adamawa
(Adamawa13)
6 Wrzesień 2007 17:49
#1
Koputer wczoraj był formatowany, wszystkie sterowniki zostały instalowane, programy zreinstalowane, dziś wracam z siłowni - włączam gg, chce zamknąć jego okno, program sie weisza wraz z całym systemem - moge tylko poruszać myszką - zero reakcji gdy naciskam na ikone (widac, tak jak bym jej wogole nie naciskal) ani zero reakcji, kiedy chce z pozycji klawiatury włączyć Menu Start czy Menedżer Zadań. Dzieje sie tak za kazdym razem po włączeniu komputera, po paru minutach poprostu sie wiesza bezwzględu na to, co robie. Pisze teraz z Tryby Awaryjnego, ponieważ z tej pozycji chodzi bez problemu.
Logfile of HijackThis v1.99.1 Scan saved at 16:37:47, on 2007-09-06 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE E:\hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O1 - Hosts: 108.112.42.206 ad.doubleclick.net O1 - Hosts: 184.169.44.29 upgrade.bitdefender.com O1 - Hosts: 106.62.59.13 report.bitdefender.com O1 - Hosts: 178.95.95.213 ad.fastclick.net O1 - Hosts: 107.116.117.138 ads.fastclick.net O1 - Hosts: 174.15.27.94 ar.atwola.com O1 - Hosts: 115.27.183.221 atdmt.com O1 - Hosts: 183.97.110.57 avp.ch O1 - Hosts: 114.153.7.176 avp.com O1 - Hosts: 179.51.181.210 avp.ru O1 - Hosts: 108.15.197.227 awaps.net O1 - Hosts: 180.66.164.240 banner.fastclick.net O1 - Hosts: 112.56.109.230 banners.fastclick.net O1 - Hosts: 177.137.61.67 ca.com O1 - Hosts: 111.18.29.102 http://www.ca.com O1 - Hosts: 180.140.140.115 click.atdmt.com O1 - Hosts: 104.148.31.185 clicks.atdmt.com O1 - Hosts: 186.213.124.100 customer.symantec.com O1 - Hosts: 100.96.64.129 dispatch.mcafee.com O1 - Hosts: 183.2.101.136 download.mcafee.com O1 - Hosts: 104.210.98.148 download.microsoft.com O1 - Hosts: 181.159.189.68 downloads.microsoft.com O1 - Hosts: 112.218.150.78 downloads-eu1.kaspersky-labs.com O1 - Hosts: 181.65.170.225 downloads-eu2.kaspersky-labs.com O1 - Hosts: 115.202.138.212 downloads-eu3.kaspersky-labs.com O1 - Hosts: 185.37.50.218 downloads-us1.kaspersky-labs.com O1 - Hosts: 109.114.81.80 downloads-us2.kaspersky-labs.com O1 - Hosts: 180.183.191.200 downloads-us3.kaspersky-labs.com O1 - Hosts: 111.63.81.72 downloads1.kaspersky-labs.com O1 - Hosts: 187.45.123.197 downloads2.kaspersky-labs.com O1 - Hosts: 102.48.18.192 downloads3.kaspersky-labs.com O1 - Hosts: 180.188.144.114 downloads4.kaspersky-labs.com O1 - Hosts: 111.57.62.146 engine.awaps.net O1 - Hosts: 179.113.96.3 f-secure.com O1 - Hosts: 100.178.73.135 fastclick.net O1 - Hosts: 182.38.71.88 ftp.avp.ch O1 - Hosts: 107.152.141.111 ftp.downloads2.kaspersky-labs.com O1 - Hosts: 186.39.46.12 ftp.f-secure.com O1 - Hosts: 106.65.181.226 ftp.kasperskylab.ru O1 - Hosts: 174.100.75.218 ftp.sophos.com O1 - Hosts: 111.138.97.30 go.microsoft.com O1 - Hosts: 174.194.28.31 ids.kaspersky-labs.com O1 - Hosts: 110.101.147.64 kaspersky-labs.com O1 - Hosts: 182.218.134.18 kaspersky.com O1 - Hosts: 110.50.113.133 liveupdate.symantec.com O1 - Hosts: 178.160.128.199 liveupdate.symantecliveupdate.com O1 - Hosts: 115.84.151.31 mast.mcafee.com O1 - Hosts: 185.0.220.131 mcafee.com O1 - Hosts: 109.92.142.185 media.fastclick.net O1 - Hosts: 176.171.191.233 msdn.microsoft.com O1 - Hosts: 103.113.37.211 my-etrust.com O1 - Hosts: 180.172.202.29 nai.com O1 - Hosts: 115.89.143.98 networkassociates.com O1 - Hosts: 174.46.37.27 office.microsoft.com O1 - Hosts: 109.188.51.100 phx.corporate-ir.net O1 - Hosts: 185.45.204.116 rads.mcafee.com O1 - Hosts: 109.120.41.223 secure.nai.com O1 - Hosts: 177.7.179.127 securityresponse.symantec.com O1 - Hosts: 108.217.74.1 service1.symantec.com O1 - Hosts: 183.50.26.181 sophos.com O1 - Hosts: 109.170.21.186 spd.atdmt.com O1 - Hosts: 187.58.188.136 support.microsoft.com O1 - Hosts: 101.13.209.239 symantec.com O1 - Hosts: 176.188.88.223 trendmicro.com O1 - Hosts: 105.130.169.168 update.symantec.com O1 - Hosts: 182.123.36.37 updates.symantec.com O1 - Hosts: 108.110.33.59 updates1.kaspersky-labs.com O1 - Hosts: 183.59.213.85 updates2.kaspersky-labs.com O1 - Hosts: 100.8.14.248 updates3.kaspersky-labs.com O1 - Hosts: 177.203.115.101 updates4.kaspersky-labs.com O1 - Hosts: 115.99.75.57 updates5.kaspersky-labs.com O1 - Hosts: 177.164.21.164 us.mcafee.com O1 - Hosts: 104.191.68.232 vil.nai.com O1 - Hosts: 178.104.12.229 viruslist.com O1 - Hosts: 115.45.29.170 viruslist.ru O1 - Hosts: 180.17.225.124 windowsupdate.microsoft.com O1 - Hosts: 101.14.104.106 http://www.avp.ch O1 - Hosts: 187.220.183.234 http://www.avp.com O1 - Hosts: 106.32.32.175 http://www.avp.ru O1 - Hosts: 186.54.74.45 http://www.awaps.net O1 - Hosts: 101.143.19.123 http://www.ca.com O1 - Hosts: 174.32.86.13 http://www.f-secure.com O1 - Hosts: 105.116.161.207 http://www.fastclick.net O1 - Hosts: 181.161.67.179 http://www.grisoft.com O1 - Hosts: 112.172.26.189 http://www.kaspersky-labs.com O1 - Hosts: 184.209.149.39 http://www.kaspersky.com O1 - Hosts: 101.182.189.240 http://www.kaspersky.ru O1 - Hosts: 173.37.26.35 http://www.mcafee.com O1 - Hosts: 112.46.139.229 http://www.my-etrust.com O1 - Hosts: 178.225.214.176 http://www.nai.com O1 - Hosts: 108.150.114.26 http://www.networkassociates.com O1 - Hosts: 178.182.181.42 http://www.sophos.com O1 - Hosts: 109.208.204.78 http://www.symantec.com O1 - Hosts: 185.128.102.236 http://www.trendmicro.com O1 - Hosts: 106.65.196.108 http://www.viruslist.com O1 - Hosts: 179.223.125.67 http://www.viruslist.ru O1 - Hosts: 103.38.35.138 www3.ca.com O1 - Hosts: 175.24.52.173 avp.ch O1 - Hosts: 112.167.176.41 avp.com O1 - Hosts: 181.132.72.29 avp.ru O1 - Hosts: 108.51.94.92 awaps.net O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7Pro.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\adobereader\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\BitComet\tools\BitCometBHO_1.1.7.4.dll O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [CTHelper] CTHELPER.EXE O4 - HKLM…\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [DAEMON Tools-1033] “E:\Daemon\daemon.exe” -lang 1033 -noicon O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [Windows Firewall] C:\WINDOWS\System32\drivers\svchost.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Windows Firewall] C:\WINDOWS\System32\drivers\svchost.exe O4 - Startup: TrayIt!.lnk = E:\trayit\trayit!.exe O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7Pro.dll O9 - Extra ‘Tools’ menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7Pro.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - E:\BitComet\tools\BitCometBHO_1.1.7.4.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
“Silent Runners.vbs”, revision 46, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “Windows Firewall” = “C:\WINDOWS\System32\drivers\svchost.exe” [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “CTHelper” = “CTHELPER.EXE” [“Creative Technology Ltd”] “UpdReg” = “C:\WINDOWS\UpdReg.EXE” [“Creative Technology Ltd.”] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” [MS] “DAEMON Tools-1033” = ““E:\Daemon\daemon.exe” -lang 1033 -noicon” [“DAEMON’S HOME”] “QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Inc.”] “Windows Firewall” = “C:\WINDOWS\System32\drivers\svchost.exe” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {00011268-E188-40DF-A514-835FCD78B1BF}(Default) = “IE7Pro” -> {HKLM…CLSID} = “IE7Pro BHO” \InProcServer32(Default) = “C:\Program Files\IE7pro\IE7Pro.dll” [“IE7Pro.com ”] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “E:\adobereader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}(Default) = “BitComet ClickCapture” -> {HKLM…CLSID} = “BitComet Helper” \InProcServer32(Default) = “E:\BitComet\tools\BitCometBHO_1.1.7.4.dll” [“BitComet”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{30D02401-6A81-11d0-8274-00C04FD5AE38}” = “IE Search Band” -> {HKLM…CLSID} = “IE Search Band” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}” = “Shell DocObject Viewer” -> {HKLM…CLSID} = “Shell DocObject Viewer” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{FBF23B40-E3F0-101B-8488-00AA003E56F8}” = “InternetShortcut” -> {HKLM…CLSID} = “Internet Shortcut” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{3C374A40-BAE4-11CF-BF7D-00AA006946EE}” = “Microsoft Url History Service” -> {HKLM…CLSID} = “Microsoft Url History Service” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{FF393560-C2A7-11CF-BFF4-444553540000}” = “History” -> {HKLM…CLSID} = “History” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{7BD29E00-76C1-11CF-9DD0-00A0C9034933}” = “Temporary Internet Files” -> {HKLM…CLSID} = “Temporary Internet Files” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{7BD29E01-76C1-11CF-9DD0-00A0C9034933}” = “Temporary Internet Files” -> {HKLM…CLSID} = “Temporary Internet Files” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{CFBFAE00-17A6-11D0-99CB-00C04FD64497}” = “Microsoft Url Search Hook” -> {HKLM…CLSID} = “Microsoft Url Search Hook” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}” = “The Internet” -> {HKLM…CLSID} = “The Internet” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{871C5380-42A0-1069-A2EA-08002B30309D}” = “Internet Name Space” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “E:\WinRAR\rarext.dll” [null data] “{07C45BB1-4A8C-4642-A1F5-237E7215FF66}” = “IE Microsoft BrowserBand” -> {HKLM…CLSID} = “IE Microsoft BrowserBand” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{1C1EDB47-CE22-4bbb-B608-77B48F83C823}” = “IE Fade Task” -> {HKLM…CLSID} = “IE Fade Task” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{205D7A97-F16D-4691-86EF-F3075DCCA57D}” = “IE Menu Desk Bar” -> {HKLM…CLSID} = “IE Menu Desk Bar” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{3028902F-6374-48b2-8DC6-9725E775B926}” = “IE AutoComplete” -> {HKLM…CLSID} = “IE AutoComplete” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{43886CD5-6529-41c4-A707-7B3C92C05E68}” = “IE Navigation Bar” -> {HKLM…CLSID} = “IE Navigation Bar” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{44C76ECD-F7FA-411c-9929-1B77BA77F524}” = “IE Menu Site” -> {HKLM…CLSID} = “IE Menu Site” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{4B78D326-D922-44f9-AF2A-07805C2A3560}” = “IE Menu Band” -> {HKLM…CLSID} = “IE Menu Band” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{6038EF75-ABFC-4e59-AB6F-12D397F6568D}” = “IE Microsoft History AutoComplete List” -> {HKLM…CLSID} = “IE Microsoft History AutoComplete List” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}” = “IE Tracking Shell Menu” -> {HKLM…CLSID} = “IE Tracking Shell Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{6CF48EF8-44CD-45d2-8832-A16EA016311B}” = “IE IShellFolderBand” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{73CFD649-CD48-4fd8-A272-2070EA56526B}” = “IE BandProxy” -> {HKLM…CLSID} = “IE BandProxy” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}” = “IE MRU AutoComplete List” -> {HKLM…CLSID} = “IE MRU AutoComplete List” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E}” = “IE RSS Feeder Folder” -> {HKLM…CLSID} = “IE RSS Feeds Folder” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}” = “IE Microsoft Shell Folder AutoComplete List” -> {HKLM…CLSID} = “IE Microsoft Shell Folder AutoComplete List” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{B31C5FAE-961F-415b-BAF0-E697A5178B94}” = “IE Microsoft Multiple AutoComplete List Container” -> {HKLM…CLSID} = “IE Microsoft Multiple AutoComplete List Container” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}” = “Microsoft Browser Architecture” -> {HKLM…CLSID} = “Microsoft Browser Architecture” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}” = “IE Shell Rebar BandSite” -> {HKLM…CLSID} = “IE Shell Rebar BandSite” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{E6EE9AAC-F76B-4947-8260-A9F136138E11}” = “IE Shell Band Site Menu” -> {HKLM…CLSID} = “IE Shell Band Site Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{F2CF5485-4E02-4f68-819C-B92DE9277049}” = “&Links” -> {HKLM…CLSID} = “&Links” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}” = “IE Registry Tree Options Utility” -> {HKLM…CLSID} = “IE Registry Tree Options Utility” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}” = “IE User Assist” -> {HKLM…CLSID} = “IE User Assist” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}” = “IE Custom MRU AutoCompleted List” -> {HKLM…CLSID} = “IE Custom MRU AutoCompleted List” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{640167b4-59b0-47a6-b335-a6b3c0695aea}” = “Portable Media Devices” -> {HKLM…CLSID} = “Portable Media Devices” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{35786D3C-B075-49b9-88DD-029876E11C01}” = “Portable Devices” -> {HKLM…CLSID} = “Portable Devices” \InProcServer32(Default) = “C:\WINDOWS\system32\wpdshext.dll” [MS] “{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}” = “Portable Devices Menu” -> {HKLM…CLSID} = “Portable Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\wpdshext.dll” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}” -> {HKLM…CLSID} = “WPDShServiceObj Class” \InProcServer32(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “E:\adobereader\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “E:\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “E:\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “E:\WinRAR\rarext.dll” [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Adam\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\system32\logon.scr” [MS] Startup items in “Adam” & “All Users” startup folders: ------------------------------------------------------ C:\Documents and Settings\Adam\Menu Start\Programy\Autostart “TrayIt!” -> shortcut to: “E:\trayit\trayit!.exe” [“Igor Nys”] Enabled Scheduled Tasks: ------------------------ “AppleSoftwareUpdate” -> launches: “C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task” [“Apple Computer, Inc.”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {0026439F-A980-4F18-8C95-4F1CBBF9C1D8}\ “ButtonText” = “IE7Pro Preferences” “MenuText” = “IE7Pro Preferences” “CLSIDExtension” = “{B119EB0C-C021-46CF-85B0-34A760E0D5FE}” -> {HKLM…CLSID} = “IE7Pro ToolsExt” \InProcServer32(Default) = “C:\Program Files\IE7pro\IE7Pro.dll” [“IE7Pro.com ”] {461CC20B-FB6E-4F16-8FE8-C29359DB100E}\ “ButtonText” = “BitComet Search” {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to “Reset Web Settings”) Added lines (compared with English-language version): [strings]: START_PAGE_URL=“http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ” [strings]: MS_START_PAGE_URL=“http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ” Missing lines (compared with English-language version): [strings]: 2 lines HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ HIJACK WARNING! “NavigationFailure” = “res://ieframe.dll/navcancl.htm” [MS] HIJACK WARNING! “DesktopItemNavigationFailure” = “res://ieframe.dll/navcancl.htm” [MS] HIJACK WARNING! “NavigationCanceled” = “res://ieframe.dll/navcancl.htm” [MS] HIJACK WARNING! “OfflineInformation” = “res://ieframe.dll/offcancl.htm” [MS] HIJACK WARNING! “PostNotCached” = “res://ieframe.dll/repost.htm” [MS] HIJACK WARNING! “NoAdd-ons” = “res://ieframe.dll/noaddon.htm” [MS] HIJACK WARNING! “NoAdd-onsInfo” = “res://ieframe.dll/noaddoninfo.htm” [MS] HIJACK WARNING! “SecurityRisk” = “res://ieframe.dll/securityatrisk.htm” [MS] HIJACK WARNING! “Tabs” = “res://ieframe.dll/tabswelcome.htm” [MS] HOSTS file ---------- C:\WINDOWS\System32\drivers\etc\HOSTS maps: 235 domain names to IP addresses, 234 of the IP addresses are *not* localhost! All Non-Disabled Services (Display Name, Service Name, Path {Service DLL}): --------------------------------------------------------------------------- Creative Service for CDROM Access, Creative Service for CDROM Access, “C:\WINDOWS\system32\CTsvcCDA.exe” [“Creative Technology Ltd”] HTTP SSL, HTTPFilter, “C:\WINDOWS\System32\svchost.exe -k HTTPFilter” {“C:\WINDOWS\System32\w3ssl.dll” [MS]} iPod Service, iPod Service, ““C:\Program Files\iPod\bin\iPodService.exe”” [“Apple Inc.”] Karta wydajności WMI, WmiApSrv, “C:\WINDOWS\system32\wbem\wmiapsrv.exe” [MS] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] Usługa administracyjna Menedżera dysków logicznych, dmadmin, “C:\WINDOWS\System32\dmadmin.exe /com” [“Microsoft Corp., Veritas Software”] Usługa dostarczania sieci, xmlprov, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\xmlprov.dll” [MS]} Usługa numeru seryjnego multimediów przenośnych, WmdmPmSN, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\system32\MsPMSNSv.dll” [MS]} Usługa udostępniania w sieci programu Windows Media Player, WMPNetworkSvc, ““C:\Program Files\Windows Media Player\WMPNetwk.exe”” [MS] Windows Driver Foundation - User-mode Driver Framework, WudfSvc, “C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup” {“C:\WINDOWS\System32\WUDFSvc.dll” [MS]} WMDM PMSP Service, WMDM PMSP Service, “C:\WINDOWS\system32\MsPMSPSv.exe” [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer “No” at the first message box. ---------- (total run time: 28 seconds, including 10 seconds for message boxes)
Gutek
(Gutek)
6 Wrzesień 2007 19:51
#2
Użyj programu HostsXpert i ustaw domyślne ustawienia plikowi hosts.
Daj log z ComboFix
Gutek
(Gutek)
6 Wrzesień 2007 20:25
#4
Otwórz Notatnik i wklej w nim to:
Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.
Pobierz program SDFix
adamawa
(Adamawa13)
6 Wrzesień 2007 20:37
#5
Ciągle siedze w trybie awaryjnym …
adamawa
(Adamawa13)
6 Wrzesień 2007 20:53
#7
Dzięki za pomoc, ale nestety nie jest Ok - problem pozostaje. Zauważyłem że przed zwiechą włacza sie w menedżerze zadan ciś ala: wmipriv.exe (nie musi być dokładnie, może mspriv…) … ? i po tym chyba załapało zwieche.
Gutek
(Gutek)
6 Wrzesień 2007 21:03
#8
adamawa
(Adamawa13)
7 Wrzesień 2007 13:32
#9
Plik dokładnie sie nazywa: msprivs.exe
Optymalizacje Autostartu i czyszczenie rejestru zrobiłem EasyCleaner’em.
Raport:
Gutek
(Gutek)
7 Wrzesień 2007 21:59
#10
ściągacie cracki a później problem!
Wyłącz i włącz przywracanie systemu
Użyj Pocket Killbox . Zaznaczasz opcję Delete on Reboot i w polu Full Path of File to Delete wklejasz ścieżkę
C:\WINDOWS\System32\msprivs.exe
i naciskasz X czerwony . Program poprosi o reset kompa … czyli resetujesz.
adamawa
(Adamawa13)
8 Wrzesień 2007 09:31
#11
Watpie że to przez to, nie pamiętam kiedy go ostatnio odpalałem, a napewno nie po formacie.
Robie tak jak piszesz, i kiedy kończy sie odliczanie wyskakuje to:
Wydaje mi sie, że taki plik nie istnieje, ponieważ sam go chciałem usunąć i znalazłem tylko msprivs. dll , wiec mozę powinienem ten plik usunąć? Ale pojawiła sie jeszcze jedna opcja do zaznaczenia - unregtister dll before deleting… zaznaczać to?
EDIT: problem rozwiazany. Oczywiśćei zdarza sie, żę człowiek jest omylny - chodizło o inny plik - wmipriv*.exe, usunełęm go killbotem i po kłopocie. Dzięki za pomoc.
Gutek
(Gutek)
8 Wrzesień 2007 16:28
#12
ale ściągnołeś.
Użyj Pocket Killbox w trybie awaryjnym