Internet i komputer od kilku dni coraz wolniejsze:(

Honkisz · 22 Maj 2008 09:59

Witam. Od paru dni internet i ogólnie komputer coraz wolniej chodza:(strony ładują sie długo (1.3MB) programy włączają sie po kilku sedundach:9prosze o sprawdzenie logów.dziękuje i pozdrawiam

HiJack

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:52:51, on 2008-05-22

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"

O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"

O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Neostrada TP.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {961480A1-6231-445F-AF8F-5F52B081391A} (Image Uploader) - http://www.zdjecia.foto-hit.com/e-photoshop/fotohit_com/uploader/PoewarePhotoSender.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{00F6794B-97F8-4B08-96B5-65922C37322E}: NameServer = 194.204.159.1 217.98.63.164

O17 - HKLM\System\CS1\Services\Tcpip\..\{00F6794B-97F8-4B08-96B5-65922C37322E}: NameServer = 194.204.159.1 217.98.63.164

O20 - Winlogon Notify: winhab32 - C:\WINDOWS\SYSTEM32\winhab32.dll

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


--

End of file - 6009 bytes

Silent Runners

"Silent Runners.vbs", revision 58, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"DAEMON Tools Pro Agent" = ""C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"" ["DT Soft Ltd."]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020" ["Nero AG"]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"CnxDslTaskBar" = ""C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"" ["Conexant Systems, Inc."]

"SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]

"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]

"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"NeroFilterCheck" = "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" ["Nero AG"]

"NBKeyScan" = ""C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"" ["Nero AG"]

"RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]

"LanguageShortcut" = ""C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"" [null data]

"(Default)" = "(empty string)" [file not found]

"Sony Ericsson PC Suite" = ""C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions" ["Sony Ericsson Mobile Communications AB"]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "AcroIEHlprObj Class"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll" ["Sun Microsystems, Inc."]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

  -> {HKLM...CLSID} = "DesktopContext Class"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

  -> {HKLM...CLSID} = "NVIDIA CPL Extension"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

  -> {HKLM...CLSID} = "Desktop Explorer"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

  -> {HKLM...CLSID} = "nView Desktop Context Menu"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "Nokia Phone Browser"

  -> {HKLM...CLSID} = "Nokia Phone Browser"

                   \InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\phonebrowser.dll" ["Nokia"]

"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"

  -> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"

                   \InProcServer32\(Default) = "C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]

"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"

  -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"

  -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{A5110426-177D-4e08-AB3F-785F10B4439C}" = "Sony Ericsson File Manager"

  -> {HKLM...CLSID} = "Sony Ericsson File Manager"

                   \InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll" ["Sony Ericsson Mobile Communications AB"]


HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<> winhab32\DLLName = "winhab32.dll" [null data]


HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"

  -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]


HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"

  -> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"

                   \InProcServer32\(Default) = "C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------


Note: detected settings may not have any effect.


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Nowak\Dane aplikacji\Microsoft\Internet Explorer\Tapeta programu Internet Explorer.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]



Windows Portable Device AutoPlay Handlers

-----------------------------------------


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\


MPCPlayCDAudioOnArrival\

"Provider" = "Media Player Classic"

"InvokeProgID" = "MediaPlayerClassic.Autorun"

"InvokeVerb" = "PlayCDAudio"

HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" ["Gabest"]


MPCPlayDVDMovieOnArrival\

"Provider" = "Media Player Classic"

"InvokeProgID" = "MediaPlayerClassic.Autorun"

"InvokeVerb" = "PlayDVDMovie"

HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" ["Gabest"]


MPCPlayMusicFilesOnArrival\

"Provider" = "Media Player Classic"

"InvokeProgID" = "MediaPlayerClassic.Autorun"

"InvokeVerb" = "PlayMusicFiles"

HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]


MPCPlayVideoFilesOnArrival\

"Provider" = "Media Player Classic"

"InvokeProgID" = "MediaPlayerClassic.Autorun"

"InvokeVerb" = "PlayVideoFiles"

HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]


MSPlayCDAudioOnArrival\

"Provider" = "ALLPlayer"

"InvokeProgID" = "AllPlayerFile"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\AllPlayerFile\shell\play\command\(Default) = ""C:\Program Files\MarBit\ALLPlayer\ALLPlayer.exe" "%1"" ["MarBit"]


NeroAutoPlay8AudioToNeroDigital\

"Provider" = "Nero Burning ROM"

"InvokeProgID" = "Nero.AutoPlay8"

"InvokeVerb" = "AudioToNeroDigital_PlayCDAudioOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]


NeroAutoPlay8CDAudio\

"Provider" = "Nero Express"

"InvokeProgID" = "Nero.AutoPlay8"

"InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:AudioCD" ["Nero AG"]


NeroAutoPlay8CopyCD\

"Provider" = "Nero Burning ROM"

"InvokeProgID" = "Nero.AutoPlay8"

"InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe /Dialog:DiscCopy %L" ["Nero AG"]


NeroAutoPlay8DataDisc_CD\

"Provider" = "Nero Express"

"InvokeProgID" = "Nero.AutoPlay8"

"InvokeVerb" = "DataDisc_CD_HandleCDBurningOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_CD_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:ISODisc /Media:CD %L" ["Nero AG"]


NeroAutoPlay8DataDisc_DVD\

"Provider" = "Nero Express"

"InvokeProgID" = "Nero.AutoPlay8"

"InvokeVerb" = "DataDisc_DVD_HandleDVDBurningOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_DVD_HandleDVDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:ISODisc /Media:DVD %L" ["Nero AG"]


NeroAutoPlay8LaunchNeroStartSmart\

"Provider" = "Nero StartSmart"

"InvokeProgID" = "Nero.AutoPlay8"

"InvokeVerb" = "LaunchNeroStartSmart_HandleDVDBurningOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\LaunchNeroStartSmart_HandleDVDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]


NeroAutoPlay8PlayAudioCD\

"Provider" = "Nero ShowTime"

"InvokeProgID" = "Nero.AutoPlay8"

"InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]


NeroAutoPlay8PlayDVD\

"Provider" = "Nero ShowTime"

"InvokeProgID" = "Nero.AutoPlay8"

"InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]


NeroAutoPlay8RipCD\

"Provider" = "Nero Burning ROM"

"InvokeProgID" = "Nero.AutoPlay8"

"InvokeVerb" = "RipCD_PlayCDAudioOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]


NeroAutoPlay8TranscodeVideo\

"Provider" = "Nero Recode"

"InvokeProgID" = "Nero.AutoPlay8"

"InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"]


NeroAutoPlay8VideoCapture\

"Provider" = "Nero Vision"

"ProgID" = "Shell.HWEventHandlerShellExecute"

"InitCmdLine" = ""C:\Program Files\Nero\Nero8\Nero Vision\NeroVision.exe" /New:VideoCapture"

HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"

  -> {HKLM...CLSID} = "ShellExecute HW Event Handler"

                   \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]


NeroAutoPlay8ViewPhotos\

"Provider" = "Nero PhotoSnap Viewer"

"InvokeProgID" = "Nero.AutoPlay8"

"InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"]


NMMPlayCDAudioOnArrival\

"Provider" = "Nokia Music Manager"

"InvokeProgID" = "NokiaMusicManager"

"InvokeVerb" = "NMMPlayCD"

HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMPlayCD\command\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\MusicManager.exe /playCD "%L"" ["Nokia"]


NMMRipCDAudioOnArrival\

"Provider" = "Nokia Music Manager"

"InvokeProgID" = "NokiaMusicManager"

"InvokeVerb" = "NMMRipCD"

HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMRipCD\command\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\MusicManager.exe /ripCD "%L"" ["Nokia"]


PDVDPlayCDAudioOnArrival\

"Provider" = "PowerDVD"

"InvokeProgID" = "AudioCD"

"InvokeVerb" = "PlayWithPowerDVD"

HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%L"" ["CyberLink Corp."]


PDVDPlayDVDMovieOnArrival\

"Provider" = "PowerDVD"

"InvokeProgID" = "DVD"

"InvokeVerb" = "PlayWithPowerDVD"

HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]


PDVDPlayVCDMovieOnArrival\

"Provider" = "PowerDVD"

"InvokeProgID" = "VCD"

"InvokeVerb" = "PlayWithPowerDVD"

HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]


WinampMTPHandler\

"Provider" = "Winamp"

"ProgID" = "Shell.HWEventHandlerShellExecute"

"InitCmdLine" = "C:\Program Files\Winamp\winamp.exe"

HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"

  -> {HKLM...CLSID} = "ShellExecute HW Event Handler"

                   \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]


WinampPlayMediaOnArrival\

"Provider" = "Winamp"

"InvokeProgID" = "Winamp.File"

"InvokeVerb" = "Play"

HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"]

HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"

  -> {HKLM...CLSID} = (no title provided)

                   \LocalServer32\(Default) = ""C:\Program Files\Winamp\winamp.exe"" ["Nullsoft"]



Startup items in "Nowak" & "All Users" startup folders:

-------------------------------------------------------


C:\Documents and Settings\Nowak\Menu Start\Programy\Autostart

"Neostrada TP" -> shortcut to: "" [file not found]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 20

%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06



Toolbars, Explorer Bars, Extensions:

------------------------------------


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}"

  -> {HKCU...CLSID} = "Java Plug-in 1.6.0_05"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll" ["Sun Microsystems, Inc."]

  -> {HKLM...CLSID} = "Java Plug-in 1.6.0_05"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll" ["Sun Microsystems, Inc."]


{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


Cyberlink RichVideo Service(CRVS), RichVideo, ""C:\Program Files\CyberLink\Shared files\RichVideo.exe"" [empty string]

Nero BackItUp Scheduler 3, Nero BackItUp Scheduler 3, "C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe" ["Nero AG"]

NMIndexingService, NMIndexingService, ""C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe"" ["Nero AG"]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

PLFlash DeviceIoControl Service, PLFlash DeviceIoControl Service, "C:\WINDOWS\system32\IoctlSvc.exe" ["Prolific Technology Inc."]

ServiceLayer, ServiceLayer, ""C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"" ["Nokia."]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]



---------- (launch time: 2008-05-22 11:54:01)

<>: Suspicious data at a malware launch point.


+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 37 seconds.

---------- (total run time: 66 seconds)

huber2t · 22 Maj 2008 10:01

fix w hijackthis

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

File::

C:\WINDOWS\SYSTEM32\winhab32.dll

Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

Rozpocznie się usuwanie i powstanie log, daj ten log na forum.

Honkisz · 22 Maj 2008 10:16

ComboFix 08-05-21.2 - Nowak 2008-05-22 12:10:43.1 - NTFSx86

huber2t · 22 Maj 2008 10:24

Log wyglada na czysty

Usuń ręcznie folder C:\Qoobox,usuń instalkę Combofix z dysku

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj komputer tym (uruchom przez IE) http://www.kaspersky.pl/virusscanner.html Daj raport z niego na forum

Włącz przywracanie systemu.

Honkisz · 22 Maj 2008 15:56

Oto raport z Kasperskiego

------------------------------------------------------------------------------

 KASPERSKY ONLINE SCANNER REPORT

 22 maj 2008 17:53:07

 System operacyjny: Microsoft Windows XP Professional, Dodatek Service Pack 2 (Build 2600)

 Kaspersky Online Scanner wersja: 5.0.98.0

 Ostatnia aktualizacja Kaspersky Anti-Virus22/05/2008

 Liczba wpisów w bazie danych Kaspersky Anti-Virus794702

-------------------------------------------------------------------------------


Ustawienia skanowania:

	Skanowanie przy użyciu następujących baz danych: rozszerzone

	Skanuj archiwa: tak

	Skanuj pocztowe bazy danych: tak


Obszar skanowania - Mój komputer:

	C:\

	D:\

	E:\

	G:\


Statystyki skanowania:

	Liczba skanowanych obiektów: 65330

	Liczba wykrytych wirusów: 2

	Liczba zainfekowanych obiektów: 3

	Liczba podejrzanych obiektów: 0

	Czas trwania skanowania: 01:59:38


Nazwa zainfekowanego obiektu / Nazwa wirusa / Ostatnie działanie

C:\Documents and Settings\All Users\Dane aplikacji\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log	Object is locked	pominięty

C:\Documents and Settings\LocalService\Cookies\index.dat	Object is locked	pominięty

C:\Documents and Settings\LocalService\NTUSER.DAT	Object is locked	pominięty

C:\Documents and Settings\LocalService\ntuser.dat.LOG	Object is locked	pominięty

C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat	Object is locked	pominięty

C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	pominięty

C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\index.dat	Object is locked	pominięty

C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat	Object is locked	pominięty

C:\Documents and Settings\NetworkService\NTUSER.DAT	Object is locked	pominięty

C:\Documents and Settings\NetworkService\ntuser.dat.LOG	Object is locked	pominięty

C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat	Object is locked	pominięty

C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	pominięty

C:\Documents and Settings\Nowak\Cookies\index.dat	Object is locked	pominięty

C:\Documents and Settings\Nowak\ntuser.dat	Object is locked	pominięty

C:\Documents and Settings\Nowak\ntuser.dat.LOG	Object is locked	pominięty

C:\Documents and Settings\Nowak\Ustawienia lokalne\Dane aplikacji\Ahead\Nero Home\bl.db	Object is locked	pominięty

C:\Documents and Settings\Nowak\Ustawienia lokalne\Dane aplikacji\Ahead\Nero Home\is2.db	Object is locked	pominięty

C:\Documents and Settings\Nowak\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat	Object is locked	pominięty

C:\Documents and Settings\Nowak\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	pominięty

C:\Documents and Settings\Nowak\Ustawienia lokalne\Historia\History.IE5\index.dat	Object is locked	pominięty

C:\Documents and Settings\Nowak\Ustawienia lokalne\Temp\Perflib_Perfdata_760.dat	Object is locked	pominięty

C:\Documents and Settings\Nowak\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat	Object is locked	pominięty

C:\Program Files\Nero\Nero8\Nero BackItUp\BIU1.txt	Object is locked	pominięty

C:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	pominięty

C:\WINDOWS\Debug\PASSWD.LOG	Object is locked	pominięty

C:\WINDOWS\SchedLgU.Txt	Object is locked	pominięty

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log	Object is locked	pominięty

C:\WINDOWS\system32\CatRoot2\edb.log	Object is locked	pominięty

C:\WINDOWS\system32\CatRoot2\tmp.edb	Object is locked	pominięty

C:\WINDOWS\system32\cisvc.exe.tmp	Zainfekowanych: Trojan-Downloader.Win32.Small.uos	pominięty

C:\WINDOWS\system32\config\AppEvent.Evt	Object is locked	pominięty

C:\WINDOWS\system32\config\default	Object is locked	pominięty

C:\WINDOWS\system32\config\default.LOG	Object is locked	pominięty

C:\WINDOWS\system32\config\SAM	Object is locked	pominięty

C:\WINDOWS\system32\config\SAM.LOG	Object is locked	pominięty

C:\WINDOWS\system32\config\SecEvent.Evt	Object is locked	pominięty

C:\WINDOWS\system32\config\SECURITY	Object is locked	pominięty

C:\WINDOWS\system32\config\SECURITY.LOG	Object is locked	pominięty

C:\WINDOWS\system32\config\software	Object is locked	pominięty

C:\WINDOWS\system32\config\software.LOG	Object is locked	pominięty

C:\WINDOWS\system32\config\SysEvent.Evt	Object is locked	pominięty

C:\WINDOWS\system32\config\system	Object is locked	pominięty

C:\WINDOWS\system32\config\system.LOG	Object is locked	pominięty

C:\WINDOWS\system32\drivers\sptd.sys	Object is locked	pominięty

C:\WINDOWS\system32\h323log.txt	Object is locked	pominięty

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR	Object is locked	pominięty

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP	Object is locked	pominięty

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER	Object is locked	pominięty

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP	Object is locked	pominięty

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP	Object is locked	pominięty

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA	Object is locked	pominięty

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP	Object is locked	pominięty

C:\WINDOWS\system32\winmyy32.dll	Zainfekowanych: Trojan.Win32.Dialer.yz	pominięty

C:\WINDOWS\system32\winrkp32.dll	Zainfekowanych: Trojan.Win32.Dialer.yz	pominięty

C:\WINDOWS\WindowsUpdate.log	Object is locked	pominięty

D:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	pominięty


Proces skanowania został zakończony.

huber2t · 22 Maj 2008 16:07

Pobierz Avenger

wklej do niego ten tekst:

Files to delete:

C:\WINDOWS\system32\cisvc.exe.tmp

C:\WINDOWS\system32\winmyy32.dll

C:\WINDOWS\system32\winrkp32.dll

kopiuj to i klikasz na Paste Script from Clipboard wybierasz Execute oraz Potwierdzasz i zgadzasz się na restart klikając OK.

Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt

Honkisz · 22 Maj 2008 20:11

Nie moge usunąć tych wpisów :(wyskakuje błąd “Error:Invalid scipt. A valid script must begin with a command directive. Aborting execution!”. Co mam zrobic?

W dniu 22.05.2008 , o godzinie 22:11 został dopisany post przez Honkisz

Dobrze juz sie udało Oto Logi:

//////////////////////////////////////////

  Avenger Pre-Processor log

//////////////////////////////////////////


Platform: Windows XP (build 2600, Dodatek Service Pack 2)

Thu May 22 18:57:27 2008


18:57:27: Error: Invalid script. A valid script must begin with a command directive.

Aborting execution!



//////////////////////////////////////////



//////////////////////////////////////////

  Avenger Pre-Processor log

//////////////////////////////////////////


Platform: Windows XP (build 2600, Dodatek Service Pack 2)

Thu May 22 18:57:38 2008


18:57:38: Error: Invalid script. A valid script must begin with a command directive.

Aborting execution!



//////////////////////////////////////////



//////////////////////////////////////////

  Avenger Pre-Processor log

//////////////////////////////////////////


Platform: Windows XP (build 2600, Dodatek Service Pack 2)

Thu May 22 18:57:45 2008


18:57:45: Error: Invalid script. A valid script must begin with a command directive.

Aborting execution!



//////////////////////////////////////////



//////////////////////////////////////////

  Avenger Pre-Processor log

//////////////////////////////////////////


Platform: Windows XP (build 2600, Dodatek Service Pack 2)

Thu May 22 21:17:11 2008


21:17:11: Error: Invalid script. A valid script must begin with a command directive.

Aborting execution!



//////////////////////////////////////////



//////////////////////////////////////////

  Avenger Pre-Processor log

//////////////////////////////////////////


Platform: Windows XP (build 2600, Dodatek Service Pack 2)

Thu May 22 21:17:35 2008


21:17:35: Error: Invalid script. A valid script must begin with a command directive.

Aborting execution!



//////////////////////////////////////////



//////////////////////////////////////////

  Avenger Pre-Processor log

//////////////////////////////////////////


Platform: Windows XP (build 2600, Dodatek Service Pack 2)

Thu May 22 21:18:04 2008


21:18:04: Error: Invalid script. A valid script must begin with a command directive.

Aborting execution!



//////////////////////////////////////////



//////////////////////////////////////////

  Avenger Pre-Processor log

//////////////////////////////////////////


Platform: Windows XP (build 2600, Dodatek Service Pack 2)

Thu May 22 21:18:16 2008


21:18:16: Error: Invalid script. A valid script must begin with a command directive.

Aborting execution!



//////////////////////////////////////////



//////////////////////////////////////////

  Avenger Pre-Processor log

//////////////////////////////////////////


Platform: Windows XP (build 2600, Dodatek Service Pack 2)

Thu May 22 21:18:46 2008


21:18:46: Error: Invalid script. A valid script must begin with a command directive.

Aborting execution!



//////////////////////////////////////////



//////////////////////////////////////////

  Avenger Pre-Processor log

//////////////////////////////////////////


Platform: Windows XP (build 2600, Dodatek Service Pack 2)

Thu May 22 21:20:59 2008


21:20:59: Error: Invalid script. A valid script must begin with a command directive.

Aborting execution!



//////////////////////////////////////////



//////////////////////////////////////////

  Avenger Pre-Processor log

//////////////////////////////////////////


Platform: Windows XP (build 2600, Dodatek Service Pack 2)

Thu May 22 21:21:27 2008


21:21:27: Error: Invalid script. A valid script must begin with a command directive.

Aborting execution!



//////////////////////////////////////////



//////////////////////////////////////////

  Avenger Pre-Processor log

//////////////////////////////////////////


Platform: Windows XP (build 2600, Dodatek Service Pack 2)

Thu May 22 21:21:57 2008


21:21:57: Error: Invalid script. A valid script must begin with a command directive.

Aborting execution!



//////////////////////////////////////////



//////////////////////////////////////////

  Avenger Pre-Processor log

//////////////////////////////////////////


Platform: Windows XP (build 2600, Dodatek Service Pack 2)

Thu May 22 21:22:22 2008


21:22:22: Error: Invalid script. A valid script must begin with a command directive.

Aborting execution!



//////////////////////////////////////////



//////////////////////////////////////////

  Avenger Pre-Processor log

//////////////////////////////////////////


Platform: Windows XP (build 2600, Dodatek Service Pack 2)

Thu May 22 21:22:52 2008


21:22:52: Error: Invalid script. A valid script must begin with a command directive.

Aborting execution!



//////////////////////////////////////////



//////////////////////////////////////////

  Avenger Pre-Processor log

//////////////////////////////////////////


Platform: Windows XP (build 2600, Dodatek Service Pack 2)

Thu May 22 21:22:55 2008


21:22:55: Error: Invalid script. A valid script must begin with a command directive.

Aborting execution!



//////////////////////////////////////////



//////////////////////////////////////////

  Avenger Pre-Processor log

//////////////////////////////////////////


Platform: Windows XP (build 2600, Dodatek Service Pack 2)

Thu May 22 22:07:24 2008


22:07:24: Error: Invalid script. A valid script must begin with a command directive.

Aborting execution!



//////////////////////////////////////////



//////////////////////////////////////////

  Avenger Pre-Processor log

//////////////////////////////////////////


Platform: Windows XP (build 2600, Dodatek Service Pack 2)

Thu May 22 22:07:30 2008


22:07:30: Error: Invalid script. A valid script must begin with a command directive.

Aborting execution!



//////////////////////////////////////////



//////////////////////////////////////////

  Avenger Pre-Processor log

//////////////////////////////////////////


Platform: Windows XP (build 2600, Dodatek Service Pack 2)

Thu May 22 22:07:32 2008


22:07:32: Error: Invalid script. A valid script must begin with a command directive.

Aborting execution!



//////////////////////////////////////////



//////////////////////////////////////////

  Avenger Pre-Processor log

//////////////////////////////////////////


Platform: Windows XP (build 2600, Dodatek Service Pack 2)

Thu May 22 22:07:36 2008


22:07:36: Error: Invalid script. A valid script must begin with a command directive.

Aborting execution!



//////////////////////////////////////////



Logfile of The Avenger Version 2.0, (c) by Swandog46

http://swandog46.geekstogo.com


Platform: Windows XP


*******************


Script file opened successfully.

Script file read successfully.


Backups directory opened successfully at C:\Avenger


*******************


Beginning to process script file:


Rootkit scan active.

No rootkits found!


File "C:\WINDOWS\system32\cisvc.exe.tmp" deleted successfully.

File "C:\WINDOWS\system32\winmyy32.dll" deleted successfully.

File "C:\WINDOWS\system32\winrkp32.dll" deleted successfully.


Completed script processing.


*******************


Finished! Terminate.

huber2t · 23 Maj 2008 02:58

Pliki się ładnie usuneły więc wszystko powinno być ok

Honkisz · 23 Maj 2008 07:46

No teraz komputer działa jak nalezy Internet również dziękuje Ci bardzo za pomoc.pozdrawiam