet\jc_link.htm O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet’a - D:\Programy\FlashGet\jc_all.htm O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - D:\Programy\Desktop Sidebar\sbhelp.dll O9 - Extra ‘Tools’ menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - D:\Programy\Desktop Sidebar\sbhelp.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programy\FlashGet\flashget.exe O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programy\FlashGet\flashget.exe O17 - HKLM\System\CCS\Services\Tcpip…{045438F0-3B99-4FFD-A471-E4119AE24E68}: NameServer = 194.204.152.34 217.98.63.164 O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - D:\Programy\Spik\url_wpmsg.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Proszę o pomoc!

adam9870 · 14 Wrzesień 2006 13:38

W dodań/usuń programy proszę sprawdzić czy jest MyWebSearch. Jeśli tak to odinstaluj.

Usuń: (wszystko oczywiście robisz w trybie awaryjnym z wyłączonym przywracaniem systemu)

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL O2 - BHO: (no name) - {8036D4D7-AAD3-4793-AB49-329E437155A8} - (no file) O3 - Toolbar: (no name) - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - (no file) O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL O4 - HKLM…\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi … jhtml?p=ZN

Pliki i foldery zaznaczone usuwasz ręcznie z dysku natomiast wpisy w HijackThis.

Restartowanie komputera może powodować naprawdę wiele rzeczy jak np:

Przegrzewanie się podzespołów
Złe podłączenie (np. zasilacza)

itp. Temat był omawiany wiele razy na forum więc sugeruję użycie forumowej wyszukiwarki. Na początek proszę pokazać mi temperatury, napisać jaki masz sprzęt i co robisz gdy się resetuje, czy pokazują się jakieś błędy etc.

http://forum.dobreprogramy.pl/viewtopic.php?t=88838

Po wykonaniu w/w dajesz nowy log z HijackThis plus z SilentRunners.

Louis555 · 14 Wrzesień 2006 13:55

Pojawił się problem ponieważ nie mogę usunąć folderu MyWebSearch. Żaden aktywny proces z tym folderem nie jest związany oraz jestem administratorem komputera. Jednak pojawia sie komunikat “Odmowa Dostępu”!

Myszak · 14 Wrzesień 2006 14:00

Louis555 a robisz to w awaryjnym ?

Louis555 · 14 Wrzesień 2006 14:23

Ok. Usunąłem folder. SilentRunners pracuje jak skończy to na pisze loga.

Oto log z HijackThis:

Logfile of HijackThis v1.99.1 Scan saved at 16:25:03, on 2006-09-14 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe D:\Program Files\Java\jre1.5.0_07\bin\jusched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe D:\Programy\ZoneAlarm\zlclient.exe D:\Programy\NetMeter\NetMeter.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Neostrada TP\NeostradaTP.exe C:\Program Files\Neostrada TP\ComComp.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Neostrada TP\Watch.exe D:\Programy\Mozilla Firefox\firefox.exe D:\Programy\Spik\Spik.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\System32\WScript.exe D:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Programy\FlashGet\jccatch.dll O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - D:\Programy\Desktop Sidebar\sbhelp.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\Programy\FlashGet\fgiebar.dll O4 - HKLM…\Run: [soundMan] soundman.exe O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [sunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM…\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM…\Run: [LogonStudio] “D:\Programy\LogonStudio\logonstudio.exe” /RANDOM O4 - HKLM…\Run: [Zone Labs Client] “D:\Programy\ZoneAlarm\zlclient.exe” O4 - HKCU…\Run: [D] D:\Programy\NetMeter\NetMeter.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: Ściągnij przy pomocy FlashGet’a - D:\Programy\FlashGet\jc_link.htm O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet’a - D:\Programy\FlashGet\jc_all.htm O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - D:\Programy\Desktop Sidebar\sbhelp.dll O9 - Extra ‘Tools’ menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - D:\Programy\Desktop Sidebar\sbhelp.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programy\FlashGet\flashget.exe O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programy\FlashGet\flashget.exe O17 - HKLM\System\CCS\Services\Tcpip…{045438F0-3B99-4FFD-A471-E4119AE24E68}: NameServer = 194.204.152.34 217.98.63.164 O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - D:\Programy\Spik\url_wpmsg.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Edit:

Log z SilentRunners:

“Silent Runners.vbs”, revision 48, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “D:\Programy\NetMeter\NetMeter.exe” = “D:\Programy\NetMeter\NetMeter.exe” [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “SoundMan” = “soundman.exe” [“Avance Logic, Inc.”] “WooCnxMon” = “C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [empty string] “WOOWATCH” = “C:\PROGRA~1\NEOSTR~1\Watch.exe” [“France Télécom R&D”] “WOOTASKBARICON” = “C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [“France Télécom R&D”] “SunJavaUpdateSched” = “D:\Program Files\Java\jre1.5.0_07\bin\jusched.exe” [“Sun Microsystems, Inc.”] “AVG7_CC” = “C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP” [“GRISOFT, s.r.o.”] “LogonStudio” = ““D:\Programy\LogonStudio\logonstudio.exe” /RANDOM” [“Stardock and Luca Saggese”] “Zone Labs Client” = ““D:\Programy\ZoneAlarm\zlclient.exe”” [“Zone Labs, LLC”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}(Default) = (no title provided) -> {HKLM…CLSID} = “IeCatch5 Class” \InProcServer32(Default) = “D:\Programy\FlashGet\jccatch.dll” [“FlashGet”] {45AD732C-2CE2-4666-B366-B2214AD57A49}(Default) = (no title provided) -> {HKLM…CLSID} = “Idea2 SidebarBrowserMonitor Class” \InProcServer32(Default) = “D:\Programy\Desktop Sidebar\sbhelp.dll” [“Idea2”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{21569614-B795-46b1-85F4-E737A8DC09AD}” = “Shell Search Band” -> {HKLM…CLSID} = “Shell Search Band” \InProcServer32(Default) = “C:\WINDOWS\system32\browseui.dll” [MS] “{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}” = “jetAudio” -> {HKLM…CLSID} = “JetFlExt” \InProcServer32(Default) = “D:\Programy\JetAudio\JetFlExt.dll” [“JetAudio, Inc.”] “{B28C18DB-6816-4F31-9630-397683E3C2C3}” = “Filzip Shell Extension” -> {HKLM…CLSID} = “Filzip Shell Extension” \InProcServer32(Default) = “D:\PROGRA~2\Filzip\fzshext.dll” [empty string] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Program Files\WinRAR\rarext.dll” [null data] “{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}” = “AVG7 Shell Extension” -> {HKLM…CLSID} = “AVG7 Shell Extension Class” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Free\avgse.dll” [“GRISOFT, s.r.o.”] “{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}” = “AVG7 Find Extension” -> {HKLM…CLSID} = “AVG7 Find Extension Class” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Free\avgse.dll” [“GRISOFT, s.r.o.”] “{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}” = “OpenOffice.org Column Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““D:\Programy\OpenOffice.ux.pl 2.0.2\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{087B3AE3-E237-4467-B8DB-5A38AB959AC9}” = “OpenOffice.org Infotip Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““D:\Programy\OpenOffice.ux.pl 2.0.2\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{63542C48-9552-494A-84F7-73AA6A7C99C1}” = “OpenOffice.org Property Sheet Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““D:\Programy\OpenOffice.ux.pl 2.0.2\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{3B092F0C-7696-40E3-A80F-68D74DA84210}” = “OpenOffice.org Thumbnail Viewer” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““D:\Programy\OpenOffice.ux.pl 2.0.2\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{F2185E5D-720E-4956-90D9-75F6AC141575}” = “Idea2 SidebarIconHandler Class” -> {HKLM…CLSID} = “SidebarIconHandler Class” \InProcServer32(Default) = “D:\Programy\Desktop Sidebar\sbhelp.dll” [“Idea2”] “{5E2121EE-0300-11D4-8D3B-444553540000}” = “SimpleShlExt extension” -> {HKLM…CLSID} = “SimpleShlExt Class” \InProcServer32(Default) = “D:\Programy\wpkontakt\shellext_wpmsg.dll” [empty string] “{EFA24E62-B078-11d0-89E4-00C04FC9E26E}” = “History Band” -> {HKLM…CLSID} = “History Band” \InProcServer32(Default) = “C:\WINDOWS\system32\shdocvw.dll” [MS] “{B4B924A2-EBDA-11DA-95DA-00E08161165F}” = “Dodatki Spika” -> {HKLM…CLSID} = “SpikShellExt Class” \InProcServer32(Default) = “D:\Programy\Spik\shellext_wpmsg.dll” [“Wirtualna Polska S.A.”] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ INFECTION WARNING! “AppInit_DLLs” = “C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL” [“Google”] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}(Default) = “OpenOffice.org Column Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““D:\Programy\OpenOffice.ux.pl 2.0.2\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ AVG7 Shell Extension(Default) = “{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}” -> {HKLM…CLSID} = “AVG7 Shell Extension Class” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Free\avgse.dll” [“GRISOFT, s.r.o.”] Filzip(Default) = “{B28C18DB-6816-4F31-9630-397683E3C2C3}” -> {HKLM…CLSID} = “Filzip Shell Extension” \InProcServer32(Default) = “D:\PROGRA~2\Filzip\fzshext.dll” [empty string] Spik(Default) = “{B4B924A2-EBDA-11DA-95DA-00E08161165F}” -> {HKLM…CLSID} = “SpikShellExt Class” \InProcServer32(Default) = “D:\Programy\Spik\shellext_wpmsg.dll” [“Wirtualna Polska S.A.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Program Files\WinRAR\rarext.dll” [null data] WPKontakt(Default) = “{5E2121EE-0300-11D4-8D3B-444553540000}” -> {HKLM…CLSID} = “SimpleShlExt Class” \InProcServer32(Default) = “D:\Programy\wpkontakt\shellext_wpmsg.dll” [empty string] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ jetAudio(Default) = “{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}” -> {HKLM…CLSID} = “JetFlExt” \InProcServer32(Default) = “D:\Programy\JetAudio\JetFlExt.dll” [“JetAudio, Inc.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ AVG7 Shell Extension(Default) = “{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}” -> {HKLM…CLSID} = “AVG7 Shell Extension Class” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Free\avgse.dll” [“GRISOFT, s.r.o.”] Filzip(Default) = “{B28C18DB-6816-4F31-9630-397683E3C2C3}” -> {HKLM…CLSID} = “Filzip Shell Extension” \InProcServer32(Default) = “D:\PROGRA~2\Filzip\fzshext.dll” [empty string] jetAudio(Default) = “{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}” -> {HKLM…CLSID} = “JetFlExt” \InProcServer32(Default) = “D:\Programy\JetAudio\JetFlExt.dll” [“JetAudio, Inc.”] Spik(Default) = “{B4B924A2-EBDA-11DA-95DA-00E08161165F}” -> {HKLM…CLSID} = “SpikShellExt Class” \InProcServer32(Default) = “D:\Programy\Spik\shellext_wpmsg.dll” [“Wirtualna Polska S.A.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Program Files\WinRAR\rarext.dll” [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Stach\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Startup items in “Stach” & “All Users” startup folders: ------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “DSLMON” -> shortcut to: “C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W” [empty string] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ “{07B18EA9-A523-4961-B6BB-170DE4475CCA}” -> {HKLM…CLSID} = “My &Web Search” \InProcServer32(Default) = “C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL” [file not found] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{07B18EA9-A523-4961-B6BB-170DE4475CCA}” -> {HKLM…CLSID} = “My &Web Search” \InProcServer32(Default) = “C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL” [file not found] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{E0E899AB-F487-11D5-8D29-0050BA6940E3}” = “FlashGet Bar” -> {HKLM…CLSID} = “FlashGet Bar” \InProcServer32(Default) = “D:\Programy\FlashGet\fgiebar.dll” [“Amaze Soft”] Explorer Bars Dormant Explorer Bars in “View, Explorer Bar” menu HKLM\Software\Classes\CLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}(Default) = “My Web Search Quick View” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\WINDOWS\system32\shdocvw.dll” [MS] HKLM\Software\Classes\CLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = “ToolBand Class” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in” \InProcServer32(Default) = “D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_07” \InProcServer32(Default) = “D:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll” [“Sun Microsystems, Inc.”] {09FE188B-6E85-479E-9411-51FB2220DF80}\ “ButtonText” = “Subscribe in Desktop Sidebar” “MenuText” = “Subscribe in Desktop Sidebar” “CLSIDExtension” = “{45AD732C-2CE2-4666-B366-B2214AD57A49}” -> {HKLM…CLSID} = “Idea2 SidebarBrowserMonitor Class” \InProcServer32(Default) = “D:\Programy\Desktop Sidebar\sbhelp.dll” [“Idea2”] {D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\ “ButtonText” = “FlashGet” “MenuText” = “&FlashGet” “Exec” = “D:\Programy\FlashGet\flashget.exe” [“FlashGet.com”] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ Missing lines (compared with English-language version): “{08C06D61-F1F3-4799-86F8-BE1A89362C85}” = (no title provided) -> {HKLM…CLSID} = “Search Class” \InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL” [empty string] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AVG E-mail Scanner, AVGEMS, “C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe” [“GRISOFT, s.r.o.”] AVG7 Alert Manager Server, Avg7Alrt, “C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe” [“GRISOFT, s.r.o.”] AVG7 Update Service, Avg7UpdSvc, “C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe” [“GRISOFT, s.r.o.”] Netropa NHK Server, nhksrv, “C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe” [null data] TrueVector Internet Monitor, vsmon, “C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service” [“Zone Labs, LLC”] Keyboard Driver Filters: ------------------------ HKLM\System\CurrentControlSet\Control\Class{4D36E96B-E325-11CE-BFC1-08002BE10318}\ “UpperFilters” = INFECTION WARNING! “msikbd2k” [“Netropa Corporation”] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 68 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 59 seconds. ---------- (total run time: 212 seconds)

Bieniol · 14 Wrzesień 2006 14:25

Czysto

Czekamy na Silenta

Louis555 · 14 Wrzesień 2006 16:32

Silent już jest! Czekam na oceną specjalisty.

Bieniol · 14 Wrzesień 2006 16:44

Otwórz notatnik i wklej w nim to:

Plik --> zapisz jako --> zmień rozszerzenie na wszystkie pliki --> zapisz pod nazwą FIX.REG

Odpal plik FIX.REG i potwierdź dodanie do rejestru i reset kompa

Louis555 · 14 Wrzesień 2006 17:02

Plik fix.reg dodałem do rejestru i usunąłem z pulpitu.

Wielkie dzięki za pomoc!