kaska2
(kaśka :))
5 Czerwiec 2007 15:47
#1
Czesc!
Mam problem. Dzisiaj moj system zaczal sie sypac. Najpierw mialam problem z odczytaniem plikow w fotmatach jpg, gif (wszystkie pliki stosowane do obrazow) i nadal ani jednego nie moge otworzyc . Uruchomilam wiec kompa ponownie z nadzieja ze to maly blad, ale zamiast poprawy stan kompa sie pogorszyl! Nie mam pojecia co to jest. Miedzy czasie avast wykryl ze jakis trojan chce sie polaczyc wiec go odrzucilam. Zaczely mi wyskakiwac rozne okienka z informacjami ze nie mozna uruchomic jakiejs aplikacji i to nie jednej. Jak na razie system ledwo dyszy wiec szybciutko przesylam logi i prosze o ich sprawdzenie. Nie wiem czy log z Silent Runners bedzie poprawny bo przy wykonywaniu skanu windows powiedomil mnie o bledzie wlasnie w tym programie. Mimo to przesylam oba. Prosze was o pomoc i szybka odpowiedz. Pozdrawiam. Z gory dziekuje.
oto logi:
Logfile of HijackThis v1.99.1 Scan saved at 17:33:15, on 2007-06-05 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\System32\keyhook.exe C:\WINDOWS\system32\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\vmmreg32.exe C:\Documents and Settings\u.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\msorcl32.exe C:\WINDOWS\system32\tmrsrv32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\sss\Pulpit\apteczka dla kompa\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file) O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file) O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file) O2 - BHO: (no name) - {000006b1-19b5-414a-849f-2a3c64ae6939} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file) O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file) O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file) O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\3.bin\MGSBAR.DLL O2 - BHO: msdn_lib.msdn_hlp - {38847C4B-1AB1-4A47-9026-9A6CF7B43D31} - C:\WINDOWS\System32\msdn_lib.dll O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file) O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file) O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file) O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file) O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file) O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file) O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file) O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file) O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file) O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file) O2 - BHO: IE Redirector - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\System32\dnsersnd.dll O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file) O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file) O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file) O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\3.bin\MGSBAR.DLL O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll O3 - Toolbar: Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM…\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM…\Run: [siS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe O4 - HKLM…\Run: [QuickTime Task] “C:\WINDOWS\system32\qttask.exe” -atboottime O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM…\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe O4 - HKLM…\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe O4 - HKLM…\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe O4 - HKLM…\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe O4 - HKLM…\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe O4 - HKLM…\Run: [Microsoft security adviser] C:\Program Files\Microsoft Security Adviser\mssadv.exe O4 - HKLM…\Run: [Outlook Express] C:\WINDOWS\vmmreg32.exe O4 - HKLM…\Run: [avp] C:\WINDOWS\avp.exe O4 - HKLM…\Run: [RunOnce2Upd] “C:\WINDOWS\System32\KB_963493.exe” O4 - HKCU…\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe O4 - HKCU…\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe O4 - HKCU…\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe O4 - HKCU…\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe O4 - HKCU…\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe O4 - HKCU…\Run: [Microsoft security adviser] C:\Program Files\Microsoft Security Adviser\mssadv.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O12 - Plugin for .mp4: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\Plugin Manager\Skype4COM.dll (file missing) O20 - AppInit_DLLs: schtasks.dll c:\windows\system32\ldcore.dll O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Dokumenty\Settings\partnership.dll O21 - SSODL: ZDcHEpHlvtPmI - {549458F6-FE3E-F25C-D086-E5CC73E02F4D} - C:\WINDOWS\System32\zjmula.dll O21 - SSODL: DCOM Server 25319 - {2C1CD3D7-86AC-4068-93BC-A02304B25319} - C:\WINDOWS\System32\xjwsgqo.dll O21 - SSODL: DCOM Server 25319 - {2C1CD3D7-86AC-4068-93BC-A02304B25319} - C:\WINDOWS\System32\xjwsgqo.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
A tu ten przerwany przez system log :
“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “msctrl.exe” = “C:\Program Files\Microsoft Security Adviser\msctrl.exe” [null data] “msavsc.exe” = “C:\Program Files\Microsoft Security Adviser\msavsc.exe” [null data] “msscan.exe” = “C:\Program Files\Microsoft Security Adviser\msscan.exe” [null data] “msiemon.exe” = “C:\Program Files\Microsoft Security Adviser\msiemon.exe” [null data] “msfw.exe” = “C:\Program Files\Microsoft Security Adviser\msfw.exe” [null data] “mssadv.exe” = “(empty string)” [file not found] “Microsoft security adviser” = “C:\Program Files\Microsoft Security Adviser\mssadv.exe” [“home”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “SiSUSBRG” = “C:\WINDOWS\SiSUSBrg.exe” [“Silicon Integrated Systems Corp.”] “SiS Windows KeyHook” = “C:\WINDOWS\System32\keyhook.exe” [“Silicon Integrated Systems Corporation”] “QuickTime Task” = ““C:\WINDOWS\system32\qttask.exe” -atboottime” [“Apple Computer, Inc.”] “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [null data] “Cmaudio” = “RunDll32 cmicnfg.cpl,CMICtrlWnd” [MS] “msctrl.exe” = “C:\Program Files\Microsoft Security Adviser\msctrl.exe” [null data] “msavsc.exe” = “C:\Program Files\Microsoft Security Adviser\msavsc.exe” [null data] “msscan.exe” = “C:\Program Files\Microsoft Security Adviser\msscan.exe” [null data] “msiemon.exe” = “C:\Program Files\Microsoft Security Adviser\msiemon.exe” [null data] “msfw.exe” = “C:\Program Files\Microsoft Security Adviser\msfw.exe” [null data] “mssadv.exe” = “*p” (unwritable string) [file not found] “Microsoft security adviser” = “C:\Program Files\Microsoft Security Adviser\mssadv.exe” [“home”] “Outlook Express” = “C:\WINDOWS\vmmreg32.exe” [MS] “avp” = “C:\WINDOWS\avp.exe” [“MskSoftStudy Corp.”] “RunOnce2Upd” = ““C:\WINDOWS\System32\KB_963493.exe”” [file not found] HKLM\Software\Microsoft\Active Setup\Installed Components\ {306D6C21-C1B6-4629-986C-E59E1875B8AF}(Default) = (no title provided) \StubPath = ““C:\WINDOWS\System32\rundll32.exe” “C:\Program Files\Messenger\msgsc.dll”,ShowIconsUser” [MS] {Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666}(Default) = (no title provided) \StubPath = “C:\WINDOWS\System32\msorcl32.exe” [“Microsoft”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) - {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {37B85A21-692B-4205-9CAD-2626E4993404}(Default) = “My Global Search Bar BHO” - {HKLM…CLSID} = “My Global Search Bar BHO” \InProcServer32(Default) = “C:\Program Files\MyGlobalSearch\bar\3.bin\MGSBAR.DLL” [“My Global Search”] {38847C4B-1AB1-4A47-9026-9A6CF7B43D31}(Default) = “*q” (unwritable string) - {HKLM…CLSID} = “msdn_lib.msdn_hlp” \InProcServer32(Default) = “C:\WINDOWS\System32\msdn_lib.dll” [“Microsoft”] {AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided) - {HKLM…CLSID} = “Google Toolbar Helper” \InProcServer32(Default) = “c:\program files\google\googletoolbar3.dll” [“Google Inc.”] {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53}(Default) = “IE Redirector” - {HKLM…CLSID} = “CPub Object” \InProcServer32(Default) = “C:\WINDOWS\System32\dnsersnd.dll” [null data] {F6104497-54FD-4688-9162-5115CC8AB0FB}(Default) = “XBTP01621” - {HKLM…CLSID} = “XBTP01621 Class” \InProcServer32(Default) = “C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll” [“IE Toolbar”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” - {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” - {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” - {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL” [MS] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” - {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx” - {HKLM…CLSID} = “AlcoholShellEx” \InProcServer32(Default) = “C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AxShlex.dll” [“Alcohol Soft Development Team”] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” - {HKLM…CLSID} = “RealOne Player Context Menu Class” \InProcServer32(Default) = “C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\rpshell.dll” [“RealNetworks, Inc.”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” - {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\ “{2C1CD3D7-86AC-4068-93BC-A02304B25319}” = “DCOM Server 25319” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\xjwsgqo.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “ZDcHEpHlvtPmI” = “{549458F6-FE3E-F25C-D086-E5CC73E02F4D}” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\zjmula.dll” [null data] “Internet Explorer” = “{F28A40D7-AD0E-034A-C651-5F0ED76232E6}” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\Cdgapk32.dll” [null data] “DCOM Server 25319” = “{2C1CD3D7-86AC-4068-93BC-A02304B25319}” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\xjwsgqo.dll” [null data] HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\ “load” = (value not set) “run” = (value not set) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ “AppInit_DLLs” = “schtasks.dll c:\windows\system32\ldcore.dll” [null data] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ partnershipreg\DLLName = “C:\Documents and Settings\All Users\Dokumenty\Settings\partnership.dll” [null data] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” - {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” - {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” - {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” - {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” - {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” - {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
Gutek
(Gutek)
5 Czerwiec 2007 15:57
#2
kaska2
(kaśka :))
5 Czerwiec 2007 18:14
#3
Dzięki za pomoc, ale nie skorzystałam bo zrobiłam przywracanie systemu. Chciałam skorzystać lecz nie mogłam otworzyć żadnego folderu, w ogóle nie reagował komp.Teraz działa, jeśli znów będzie to samo to napisze ponownie i skorzystam z twojej pomocy.Bardzo dziękuje za pomoc.