Witam, nie znam sie zbytnio na kompach ale z zasytosowalem sie do wskazowek z tego forum i zrobilem scan hijackiem. Czy moglby ktos go sprawdzic i powiedziec czy cos jest nie tak??
Logfile of HijackThis v1.99.1 Scan saved at 09:56:20, on 2006-03-04 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\winlog.exe C:\WINDOWS\system32\anti_troj.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\system32\winlog.exe C:\WINDOWS\system32\anti_troj.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Symantec AntiVirus\VPC32.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\WinRAR\WinRAR.exe C:\Documents and Settings\Marek\Pulpit\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assistant … gn=efc0605 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.accoona.com/search_assistant … gn=efc0605 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM…\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe” O4 - HKLM…\Run: [HP Software Update] “C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe” O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray O4 - HKLM…\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start O4 - HKLM…\Run: [CorelDRAW Graphics Suite 11b] D:\Corel 12\Languages\PL\Programs\Registration.exe /title=“CorelDRAW Graphics Suite 12” /date=031706 serial=DR12WEF-7276283-MMV lang=PL O4 - HKLM…\Run: [key2] C:\WINDOWS\system32\winlog.exe O4 - HKLM…\Run: [anti_troj] C:\WINDOWS\system32\anti_troj.exe O4 - HKLM…\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKCU…\Run: [key2] C:\WINDOWS\system32\winlog.exe O4 - HKCU…\Run: [anti_troj] C:\WINDOWS\system32\anti_troj.exe O4 - HKCU…\Run: [german.exe] C:\WINDOWS\system32\wintems.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll O9 - Extra ‘Tools’ menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: http://www.mks.com.pl O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing) O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing) O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
moze to glupie pytanie, ale przy wlaczaniu komputera nie pojawia mi sie opcja zeby uruchomic w trybie awaryjnym, wiec za abrdzo nie wiem ak to zrobic…
wpisy w hi jacku naprawilem bez awaryjnego ale pliki skasowac sie nie chca
probowalem f8 ale nie dzialal… sprobuje ejszcze raz
adam9870
(adam9870)
4 Marzec 2006 10:10
#6
jak tym razem tez nie zadziala to spruboj F5
Gutek
(Gutek)
4 Marzec 2006 10:14
#7
mistrzgalaktyki przeczytaj co ja dokładnie napisałem
zrobilem to co powiedziales ale komp dalej zwalnia
teraz wyglada to tak:
Logfile of HijackThis v1.99.1 Scan saved at 11:15:52, on 2006-03-04 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\Explorer.EXE C:\windows\system32\spoolsv.exe C:\windows\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\windows\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Symantec AntiVirus\DoScan.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Marek\Pulpit\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM…\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe” O4 - HKLM…\Run: [HP Software Update] “C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe” O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray O4 - HKLM…\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start O4 - HKLM…\Run: [CorelDRAW Graphics Suite 11b] D:\Corel 12\Languages\PL\Programs\Registration.exe /title=“CorelDRAW Graphics Suite 12” /date=031706 serial=DR12WEF-7276283-MMV lang=PL O4 - HKLM…\Run: [anti_troj] C:\windows\system32\anti_troj.exe O4 - HKLM…\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKCU…\Run: [german.exe] C:\windows\system32\wintems.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll O9 - Extra ‘Tools’ menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: http://www.mks.com.pl O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Gutek
(Gutek)
4 Marzec 2006 10:33
#9
najpierw użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable. Po użyciu tego narzędzia wymagany jest reset sysa i przejdź do trybu awaryjnego i pliki na czerwonousuń ręcznie
Poczytaj Optymalizacja XP: http://www.searchengines.pl/phpbb203/in … topic=5989
Proph3T
(Proph3t)
4 Marzec 2006 10:39
#10
To może podaj jaki masz kofig głównie ile masz RAM-u
te pliki usunalem juz wczesniej. nie ma ich. nie wiem czemy wyswietlaja sie w logu
Złączono Posta : 04.03.2006 (Sob) 12:13
jeszcze jedno - przy wlączaniu kompa pojawia mi się wiadomość:
nieprawidlowy plik BOOT.INI
rozruch z C:/Windows/
Gutek
(Gutek)
4 Marzec 2006 11:23
#12
Daj nowy log z HJT
w memu uruchom wpisz:
notepad c:boot.ini
jeżeli coś wyskoczy w notepadzie(oczywiście text) to znaczy że on jest i tylko wpisz
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=“Microsoft Windows XP” /fastdetect
Jeżeli jest pusty to też to wpisz i zapisz. Potem reset
plik byl pusty. wpisalem co mowiles ale przy starcie pojawia sie ta sama wiadomosc.
a to log:
Logfile of HijackThis v1.99.1 Scan saved at 12:37:56, on 2006-03-04 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\windows\Explorer.EXE C:\windows\system32\spoolsv.exe C:\windows\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\windows\System32\svchost.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\Symantec AntiVirus\DoScan.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe D:\Marcin\programy\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM…\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe” O4 - HKLM…\Run: [HP Software Update] “C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe” O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray O4 - HKLM…\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start O4 - HKLM…\Run: [CorelDRAW Graphics Suite 11b] D:\Corel 12\Languages\PL\Programs\Registration.exe /title=“CorelDRAW Graphics Suite 12” /date=031706 serial=DR12WEF-7276283-MMV lang=PL O4 - HKLM…\Run: [anti_troj] C:\windows\system32\anti_troj.exe O4 - HKLM…\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKCU…\Run: [german.exe] C:\windows\system32\wintems.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll O9 - Extra ‘Tools’ menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: http://www.mks.com.pl O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Gutek
(Gutek)
4 Marzec 2006 11:46
#14
mistrzgalaktyki:
wpisalem co mowiles ale
dałeś zapisz?
Zobacz http://support.microsoft.com//kb/330184/pl
Pliki nadal sa:
Użyj Pocket Killbox . Zaznaczasz opcję Delete on Reboot oraz All Files i w polu Full Path of File to Delete wklejasz ścieżki C:\WINDOWS\System32\wintems.exe
C:\WINDOWS\System32\anti_troj.exe i naciskasz X czerwony . Program poprosi o reset kompa … czyli resetujesz.
zrobilem co mowiles ale chyba nic nie dalo
nowy log:
Logfile of HijackThis v1.99.1 Scan saved at 13:27:03, on 2006-03-04 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\windows\system32\spoolsv.exe C:\windows\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\windows\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Symantec AntiVirus\DoScan.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\Mozilla Firefox\firefox.exe D:\Marcin\programy\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM…\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe” O4 - HKLM…\Run: [HP Software Update] “C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe” O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray O4 - HKLM…\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start O4 - HKLM…\Run: [CorelDRAW Graphics Suite 11b] D:\Corel 12\Languages\PL\Programs\Registration.exe /title=“CorelDRAW Graphics Suite 12” /date=031706 serial=DR12WEF-7276283-MMV lang=PL O4 - HKLM…\Run: [anti_troj] C:\windows\system32\anti_troj.exe O4 - HKLM…\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKCU…\Run: [german.exe] C:\windows\system32\wintems.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll O9 - Extra ‘Tools’ menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: http://www.mks.com.pl O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Gutek
(Gutek)
4 Marzec 2006 12:33
#16
coś nie tak zrobiłeś?- był restrat po tym jak ostania linijkę zapakowałeś? Jkais bład wyskoczył coś wiecej mogłes napisać? daj log z Sielnta - http://forum.dobreprogramy.pl/viewtopic.php?t=36654
skanujac programem symantec anivirus znajduje jeszcze plik NDNuninstall6_38.exe tyle ze nic z tym nie robi… czy to tez moze byc jakis problem???
Złączono Posta : 04.03.2006 (Sob) 13:47
skanujac programem symantec anivirus znajduje jeszcze w katalogu WINDOWS plik NDNuninstall6_38.exe tyle ze nic z tym nie robi… czy to tez moze byc jakis problem???
Złączono Posta : 04.03.2006 (Sob) 13:55
wkleilem najpierw sciezke pierwszego pliku i skasowalem a potem drugiego… ale nikt mnie nie prosil o restart… sam to zrobilem
Gutek
(Gutek)
4 Marzec 2006 12:58
#18
Zaznaczasz co mówię? -
Dorzuć C:\WINDOWS\NDNuninstall6_38.exe do programu
log z silenta :
“Silent Runners.vbs”, revision 43, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “german.exe” = “C:\windows\system32\wintems.exe” [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “ATIPTA” = “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [“ATI Technologies, Inc.”] “HPDJ Taskbar Utility” = “C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe” [“HP”] “HP Component Manager” = ““C:\Program Files\HP\hpcoretech\hpcmpmgr.exe”” [“Hewlett-Packard Company”] “HP Software Update” = ““C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe”” [“Hewlett-Packard Company”] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “SunJavaUpdateSched” = “C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe” [“Sun Microsystems, Inc.”] “PCSuiteTrayApplication” = “C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray” [“Nokia”] “ISUSPM Startup” = “C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup” [“InstallShield Software Corporation”] “ISUSScheduler” = ““C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start” [“InstallShield Software Corporation”] “CorelDRAW Graphics Suite 11b” = “D:\Corel 12\Languages\PL\Programs\Registration.exe /title=“CorelDRAW Graphics Suite 12” /date=031706 serial=DR12WEF-7276283-MMV lang=PL” [“Corel Corporation”] “anti_troj” = “C:\windows\system32\anti_troj.exe” [file not found] “vptray” = “C:\PROGRA~1\SYMANT~1\VPTray.exe” [“Symantec Corporation”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = “AcroIEHlprObj Class” [from CLSID] -> {CLSID}\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx” [empty string] {AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = “Google Toolbar Helper” [from CLSID] -> {CLSID}\InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {CLSID}\InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL” [MS] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{21569614-B795-46b1-85F4-E737A8DC09AD}” = “Shell Search Band” -> {CLSID}\InProcServer32(Default) = “C:\windows\system32\browseui.dll” [MS] “{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}” = “PhoneBrowser” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll” [“Nokia”] “{C0C4375A-5B72-4efe-929D-3B848C3A1E91}” = “Message View” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\Nokia\Nokia PC Suite 6\MessageView.dll” [“Nokia”] “{640167b4-59b0-47a6-b335-a6b3c0695aea}” = “Portable Media Devices” -> {CLSID}\InProcServer32(Default) = “C:\windows\system32\Audiodev.dll” [MS] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {CLSID}\InProcServer32(Default) = “C:\windows\system32\Audiodev.dll” [MS] “{BDA77241-42F6-11d0-85E2-00AA001FE28C}” = “LDVP Shell Extensions” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll” [“Symantec Corporation”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] INFECTION WARNING! NavLogon\DLLName = “C:\WINDOWS\system32\NavLogon.dll” [“Symantec Corporation”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ LDVPMenu(Default) = “{BDA77241-42F6-11d0-85E2-00AA001FE28C}” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll” [“Symantec Corporation”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ LDVPMenu(Default) = “{BDA77241-42F6-11d0-85E2-00AA001FE28C}” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll” [“Symantec Corporation”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = “&Google” [from CLSID] -> {CLSID}\InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = “&Google” [from CLSID] -> {CLSID}\InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {04849C74-016E-4A43-8AA5-1F01DE57F4A1}\ “ButtonText” = “Trace” “MenuText” = “VisualRoute Trace” “CLSIDExtension” = “{8C85E2EE-9FD6-11D5-B770-504D54C10000}” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\VisualRoute\vrie.dll” [“VisualWare”] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll” [“Sun Microsystems, Inc.”] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Symantec AntiVirus, Symantec AntiVirus, ““C:\Program Files\Symantec AntiVirus\Rtvscan.exe”” [“Symantec Corporation”] Symantec Event Manager, ccEvtMgr, ““C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe”” [“Symantec Corporation”] Symantec Settings Manager, ccSetMgr, ““C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe”” [“Symantec Corporation”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzlnt10\Driver = “hpzlnt10.dll” [“HP”] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer “No” at the first message box. ---------- (total run time: 26 seconds, including 5 seconds for message boxes)
Złączono Posta : 04.03.2006 (Sob) 14:00
robie wszystko zgodnie z twoimi instrukcjami
Gutek
(Gutek)
4 Marzec 2006 13:06
#20
Otwórz notatnik i wklej:
Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG Przejście do trybu awaryjnego Windows i uruchomienie pliku FIX.REG .