Dymek Critical System Errors oraz System performance monitor


(Reneb7) #1

Witam serdecznie,

Mam proble z dymkiem critical system errors :frowning: . Poza tym na pasku IE pojawily mi sie jakies nowe skroty a co jakis czas pokazuje sie inny dymek:"system performance monitor: warning". Pr贸bowa艂am sobie z nimi poradzic za pomoc膮 SmitFraudFix ale nie wiem dlaczego nie moge go uruchomic. Zamieszczam utworzone loga i prosze o pomoc w wykryciu tych paskud zebym wiedziala co mam usunac:)

dodam jeszcze ze w programach mialam zainstalowane jakies: ivideocodec oraz IE pluggin 2006 (chyba jakos tak) te nazwy pojawiaja sie w logach mimo ze z programow juz je usunelam.

Dziekuje za wszelka pomoc! :slight_smile:

Logfile of HijackThis v1.99.1

Scan saved at 22:05:01, on 2006-11-08

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\iVideoCodec\isamonitor.exe

C:\Program Files\iVideoCodec\pmsngr.exe

C:\Program Files\iVideoCodec\pmmon.exe

C:\Program Files\iVideoCodec\isamini.exe

C:\Program Files\ahead\InCD\InCD.exe

C:\WINDOWS\essspk.exe

C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Program Files\A-DATA\USB Flash Disk Utility\PLBkMon.exe

C:\WINDOWS\system32\HotfixQ0306270.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

E:\ !!

C:\Documents and Settings\All Users\Dokumenty\Neostrada TP\NeostradaTP.exe

C:\Documents and Settings\All Users\Dokumenty\Neostrada TP\ComComp.exe

C:\Documents and Settings\All Users\Dokumenty\Neostrada TP\Watch.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\DOCUME~1\Renata\USTAWI~1\Temp\Katalog tymczasowy 1 dla hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 艁膮cza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

O2 - BHO: (no name) - {274c0420-ebe0-4f1d-b473-edd1aa9b85dd} - C:\Program Files\iVideoCodec\isaddon.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)

O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [inCD] C:\Program Files\ahead\InCD\InCD.exe

O4 - HKLM..\Run: [EssSpkPhone] essspk.exe

O4 - HKLM..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

O4 - HKLM..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM..\Run: [ADATA_PLUtil] C:\Program Files\A-DATA\USB Flash Disk Utility\PLBkMon.exe

O4 - HKLM..\Run: [PLFFAP] C:\WINDOWS\system32\HotfixQ0306270.exe

O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - HKLM..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU..\Run: [Gadu-Gadu] "E:\ !!

O8 - Extra context menu item: Eksport do programu Microsoft Excel - c:\program files\microsoft office\office\excel.exe

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll

O16 - DPF: ING Bank Online - https://ssl.bsk.com.pl/bskonl/component/INGOnl.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.burj-al-arab.com/flashcab/ipix/ipixx.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab

O17 - HKLM\System\CCS\Services\Tcpip..{DB7FFCAB-AC1B-458B-8109-E4C43FE83422}: NameServer = 194.204.152.34 217.98.63.164

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: bonspells - {11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - C:\WINDOWS\system32\okkmtv.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Serwis struktury programu McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]

"Gadu-Gadu" = ""E:\ !!

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}

"isamonitor.exe" = "C:\Program Files\iVideoCodec\isamonitor.exe" [null data]

"pmsngr.exe" = "C:\Program Files\iVideoCodec\pmsngr.exe" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"InCD" = "C:\Program Files\ahead\InCD\InCD.exe" ["Copyright 漏 ahead software gmbh and its licensors"]

"EssSpkPhone" = "essspk.exe" [null data]

"WheelMouse" = "C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" ["A4Tech Co.,Ltd."]

"ElbyCheckElbyCDFL" = ""C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL" ["Elaborate Bytes"]

"SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]

"ADATA_PLUtil" = "C:\Program Files\A-DATA\USB Flash Disk Utility\PLBkMon.exe" ["Prolific Technology Inc."]

"PLFFAP" = "C:\WINDOWS\system32\HotfixQ0306270.exe" ["Prolific Technology Inc."]

"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]

"ccRegVfy" = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" ["Symantec Corporation"]

"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" ["HP"]

"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe" ["Symantec Corporation"]

"ShStatEXE" = ""C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE" ["Network Associates, Inc."]

"McAfeeUpdaterUI" = ""C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey" ["Network Associates, Inc."]

"Network Associates Error Reporting Service" = ""C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"" ["Network Associates, Inc."]

"DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" [file not found]

"WooCnxMon" = "C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [file not found]

"WOOWATCH" = "C:\PROGRA~1\NEOSTR~1\Watch.exe" [file not found]

"WOOTASKBARICON" = "C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

  • {HKLM...CLSID} = "AcroIEHlprObj Class"

\InProcServer32(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]

{259F616C-A300-44F5-B04A-ED001A26C85C}(Default) = (no title provided)

  • {HKLM...CLSID} = "Solid Converter PDF"

\InProcServer32(Default) = "C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll" ["VoyagerSoft, LLC"]

{274c0420-ebe0-4f1d-b473-edd1aa9b85dd}(Default) = (no title provided)

  • {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "C:\Program Files\iVideoCodec\isaddon.dll" [null data]

{BDF3E430-B101-42AD-A544-FADC6B084872}(Default) = "NAV Helper"

  • {HKLM...CLSID} = "CNavExtBho Class"

\InProcServer32(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  • {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Eksplorator pulpit贸w"

  • {HKLM...CLSID} = "Eksplorator pulpit贸w"

\InProcServer32(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  • {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

  • {HKLM...CLSID} = "Rozszerzenie ikon plik贸w programu Outlook"

\InProcServer32(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

  • {HKLM...CLSID} = "Portable Media Devices Menu"

\InProcServer32(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  • {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{259F616C-A300-44F5-B04A-ED001A26C85C}" = "SolidConverter extension"

  • {HKLM...CLSID} = "Solid Converter PDF"

\InProcServer32(Default) = "C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll" ["VoyagerSoft, LLC"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\

"{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}" = "bonspells"

  • {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "C:\WINDOWS\system32\okkmtv.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"bonspells" = "{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}"

  • {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "C:\WINDOWS\system32\okkmtv.dll" [null data]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

SolidConverterPDF(Default) = "{259F616C-A300-44F5-B04A-ED001A26C85C}"

  • {HKLM...CLSID} = "Solid Converter PDF"

\InProcServer32(Default) = "C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll" ["VoyagerSoft, LLC"]

Symantec.Norton.Antivirus.IEContextMenu(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"

  • {HKLM...CLSID} = "IEContextMenu Class"

\InProcServer32(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" [file not found]

VirusScan(Default) = "{cda2863e-2497-4c49-9b89-06840e070a87}"

  • {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "C:\Program Files\Network Associates\VirusScan\shext.dll" ["Network Associates, Inc."]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  • {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

VirusScan(Default) = "{cda2863e-2497-4c49-9b89-06840e070a87}"

  • {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "C:\Program Files\Network Associates\VirusScan\shext.dll" ["Network Associates, Inc."]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  • {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

SolidConverterPDF(Default) = "{259F616C-A300-44F5-B04A-ED001A26C85C}"

  • {HKLM...CLSID} = "Solid Converter PDF"

\InProcServer32(Default) = "C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll" ["VoyagerSoft, LLC"]

Symantec.Norton.Antivirus.IEContextMenu(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"

  • {HKLM...CLSID} = "IEContextMenu Class"

\InProcServer32(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" [file not found]

VirusScan(Default) = "{cda2863e-2497-4c49-9b89-06840e070a87}"

  • {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "C:\Program Files\Network Associates\VirusScan\shext.dll" ["Network Associates, Inc."]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  • {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

Group Policies {policy setting}:


Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Renata\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Enabled Screen Saver:


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]

Winsock2 Service Provider DLLs:


Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:


Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"

  • {HKLM...CLSID} = "Norton AntiVirus"

\InProcServer32(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" [file not found]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"

  • {HKLM...CLSID} = "Norton AntiVirus"

\InProcServer32(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" [file not found]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"

  • {HKLM...CLSID} = "Norton AntiVirus"

\InProcServer32(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" [file not found]

"{259F616C-A300-44F5-B04A-ED001A26C85C}" = (no title provided)

  • {HKLM...CLSID} = "Solid Converter PDF"

\InProcServer32(Default) = "C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll" ["VoyagerSoft, LLC"]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = "Volet Wanadoo"

Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [file not found]

HKLM\Software\Classes\CLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = "ToolBand Class"

Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [file not found]

HKLM\Software\Classes\CLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = "Volet Wanadoo"

Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [file not found]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{85D1F590-48F4-11D9-9669-0800200C9A66}\

"MenuText" = "Uninstall BitDefender Online Scanner v8"

"Exec" = "%windir%\bdoscandel.exe" [null data]

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\

Miscellaneous IE Hijack Points


HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

"{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)

  • {HKLM...CLSID} = "Search Class"

\InProcServer32(Default) = "C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [file not found]

Running Services (Display Name, Service Name, Path {Service DLL}):


Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS]

Network Associates McShield, McShield, ""C:\Program Files\Network Associates\VirusScan\Mcshield.exe"" ["Network Associates, Inc."]

Network Associates Task Manager, McTaskManager, ""C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe"" ["Network Associates, Inc."]

NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]

PLFlash DeviceIoControl Service, PLFlash DeviceIoControl Service, "C:\WINDOWS\system32\IoctlSvc.exe" ["Prolific Technology Inc."]

Serwis struktury programu McAfee, McAfeeFramework, "C:\Program Files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart" ["Network Associates, Inc."]

Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]

Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\system32\MsPMSPSv.exe" [MS]

Print Monitors:


HKLM\System\CurrentControlSet\Control\Print\Monitors\

PDF-XChange\Driver = "pxc25pm.dll" ["Tracker Software"]


: Suspicious data at a malware launch point.

: Suspicious data at a browser hijack point.

  • This report excludes default entries except where indicated.

  • To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

  • The search for DESKTOP.INI DLL launch points on all local fixed drives

took 73 seconds.

---------- (total run time: 187 seconds)


(Myszonus) #2

reneb7 u偶yj U偶yj SmitFraudFix 鈥 tu masz opis. - opcja 2.

Potem daj log z Silent Runners 鈥 tu masz opis.

:slight_smile:

czary2mary odpu艣膰 sobie ... co to ma na celu ? :roll:


(Reneb7) #3

NIe moge uruchomi膰 SmitFraudFix :frowning: jak probuje sie dostosowac do wskazowek podanych to wyskakuje mi taki komunikat na czerwonym tle:

SmitFraudFix v2.119

Fichier Process.exe absent !

Dezippez la totalit茅 de l'archive dans un dossier.

Process.exe file missing !

Unzip all the archive in a folder.

Aby kontynuowa膰, naci艣nij dowolny klawisz . . .

Jak naciskam dowolny klawisz to nic sie juz nie dzieje. Pr贸bowa艂am wgrywa膰 program kilka razy, ale za ka偶dym razem to samo...

Ratujcie please..


(Gutek) #4

KOSZ

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE - POPRAW


(Reneb7) #5

NIe rozumiem co z tym koszem? :frowning: Przyznaje ze zaden ze mnie znawca komputer贸w choc sie staram :slight_smile:

czy jest jakies rozwiazanie? boje sie ze juz mam cala mase jakis wirusow a moj kolega proponuje mi formatownie, wolalabym tego uniknac jednak...

Z艂膮czono Posta : 09.11.2006 (Czw) 21:45

czyli wklejam zaznaczam i znacznik? przyznaje ze jestem zielona :oops:


(Gutek) #6

Cytuj臋:


(Reneb7) #7

niestety przy sciaganiu nie mam zadnych komunikatow o bledach lub kasowaniu, wyglada jakby sciagal program ale jak otwieram paczke to juz nie wyglada to tak jak na forach no i dalej czerowe tlo i reszta... probowalam z innych zrodel - to samo. wyglada jakby mi cos kasowalo ten plik przy sciaganiu tylko ze nie mam zadnych komunikatow ze program zostal blednie sciagniety..


(Gutek) #8

Sp贸rbuj uruchomi膰 w trybie awaryjnym


(Reneb7) #9

probowalam to samo :frowning:

a teraz dodatkowo mam nowy dymek z security alertem o jakims PSW.x-Vir trojanem...

rany juz mnie glowa boli walcze z tym juz drugi dzien i ciagle nic nie moge zrobic..

moze zrobic jeszcze jedne logi tylko z code??


(Gutek) #10

usu艅 wpisy HJT a plik i folder r臋cznie w trybie awaryjnym

Otw贸rz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Ustaw rozszerzenie z TXT na Wszystkie pliki >>> zapisz pod nazw膮 FIX.REG >>> kliknij podw贸jnie zrobiony plik i potwierd藕 >>> reset kompa

po wszystkim nowe logi z Silenta i HJT


(Reneb7) #11

Wszystko zrobilam wg wskazowek i dymki zginely! !!

Prosze tylko o sprawdzenie loga z Silenta i HJT. Czy mam jeszcze wgrywac SmitFraudFixa zeby sprawdzic czy juz moge go uzywac?


(Gutek) #12

Plik >>> Zapisz jako >>> Ustaw rozszerzenie z TXT na Wszystkie pliki >>> zapisz pod nazw膮 FIX.REG >>> kliknij podw贸jnie zrobiony plik i potwierd藕 >>> reset kompa

I ju偶 b臋dzie OK

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177 albo jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509


(Reneb7) #13

Dzieki bardzo bardzo za wszystko! !!

Jeszcze raz bardzo wielkie dzieki :smiley: Jestes 8)