Dziwne dzialanie systemu - prosze o sprawdzenie loga

system · 2 Lipiec 2007 09:19

Mam problem z systemem - czasem zawiesza sie w momencie bootowania (na tym ekranie gdzie pod logiem Microsoftu przesuwają się trzy prostokąciki w polu), czasem się uruchamia, ale działa bardzo wolno (ładowanie trwa koło 5 minut), a czasem uruchamia się normalnie. Nie wiem co z tym zrobić - proszę o pomoc - wklejam logi

Logfile of HijackThis v1.99.1 Scan saved at 11:11:11, on 2007-07-02 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Autoconnect\AutoConnect.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Girder3\Girder.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Winamp\winamp.exe D:\Drobne\TESTY\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ultraedit.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: BHOAd - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\xhelper.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM…\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM…\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM…\Run: [HP Software Update] “C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe” O4 - HKLM…\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe” O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM…\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [AutoConnect] C:\Program Files\Autoconnect\AutoConnect.exe O4 - Startup: Girder3.lnk = C:\Program Files\Girder3\Girder.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip…{6855EB5F-BA19-4DEB-AA69-CE6EF0D91AD4}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “DAEMON Tools” = ““C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033” [“DT Soft Ltd.”] “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”] “AutoConnect” = “C:\Program Files\Autoconnect\AutoConnect.exe” [“http://autoconnect.prv.pl”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “zBrowser Launcher” = “C:\Program Files\Logitech\iTouch\iTouch.exe” [“Logitech Inc.”] “DeviceDiscovery” = “C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe” [“Hewlett-Packard”] “Share-to-Web Namespace Daemon” = “C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe” [“Hewlett-Packard”] “HP Software Update” = ““C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe”” [“Hewlett-Packard”] “HP Component Manager” = ““C:\Program Files\HP\hpcoretech\hpcmpmgr.exe”” [“Hewlett-Packard Company”] “HPDJ Taskbar Utility” = “C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe” [“HP”] “AVG7_CC” = “C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP” [“GRISOFT, s.r.o.”] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “SunJavaUpdateSched” = ““C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {22BF413B-C6D2-4d91-82A9-A0F997BA588C}(Default) = “Skype add-on (mastermind)” -> {HKLM…CLSID} = “Skype add-on (mastermind)” \InProcServer32(Default) = “C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL” [“Skype Technologies S.A.”] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}(Default) = “flashget urlcatch” -> {HKLM…CLSID} = “FGCatchUrl” \InProcServer32(Default) = “C:\Program Files\FlashGet\jccatch.dll” [“www.flashget.com”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll” [“Sun Microsystems, Inc.”] {85589B5D-D53D-4237-A677-46B82EA275F3}(Default) = “BHOAd” -> {HKLM…CLSID} = “XML Helper” \InProcServer32(Default) = “C:\WINDOWS\xhelper.dll” [null data] {F156768E-81EF-470C-9057-481BA8380DBA}(Default) = (no title provided) -> {HKLM…CLSID} = “FlashGet GetFlash Class” \InProcServer32(Default) = “C:\Program Files\FlashGet\getflash.dll” [“www.flashget.com”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}” = “AVG7 Shell Extension” -> {HKLM…CLSID} = “AVG7 Shell Extension Class” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG7\avgse.dll” [“GRISOFT, s.r.o.”] “{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}” = “AVG7 Find Extension” -> {HKLM…CLSID} = “AVG7 Find Extension Class” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG7\avgse.dll” [“GRISOFT, s.r.o.”] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{B327765E-D724-4347-8B16-78AE18552FC3}” = “NeroDigitalIconHandler” -> {HKLM…CLSID} = “NeroDigitalIconHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll” [“Nero AG”] “{7F1CF152-04F8-453A-B34C-E609530A9DC8}” = “NeroDigitalPropSheetHandler” -> {HKLM…CLSID} = “NeroDigitalPropSheetHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll” [“Nero AG”] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] “{A5110426-177D-4e08-AB3F-785F10B4439C}” = “My Phones” -> {HKLM…CLSID} = “My Phones” \InProcServer32(Default) = “C:\Program Files\Sony Ericsson\Mobile\File Manager\fmgrgui.dll” [“Sony Ericsson Mobile Communications AB”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}(Default) = “NeroDigitalExt.NeroDigitalColumnHandler” -> {HKLM…CLSID} = “NeroDigitalColumnHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll” [“Nero AG”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ AVG7 Shell Extension(Default) = “{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}” -> {HKLM…CLSID} = “AVG7 Shell Extension Class” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG7\avgse.dll” [“GRISOFT, s.r.o.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ AVG7 Shell Extension(Default) = “{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}” -> {HKLM…CLSID} = “AVG7 Shell Extension Class” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG7\avgse.dll” [“GRISOFT, s.r.o.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS] Startup items in “Janik” & “All Users” startup folders: ------------------------------------------------------- C:\Documents and Settings\Janik\Menu Start\Programy\Autostart “Girder3” -> shortcut to: “C:\Program Files\Girder3\Girder.exe” [“Bessems-IT”] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “DSLMON” -> shortcut to: “C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe” [empty string] Enabled Scheduled Tasks: ------------------------ “At1” -> launches: “C:\WINDOWS\system32\4Y54btyX.exe” [null data] “At10” -> launches: “C:\WINDOWS\system32\4Y54btyX.exe” [null data] “At11” -> launches: “C:\WINDOWS\system32\4Y54btyX.exe” [null data] “At12” -> launches: “C:\WINDOWS\system32\4Y54btyX.exe” [null data] “At13” -> launches: “C:\WINDOWS\system32\4Y54btyX.exe” [null data] “At14” -> launches: “C:\WINDOWS\system32\4Y54btyX.exe” [null data] “At15” -> launches: “C:\WINDOWS\system32\4Y54btyX.exe” [null data] “At16” -> launches: “C:\WINDOWS\system32\4Y54btyX.exe” [null data] “At17” -> launches: “C:\WINDOWS\system32\4Y54btyX.exe” [null data] “At18” -> launches: “C:\WINDOWS\system32\4Y54btyX.exe” [null data] “At19” -> launches: “C:\WINDOWS\system32\4Y54btyX.exe” [null data] “At2” -> launches: “C:\WINDOWS\system32\4Y54btyX.exe” [null data] “At20” -> launches: “C:\WINDOWS\system32\4Y54btyX.exe” [null data] “At21” -> launches: “C:\WINDOWS\system32\4Y54btyX.exe” [null data] “At22” -> launches: “C:\WINDOWS\system32\4Y54btyX.exe” [null data] “At23” -> launches: “C:\WINDOWS\system32\4Y54btyX.exe” [null data] “At24” -> launches: “C:\WINDOWS\system32\4Y54btyX.exe” [null data] “At3” -> launches: “C:\WINDOWS\system32\4Y54btyX.exe” [null data] “At4” -> launches: “C:\WINDOWS\system32\4Y54btyX.exe” [null data] “At5” -> launches: “C:\WINDOWS\system32\4Y54btyX.exe” [null data] “At6” -> launches: “C:\WINDOWS\system32\4Y54btyX.exe” [null data] “At7” -> launches: “C:\WINDOWS\system32\4Y54btyX.exe” [null data] “At8” -> launches: “C:\WINDOWS\system32\4Y54btyX.exe” [null data] “At9” -> launches: “C:\WINDOWS\system32\4Y54btyX.exe” [null data] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 18 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.6.0_01” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.6.0_01” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll” [“Sun Microsystems, Inc.”] {77BF5300-1474-4EC7-9980-D32B190E9B07}\ “ButtonText” = “Skype” “CLSIDExtension” = “{77BF5300-1474-4EC7-9980-D32B190E9B07}” -> {HKLM…CLSID} = “Skype add-on (button)” \InProcServer32(Default) = “C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL” [“Skype Technologies S.A.”] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” {D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\ “ButtonText” = “FlashGet” “MenuText” = “FlashGet” “Exec” = “C:\Program Files\FlashGet\FlashGet.exe” [“FlashGet.com”] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\system32\Ati2evxx.exe” [“ATI Technologies Inc.”] AVG E-mail Scanner, AVGEMS, “C:\PROGRA~1\Grisoft\AVG7\avgemc.exe” [“GRISOFT, s.r.o.”] AVG7 Alert Manager Server, Avg7Alrt, “C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe” [“GRISOFT, s.r.o.”] AVG7 Update Service, Avg7UpdSvc, “C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe” [“GRISOFT, s.r.o.”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzsnt09\Driver = “hpzsnt09.dll” [“HP”] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 79 seconds. ---------- (total run time: 134 seconds)

slake · 2 Lipiec 2007 09:35

Plik na czerwono usuń ręcznie w trybie awaryjnym z wyłączonym przywracaniem systemu,a wpisy zafixuj.

Otwórz Notatnik i wklej:

Plik->Zapisz jako->ustaw rozszerzenie na Wszystkie pliki ->zapisz plik pod nazwą FIX.REG i odpal go w trybie awaryjnym.

Pokaż log z ComboFix.

adam9870 · 2 Lipiec 2007 10:40

lord_daron zastosuj się do instrukcji przedstawionych poniżej, a nie do instrukcji slake.

Ściągnij program KillBox, zaznacz Delete on reboot , w polu full path of file wklej kolejno ścieżki:

C:\WINDOWS\system32\4Y54btyX.exe

C:\WINDOWS\xhelper.dll

Po wklejeniu każdej ścieżki z osobna kliknij na czerwonego iksa, ale dopiero po wklejeniu ostatniej zgódź się na restart.

Usuń powyżej przedstawiony wpis korzystając z HijackThis.

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Start >>> programy >>> akcesoria >>> narzędzia systemowe >>> zaplanowane zadania >>> skasuj wszystkie wpisy At.

Po wykonaniu wklej log z ComboFix. Aby zrobić w nim log należy go uruchomić => nacisnąć klawisz Y => czekać cierpliwie i log powinien być w formie pliku .txt o nazwie combofix na partycji C.

Agaton · 2 Lipiec 2007 11:31

slake

W kluczu:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

znajdują się klucze, a nie wartości więc FIX.REG powinien wyglądać tak jak wskazał Adam 9870 :

W tym temacie została Ci uż zwrócona uwaga na niestaranne, chwilami szkodliwe sprawdzanie logów. Mimo to - brniesz dalej. Pomijasz syf do usunięcia a zalecasz usuwanie zainstalowanych programów, jak np.

w temacie

http://forum.dobreprogramy.pl/viewtopic.php?t=167851

Od tej chwili masz zakaz pisania w tym dziale, gdy zignorujesz - zamieni się w Zakaz pisania na Forum.

system · 2 Lipiec 2007 11:40

Zastosowałem się do wszystkiego co napisał adam9870

a oto log ComboFox

ComboFix 07-06-18.2 - C:\Documents and Settings\Janik\Pulpit\ComboFix.exe “Janik” - 2007-07-02 13:37:39 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-06-02 to 2007-07-02 ))))))))))))))))))))))))))))))) 2007-07-02 13:37 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-07-02 13:14 2007-06-26 15:37 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll 2007-06-26 15:37 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2007-06-26 15:37 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll 2007-06-26 15:37 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll 2007-06-26 15:37 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll 2007-06-26 15:37 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2007-06-26 15:37 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll 2007-06-26 15:36 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll 2007-06-26 15:36 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2007-06-26 15:28 2007-06-24 14:19 2007-06-20 22:03 2007-06-13 21:23 2007-06-09 22:21 2007-06-07 23:00 2007-06-07 14:03 2007-06-07 13:23 2007-06-06 23:44 2007-06-05 19:38 2007-06-04 20:18 22,016 --a------ C:\WINDOWS\system32\drivers\MSIRCOMM.sys 2007-06-04 20:13 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys 2007-06-04 20:13 8,192 --a------ C:\WINDOWS\system32\wshirda.dll 2007-06-04 20:13 27,648 --a------ C:\WINDOWS\system32\irmon.dll 2007-06-04 20:13 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys 2007-06-04 20:13 153,088 --a------ C:\WINDOWS\system32\irftp.exe 2007-06-04 20:12 26,624 --a------ C:\WINDOWS\system32\drivers\irstusb.sys 2007-06-04 20:10 2007-06-04 20:10 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-02 11:33:42 -------- d-----w C:\Program Files\Autoconnect 2007-06-30 17:42:24 -------- d-----w C:\DOCUME~1\Janik\DANEAP~1\Skype 2007-06-28 18:34:41 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-06-26 13:28:35 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-06-10 15:53:21 -------- d-----w C:\DOCUME~1\Janik\DANEAP~1\Hamachi 2007-06-10 11:44:21 -------- d-----w C:\Program Files\FileZilla 2007-06-01 15:48:00 -------- d–h--r C:\DOCUME~1\Janik\DANEAP~1\SecuROM 2007-06-01 15:29:38 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-05-31 21:05:52 -------- d-----w C:\DOCUME~1\Janik\DANEAP~1\Media Player Classic 2007-05-31 19:39:34 -------- d-----w C:\Program Files\SubRip 2007-05-30 17:41:20 -------- d-----w C:\DOCUME~1\Janik\DANEAP~1\AdobeUM 2007-05-30 13:44:21 -------- d-----w C:\DOCUME~1\Janik\DANEAP~1\Sports Interactive 2007-05-30 13:42:05 -------- d-----w C:\Program Files\Hamachi 2007-05-30 13:41:48 10,578 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2007-05-29 16:39:28 -------- d-----w C:\Program Files\Delphi7SE 2007-05-29 16:23:20 -------- d-----w C:\Program Files\BitComet 2007-05-28 08:22:39 -------- d-----w C:\Program Files\mp3DirectCut 2007-05-26 16:29:41 -------- d-----w C:\Program Files\Winamp 2007-05-26 14:48:47 -------- d-----w C:\Program Files\Common Files\ODBC 2007-05-26 14:48:45 -------- d-----w C:\Program Files\Common Files\SpeechEngines 2007-05-26 14:34:43 -------- d-----w C:\DOCUME~1\Janik\DANEAP~1\MusicIP 2007-05-26 14:14:59 3,353 ----a-w C:\WINDOWS\mozver.dat 2007-05-26 14:01:07 0 ----a-w C:\WINDOWS\nsreg.dat 2007-05-26 14:00:15 -------- d-----w C:\DOCUME~1\Janik\DANEAP~1\Gadu-Gadu 2007-05-26 13:59:54 -------- d-----w C:\Program Files\Gadu-Gadu 2007-05-26 13:59:20 -------- d-----w C:\Program Files\Skype 2007-05-26 13:59:20 -------- d-----w C:\Program Files\Common Files\Skype 2007-05-26 13:59:19 -------- d-----w C:\Program Files\BearShare 2007-05-26 13:53:26 -------- d-----w C:\Program Files\SAGEM 2007-05-26 13:50:00 -------- d-----w C:\Program Files\Microsoft.NET 2007-05-26 13:44:50 -------- d-----w C:\Program Files\DAEMON Tools 2007-05-26 13:43:28 646,392 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-05-26 13:42:35 -------- d-----w C:\DOCUME~1\Janik\DANEAP~1\Ahead 2007-05-26 13:41:59 -------- d-----w C:\Program Files\Nero 2007-05-26 13:41:59 -------- d-----w C:\Program Files\Common Files\Ahead 2007-05-26 13:40:30 -------- d-----w C:\Program Files\TC PowerPack 2007-05-26 13:39:31 -------- d-----w C:\Program Files\CDex 2007-05-26 13:38:24 -------- d-----w C:\Program Files\MarBit 2007-05-26 13:38:09 -------- d-----w C:\Program Files\Real Alternative 2007-05-26 13:38:07 -------- d-----w C:\Program Files\Media Player Classic 2007-05-26 13:38:06 -------- d-----w C:\DOCUME~1\Janik\DANEAP~1\Real 2007-05-26 13:37:56 -------- d-----w C:\Program Files\QuickTime Alternative 2007-05-26 13:37:44 -------- d-----w C:\Program Files\AC3Filter 2007-05-26 13:37:30 -------- d-----w C:\Program Files\DivX 2007-05-26 13:35:42 -------- d-----w C:\Program Files\Girder3 2007-05-26 13:34:47 796,672 ----a-w C:\WINDOWS\GPInstall.exe 2007-05-26 13:34:41 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll 2007-05-26 13:34:41 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2007-05-26 13:32:30 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS 2007-05-26 13:29:03 -------- d-----w C:\Program Files\Hewlett-Packard 2007-05-26 13:25:03 -------- d-----w C:\DOCUME~1\Janik\DANEAP~1\Hewlett-Packard 2007-05-26 13:23:25 -------- d-----w C:\DOCUME~1\Janik\DANEAP~1\Folder przesyłania Share-to-Web 2007-05-26 13:23:20 -------- d-----w C:\Program Files\Common Files\Hewlett-Packard 2007-05-26 13:20:12 -------- d-----w C:\Program Files\HP 2007-05-26 13:17:07 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-05-26 13:17:07 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-05-26 13:16:45 -------- d-----w C:\Program Files\Common Files\Logitech 2007-05-26 13:16:43 -------- d-----w C:\Program Files\Logitech 2007-05-26 13:06:06 -------- d-----w C:\Program Files\Realtek Sound Manager 2007-05-26 13:06:06 -------- d-----w C:\Program Files\AvRack 2007-05-26 13:05:30 -------- d-----w C:\Program Files\AMD 2007-05-26 12:59:03 -------- d-----w C:\Program Files\microsoft frontpage 2007-05-26 12:58:48 0 --sha-r C:\MSDOS.SYS 2007-05-26 12:58:48 0 --sha-r C:\IO.SYS 2007-05-26 12:57:38 -------- d–h--w C:\Program Files\WindowsUpdate 2007-05-26 12:57:36 -------- d-----w C:\Program Files\Usługi online 2007-05-26 12:56:52 -------- d-----w C:\Program Files\Common Files\MSSoap 2007-05-26 12:56:44 -------- d-----w C:\Program Files\Movie Maker 2007-05-26 12:55:56 21,856 ----a-w C:\WINDOWS\system32\emptyregdb.dat 2007-05-26 12:55:38 -------- d-----w C:\Program Files\Messenger 2007-05-26 12:55:33 -------- d-----w C:\Program Files\MSN Gaming Zone 2007-05-26 12:55:24 -------- d-----w C:\Program Files\Windows NT ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-05-12 00:47] {22BF413B-C6D2-4d91-82A9-A0F997BA588C}=C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL [2007-01-12 13:55] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=C:\Program Files\FlashGet\jccatch.dll [2007-05-16 11:03] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] {F156768E-81EF-470C-9057-481BA8380DBA}=C:\Program Files\FlashGet\getflash.dll [2007-05-16 07:05] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SoundMan”=“SOUNDMAN.EXE” [2004-12-22 11:09 C:\WINDOWS\SOUNDMAN.EXE] “zBrowser Launcher”=“C:\Program Files\Logitech\iTouch\iTouch.exe” [2002-11-23 02:15] “DeviceDiscovery”=“C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe” [2003-05-21 18:37] “Share-to-Web Namespace Daemon”=“C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe” [2002-04-17 10:42] “HP Software Update”=“C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe” [2003-06-25 11:24] “HP Component Manager”=“C:\Program Files\HP\hpcoretech\hpcmpmgr.exe” [2003-10-23 19:51] “AVG7_CC”=“C:\PROGRA~1\Grisoft\AVG7\avgcc.exe” [2007-05-26 15:34] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” [2007-03-14 03:43] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 01:44] “DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2006-11-12 12:48] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 16:36] “AutoConnect”=“C:\Program Files\Autoconnect\AutoConnect.exe” [2005-09-05 00:44] ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-02 13:38:30 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-02 13:38:52 — E O F —

Po ponownym uruchomieniu komputera wyskakują mi błędy

81b84232ab3d9d03.html

0de9f711b11f4d98.html

Gdy je zamknę (niezależnie co kliknę w tym drugim) w pierwszym klikam nie wysyłaj rozłancza mi neta (mam neo) i mogę się połączyć dopiero po restarcie kompa. CO ROBIĆ??

adam9870 · 2 Lipiec 2007 12:10

Log czysty.

Co do błędów pojawiających się podczas uruchamiania systemu - zobacz - Błąd Generic host Process for Win32 Services

system · 2 Lipiec 2007 12:19

A czym może być spowodowany ten błąd??

adam9870 · 2 Lipiec 2007 12:22

Wspomniany błąd jest spowodowany brakiem odpowiedniego zabezpieczenia zainstalowanego systemu operacyjnego. Robak powodujący pojawianie się wspomnianego błędu przedostaje się do systemu poprzez luki w systemie. Jedyną możliwą radą na uniknięcie tego typu sytuacji jest aktualizowanie na bieżąco systemu oraz zabezpieczenie systemu poprzez zainstalowanie odpowiedniego oprogramowania zabezpieczającego jak firewall, czy antyvirus.

system · 2 Lipiec 2007 12:29

Czyli nawet jak zainstaluje łatkę która jest w linku który mi dałeś to nadal nie usunę tego robaka, a jedynie usunę problem z wyskakującym komunikatem??

adam9870 · 2 Lipiec 2007 12:34

Pobierając i instalując łatkę/łatki usuniesz robaka i zabezpieczysz system na przyszłość przed jego zainfekowaniem.

system · 2 Lipiec 2007 12:55

Dobra już wszystko działa - dzięki za pomoc