Witam. Więc zacznę od początku - jestem nowicjuszką, a do tej pory za komputer był odpowiedzialny mój 17-letni brat. Jednak od pewnego czasu coś zaczęło mi się dziać z systemem, a on twierdzi, że to system się przegrzewa. Poza tym zainstalował mi chyba ze 3 antywirusowe programy (choć sama wiem, że to źle).

A teraz konkrety - bardzo często włącza mi się zamykanie systemu: “Trwa zamykanie systemu. Zapisz wszystkie rozpoczęte prace i wyloguj się. Wszystkie niezapisane zmiany zostaną utracone. Zamknięcie zostało zainicjowane przez ZARZADZANIE NT/SYSTEM. Czas do zamknięcia 60 sekund.” i że "usługa Zdalne wywoływanie procedur (RPC) została nieoczekiwanie przerwana. Proszę poradźcie mi co mam robić, aby mój komputer znowu działał bez zarzutu. Zrobilam mu log z HijackThis:

Logfile of HijackThis v1.99.1

Scan saved at 20:02:02, on 2006-04-23

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\logonui.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

D:\Program Files\Alwil Software\Avast4\ashServ.exe

D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

D:\WINDOWS\System32\nvsvc32.exe

D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

D:\Program Files\VIAudioi\SBADeck\ADeck.exe

D:\PROGRA~1\NEOSTR~1\CnxMon.exe

D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

D:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

D:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\DAP\DAP.EXE

D:\WINDOWS\System32\ctfmon.exe

D:\Program Files\Alwil Software\Avast4\ashWebSv.exe

D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

D:\Program Files\Neostrada TP\NeostradaTP.exe

D:\Program Files\Neostrada TP\ComComp.exe

D:\Program Files\Neostrada TP\Watch.exe

D:\Program Files\Gadu-Gadu\gg.exe

D:\Program Files\Internet Explorer\IEXPLORE.EXE

D:\programy\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [AudioDeck] D:\Program Files\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [WooCnxMon] D:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [.nvsvc] D:\WINDOWS\system\smss.exe /w

O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [BySoft FreeRAM] D:\Program Files\BySoft FreeRAM\FreeRAM.exe

O4 - HKCU\..\Run: [EdHTML] C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe /none

O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Clean Traces - c:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O15 - Trusted Zone: *.flingstone.com

O15 - Trusted Zone: *.i-lookup.com

O15 - Trusted Zone: *.offshoreclicks.com

O15 - Trusted Zone: *.teensguru.com

O15 - Trusted Zone: *.xxxtoolbar.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{D76671C6-739B-4B9B-BE21-25D72997D698}: NameServer = 194.204.152.34 217.98.63.164

O20 - Winlogon Notify: wintqv32 - D:\WINDOWS\SYSTEM32\wintqv32.dll

O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Windows Log - Unknown owner - D:\WINDOWS\system32\nvsvcd.exe

Złączono Posta : 23.04.2006 (Nie) 20:46

Acha i avast! co chwilkę pokazuje mi jakieś trojany

Masz sasera lub blastera, jeżeli pokaże się jeszcze raz okienko że RPC zostało zakończone wejdź w start wybierz polecenie uruchom i wpisz: shutdown -a , jest to komenda która przerwie zamykanie systemu.

Skorzystaj z tego narzędzia KLIK

i usuń robaka, ale jeżeli ta sytuacja trwa od dłuższego czasu radził bym postawić nowy system bo nie wiadomo ile trojanów już Ci się nawciskało. Na przyszłość korzystaj z firewalla, niech brat coś zainstaluje.

Wyłączasz przywracanie systemu:

Włączasz tryb awaryjny:

Start --> uruchom --> services.msc --> wyłącz usługe Windows Log

Odpalasz Hijacka --> do a system scan only i zaznaczasz wpisy:

I klikasz na dole “fix checked”

Uruchamiasz narzędzie KillBox, zaznaczasz Delete on reboot , w polu full path of file wklej ścieżkę:

D:\WINDOWS\SYSTEM32\wintqv32.dll

D:\WINDOWS\system\smss.exe

D:\WINDOWS\system32\nvsvcd.exe

Klikasz X i restart kompa (restart dopiero po usunięciu ostatniego pliku)

Po zabiegach nowy log z Hijacka + log z Silent Runners

dodatkowo poczytaj :

http://www.searchengines.pl/phpbb203/in … entry65395

-pozostaw jeden a reszte odinstaluj.

Zrobiłam, mam nadzieję, wszystko tak jak miałam zrobić. A te trzy D:\WINDOWS\SYSTEM32\wintqv32.dll

D:\WINDOWS\system\smss.exe

D:\WINDOWS\system32\nvsvcd.exe przeniosły mi się do foldera D:!KillBox a ja teraz nie wiem co mam z tym zrobić. Natomiast nie mam pojęcia jak zrobić, żeby odpalił mi Sillent Runners - włącza mi się w edHTML. A to nowy log z Hijacka:

Logfile of HijackThis v1.99.1

Scan saved at 00:43:58, on 2006-04-24

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\logonui.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\spoolsv.exe

D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

D:\Program Files\Alwil Software\Avast4\ashServ.exe

D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

D:\WINDOWS\System32\nvsvc32.exe

D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

D:\Program Files\VIAudioi\SBADeck\ADeck.exe

D:\PROGRA~1\NEOSTR~1\CnxMon.exe

D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

D:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

D:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\DAP\DAP.EXE

D:\WINDOWS\System32\ctfmon.exe

D:\Program Files\Alwil Software\Avast4\ashWebSv.exe

D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

D:\Program Files\Neostrada TP\NeostradaTP.exe

D:\Program Files\Neostrada TP\ComComp.exe

D:\Program Files\Neostrada TP\Watch.exe

D:\Program Files\Internet Explorer\IEXPLORE.EXE

D:\Program Files\HijackThis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [AudioDeck] D:\Program Files\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [WooCnxMon] D:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [BySoft FreeRAM] D:\Program Files\BySoft FreeRAM\FreeRAM.exe

O4 - HKCU\..\Run: [EdHTML] C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe /none

O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Clean Traces - c:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{D76671C6-739B-4B9B-BE21-25D72997D698}: NameServer = 194.204.152.34 217.98.63.164

O20 - Winlogon Notify: wintqv32 - wintqv32.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Pozdrawiam Gutek2222

usuń hijackiem

Poradźcie jak mam zrobić, aby odpalić Sillent Runners, ponieważ włącza mi się on w edHTML i nie mam pojęcia jak sprawić, żeby ruszył.

Złączono Posta : 24.04.2006 (Pon) 14:19

Acha - jeszcze mi się coś przypomniało: te trzy - wintqv32.dll, smss.exe, nvsvcd.exe (które usunęłam wczoraj KillBox-em) przeniosły mi się do foldera D:!KillBox a ja teraz nie wiem co mam z tym zrobić.

Złączono Posta : 24.04.2006 (Pon) 22:42

“Silent Runners.vbs”, revision 45, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by “{++}”

Startup items buried in registry:

---

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

“CTFMON.EXE” = “D:\WINDOWS\System32\ctfmon.exe” [MS]

“Gadu-Gadu” = ““D:\Program Files\Gadu-Gadu\gg.exe” /tray” [“sms-express.com”]

“BySoft FreeRAM” = “D:\Program Files\BySoft FreeRAM\FreeRAM.exe” [file not found]

“EdHTML” = “C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe /none” [“Binboy Software”]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

“NvCplDaemon” = “RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup” [MS]

“nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”]

“avast!” = “D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [null data]

“AudioDeck” = “D:\Program Files\VIAudioi\SBADeck\ADeck.exe 1” [“VIA Technologies, Inc.”]

“WooCnxMon” = “D:\PROGRA~1\NEOSTR~1\CnxMon.exe” [empty string]

“SpeedTouch USB Diagnostics” = ““D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon” [“THOMSON Telecom Belgium”]

“WOOWATCH” = “D:\PROGRA~1\NEOSTR~1\Watch.exe” [“France Télécom R&D”]

“SunJavaUpdateSched” = “D:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe” [null data]

“RemoteControl” = ““D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”” [“Cyberlink Corp.”]

“NvMediaCenter” = “RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit” [MS]

“NeroFilterCheck” = “D:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”]

“DownloadAccelerator” = ““C:\Program Files\DAP\DAP.EXE” /STARTUP” [“Speedbit Ltd.”]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}

“Regsister WScript” = “wscript -regserver” [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\800 {++}

“000” = “D:\WINDOWS\System32\jscript.dll|DllRegisterServer” [file not found]

“001” = “D:\WINDOWS\System32\vbscript.dll|DllRegisterServer” [file not found]

“002” = “D:\WINDOWS\System32\scrrun.dll|DllRegisterServer” [file not found]

“003” = “D:\WINDOWS\System32\scrobj.dll|DllRegisterServer” [file not found]

“004” = “D:\WINDOWS\System32\wshext.dll|DllRegisterServer” [file not found]

“005” = “D:\WINDOWS\System32\wshcon.dll|DllRegisterServer” [file not found]

“006” = “D:\WINDOWS\System32\wshom.ocx|DllRegisterServer” [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM…CLSID} = “AcroIEHlprObj Class”

\InProcServer32(Default) = “D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”

-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”

\InProcServer32(Default) = “deskpan.dll” [file not found]

“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”

-> {HKLM…CLSID} = “HyperTerminal Icon Ext”

\InProcServer32(Default) = “D:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”]

“{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class”

-> {HKLM…CLSID} = “DesktopContext Class”

\InProcServer32(Default) = “D:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”]

“{472083B0-C522-11CF-8763-00608CC02F24}” = “avast”

-> {HKLM…CLSID} = “avast”

\InProcServer32(Default) = “D:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”]

“{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer”

-> {HKLM…CLSID} = “Desktop Explorer”

\InProcServer32(Default) = “D:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”]

“{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “D:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”]

“{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu”

-> {HKLM…CLSID} = “nView Desktop Context Menu”

\InProcServer32(Default) = “D:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”]

“{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler”

-> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook”

\InProcServer32(Default) = “D:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL” [MS]

“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “D:\Program Files\Microsoft Office\Office10\msohev.dll” [MS]

“{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper”

-> {HKLM…CLSID} = “NVIDIA CPL Extension”

\InProcServer32(Default) = “D:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”]

“{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx”

-> {HKLM…CLSID} = “AlcoholShellEx”

\InProcServer32(Default) = “D:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll” [“Alcohol Soft Development Team”]

“{B8323370-FF27-11D2-97B6-204C4F4F5020}” = “SmartFTP Shell Extension DLL”

-> {HKLM…CLSID} = “SmartFTP Shell Extension DLL”

\InProcServer32(Default) = “D:\Program Files\SmartFTP Client 2.0\smarthook.dll” [“SmartFTP”]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}”

-> {HKLM…CLSID} = “avast”

\InProcServer32(Default) = “D:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”]

DAP_Menu(Default) = “{BED4C38B-F765-45AC-8C56-613F76BBF43E}”

-> {HKLM…CLSID} = “DAPMenuShellExt Class”

\InProcServer32(Default) = “C:\Program Files\DAP\Privacy Package\DAPCtxMenuShell.dll” [“Speedbit Ltd.”]

PowerArchiver(Default) = “{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}”

-> {HKLM…CLSID} = “PowerArchiver Shell Extensions”

\InProcServer32(Default) = “D:\Program Files\PowerArchiver\PASHLEXT.DLL” [“ConeXware, Inc.”]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}”

-> {HKLM…CLSID} = “avast”

\InProcServer32(Default) = “D:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”]

PowerArchiver(Default) = “{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}”

-> {HKLM…CLSID} = “PowerArchiver Shell Extensions”

\InProcServer32(Default) = “D:\Program Files\PowerArchiver\PASHLEXT.DLL” [“ConeXware, Inc.”]

Active Desktop and Wallpaper:

---

Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\

“Wallpaper” = “D:\Documents and Settings\Anath84\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”

Startup items in “Anath84” & “All Users” startup folders:

---

D:\Documents and Settings\Anath84\Menu Start\Programy\Autostart

“Adobe Gamma” -> shortcut to: “D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe” [“Adobe Systems, Inc.”]

D:\Documents and Settings\All Users\Menu Start\Programy\Autostart

“Microsoft Office” -> shortcut to: “D:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l” [MS]

Enabled Scheduled Tasks:

---

“{AFB5CD5A-A7B3-4241-A10D-58127D99F5F0}_DOM-TVN3JS3USHZ_Anath84” -> launches: “D:\WINDOWS\system32\mobsync.exe /Schedule=”{AFB5CD5A-A7B3-4241-A10D-58127D99F5F0}_DOM-TVN3JS3USHZ_Anath84"" [MS]

Winsock2 Service Provider DLLs:

---

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]

000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

---

Explorer Bars

Dormant Explorer Bars in “View, Explorer Bar” menu

HKLM\Software\Classes\CLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = “Volet Wanadoo”

Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32(Default) = “D:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string]

HKLM\Software\Classes\CLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = “ToolBand Class”

Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32(Default) = “D:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string]

HKLM\Software\Classes\CLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = “Volet Wanadoo”

Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32(Default) = “D:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

“MenuText” = “Sun Java Console”

“CLSIDExtension” = “{08B0E5C0-4FCB-11CF-AAA5-00401C608501}”

Miscellaneous IE Hijack Points

---

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

Missing lines (compared with English-language version):

“{08C06D61-F1F3-4799-86F8-BE1A89362C85}” = (no title provided)

-> {HKLM…CLSID} = “Search Class”

\InProcServer32(Default) = “D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL” [empty string]

Running Services (Display Name, Service Name, Path {Service DLL}):

---

avast! Antivirus, avast! Antivirus, ““D:\Program Files\Alwil Software\Avast4\ashServ.exe”” [null data]

avast! iAVS4 Control Service, aswUpdSv, ““D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [null data]

avast! Mail Scanner, avast! Mail Scanner, ““D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”]

avast! Web Scanner, avast! Web Scanner, ““D:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”]

Machine Debug Manager, MDM, ““D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe”” [MS]

NVIDIA Display Driver Service, NVSvc, “D:\WINDOWS\System32\nvsvc32.exe” [“NVIDIA Corporation”]

---

• This report excludes default entries except where indicated.

• To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

• The search for DESKTOP.INI DLL launch points on all local fixed drives

took 150 seconds.

• The search for all Registry CLSIDs containing dormant Explorer Bars

took 19 seconds.

---------- (total run time: 335 seconds)

[color=darkblue][size=75]Złączono Posta: 24.04.2006 (Pon) 22:47[/size][/color]

Proszę sprawdźcie mi ten log z Sillent Runners i przepraszam, że tak sobą zawracam głowę, ale coraz lepiej się w tym całym komputerku łapię

[color=darkblue][size=75]Złączono Posta: 24.04.2006 (Pon) 23:25[/size][/color]

A na koniec tak na wszelki wypadek umieszczam temp. mojego maleństwa :

--------[Czujnik]-----------------------------------------------------------------------------------------------------

Właściwości czujnika:

Typ czujnika ITE IT8705F, National LM90 (ISA 290h, SMBus 4Ch)

Nazwa płyty głównej Soltek 75DRV5

Temperatury:

Płyta główna 51 °C (124 °F)

Procesor 58 °C (136 °F)

Aux 42 °C (108 °F)

Maxtor 6Y060L0 42 °C (108 °F)

Wentylatory:

Procesor 2961 RPM

Wartości napięć:

Napięcie rdzenia procesora 1.62 V

+2.5 V 2.48 V

+3.3 V 3.31 V

+5 V 4.95 V

+12 V 12.22 V

-12 V -12.03 V

-5 V -5.58 V

+5 V podczas wstrzymania pracy 4.97 V

VBAT baterii CMOS 3.06 V

Debug Info F 39 FF FF

Debug Info T 51 201 201

Debug Info V 65 9B CF B8 BF 40 43 (F7)