Witam
Komputer co jakis czas przy wlaczaniu wyswietla komunikat o bledzie explore.exe. Po czym wszystk z pulpitu znika i musze resetowac komputer.Podobny problem mam z IE podczas przegladania internetu pojawia sie blad o iexplore.exe i przegladarka sie wylacza.Pomocy nieiwem co robic ;/ NA wszelki wypadek zalacze logi.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:29, on 2009-07-06
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wpabaln.exe
C:\DOCUME~1\Piotrek\USTAWI~1\Temp\oustca.exe
C:\DOCUME~1\Piotrek\USTAWI~1\Temp\ugysyy.exe
C:\DOCUME~1\Piotrek\USTAWI~1\Temp\winodfc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM…\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM…\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [Gadu-Gadu] “D:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
–
End of file - 2545 bytes
“Silent Runners.vbs”, revision 59, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS]
“Gadu-Gadu” = ““D:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
“ATIPTA” = “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [“ATI Technologies, Inc.”]
“PWRISOVM.EXE” = “D:\Program Files\PowerISO\PWRISOVM.EXE” [“PowerISO Computing, Inc.”]
“KernelFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -k”
“UserFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -u”
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”
-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”
\InProcServer32(Default) = “deskpan.dll” [file not found]
“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”
-> {HKLM…CLSID} = “HyperTerminal Icon Ext”
\InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”]
“{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}” = “PowerISO”
-> {HKLM…CLSID} = “PowerISO”
\InProcServer32(Default) = “D:\Program Files\PowerISO\PWRISOSH.DLL” [“PowerISO Computing, Inc.”]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<> AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”]
HKLM\SOFTWARE\Classes*\shellex\ContextMenuHandlers\
PowerISO(Default) = “{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}”
-> {HKLM…CLSID} = “PowerISO”
\InProcServer32(Default) = “D:\Program Files\PowerISO\PWRISOSH.DLL” [“PowerISO Computing, Inc.”]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
PowerISO(Default) = “{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}”
-> {HKLM…CLSID} = “PowerISO”
\InProcServer32(Default) = “D:\Program Files\PowerISO\PWRISOSH.DLL” [“PowerISO Computing, Inc.”]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
PowerISO(Default) = “{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}”
-> {HKLM…CLSID} = “PowerISO”
\InProcServer32(Default) = “D:\Program Files\PowerISO\PWRISOSH.DLL” [“PowerISO Computing, Inc.”]
Group Policies {policy setting}:
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
“DisableTaskMgr” = (REG_DWORD) dword:0x00000001
{Remove Task Manager}
“DisableRegistryTools” = (REG_DWORD) dword:0x00000001
{Prevent access to registry editing tools}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
“shutdownwithoutlogon” = (REG_DWORD) dword:0x00000001
{Shutdown: Allow system to be shut down without having to log on}
“undockwithoutlogon” = (REG_DWORD) dword:0x00000001
{Devices: Allow undock without having to log on}
“EnableLUA” = (REG_DWORD) dword:0x00000000
{User Account Control: Run All Administrators In Admin Approval Mode}
Active Desktop and Wallpaper:
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
“Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp”
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
“Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp”
Winsock2 Service Provider DLLs:
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]
000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range:
%SystemRoot%\system32\mswsock.dll [MS], 1 - 3
%SystemRoot%\system32\rsvpsp.dll [MS], 4 - 5
Toolbars, Explorer Bars, Extensions:
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
“ButtonText” = “Messenger”
“MenuText” = “Windows Messenger”
“Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
<> The running services cannot be counted.
Presence of a spyware service is suspected.
The script has been forced to exit.
---------- (launch time: 2009-07-06 10:41:14)
<>: Suspicious data at a malware launch point.
-
This report excludes default entries except where indicated.
-
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
- To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer “No” at the
first message box and “Yes” at the second message box.
---------- (total run time: 77 seconds, including 1 second for message boxes)
Z góry dieki za pomoc 