13jola
4 Grudzień 2006 21:42
#1
2 tygodnie temu pojawił się problem. Przy starcie "przepraszamy, zostanie wyłączona aplikacja simpler.exe, kilka razy w ciągu pracy, szczególnie po uruchomieniu wyskakują informacje (system ochrony Kaspersky) Trojan.Win32.Tiny.dl, Trojan.Win32.Dlena.an. Walczyłam, ale jestem w tym kiepska i nie radzę sobie (stosowałam Terminatora od Was).
Pobrałam program i staram się dobrze wkleić hijackthis.log. PROSZĘ o pomoc.
Logfile of HijackThis v1.99.1
Scan saved at 22:22:53, on 2006-12-04
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\DOCUME~1\Jola\USTAWI~1\Temp\Rar$EX00.516\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: AH IE BHO - {10384d0e-2bc1-48b6-844b-ad0e9e6d2511} - C:\Program Files\ZoomText 8.1\AHOI\ah_ie_bho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DeviceDiscovery] "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [OM_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Uninstall.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{664F370C-1220-4D01-94D8-4D0F5B2074A5}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCAFF892-9568-4E4B-95FA-30E129AF97CC}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC26F1CC-33B6-46FE-9378-A9D3C88F9CA3}: NameServer = 192.168.1.1
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
Jola na początku “" a na końcu "”. Miedzy nimi log z HJ. Masz napewno śmieci ale to ci pomogą fachowcy. Zapewne tu siedzi:
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll (file missing)
O4 - Global Startup: Uninstall.exe
ale moge się mylić i pewnie w innych miejscach. Dorzuć tez log z Silenta.
13jola
4 Grudzień 2006 22:10
#3
Przepraszam. Jeszcze raz:
Logfile of HijackThis v1.99.1
Scan saved at 22:22:53, on 2006-12-04
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\DOCUME~1\Jola\USTAWI~1\Temp\Rar$EX00.516\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: AH IE BHO - {10384d0e-2bc1-48b6-844b-ad0e9e6d2511} - C:\Program Files\ZoomText 8.1\AHOI\ah_ie_bho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DeviceDiscovery] "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [OM_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Uninstall.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{664F370C-1220-4D01-94D8-4D0F5B2074A5}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCAFF892-9568-4E4B-95FA-30E129AF97CC}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC26F1CC-33B6-46FE-9378-A9D3C88F9CA3}: NameServer = 192.168.1.1
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
Możesz użyc przycisku “zmień” po prawej i to poprawić
Złączono Posta : 04.12.2006 (Pon) 23:13
Czekając na pomoc kogoś bardziej rozgarniętego niz ja poczytaj: http://forum.dobreprogramy.pl/viewtopic.php?t=36654
bo ci się przyda.
Joan
4 Grudzień 2006 22:32
#5
Wyłączasz przywracanie systemu (Panel sterowania -> System -> Przywracanie systemu -> zaznaczasz „Wyłącz przywracanie systemu” ).
W HJT odpalonym z trybie awaryjnym zaznaczasz wpisy i klikasz na dole “Fix checked” , to co na czerwono usuwasz ręcznie z dysku:
Po zabiegach nowe logi z HiJacka oraz Silent Runners No i czekasz aż skończy pracować w tle).
Jak poczytałas to dorzuć log z Silenta w “opcji” NO (lub NIE) i czekając aż skończy i poinformuje o tym (może to trwać około 1 minuty lub dłużej)
13jola
4 Grudzień 2006 23:04
#7
Po wykonaniu
hijacthis.log:
Logfile of HijackThis v1.99.1
Scan saved at 23:57:31, on 2006-12-04
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Jola\USTAWI~1\Temp\Rar$EX01.312\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: AH IE BHO - {10384d0e-2bc1-48b6-844b-ad0e9e6d2511} - C:\Program Files\ZoomText 8.1\AHOI\ah_ie_bho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DeviceDiscovery] "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [OM_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O17 - HKLM\System\CCS\Services\Tcpip\..\{664F370C-1220-4D01-94D8-4D0F5B2074A5}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCAFF892-9568-4E4B-95FA-30E129AF97CC}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC26F1CC-33B6-46FE-9378-A9D3C88F9CA3}: NameServer = 192.168.1.1
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
Trochę gorzej mi idzie z Silent Run. Zaczął już kilka minut temu i narazie nic…
Silent może i kilka minut chodzić. Ale widze że dwa wpisy zostały:
Napewno je usuwałaś??
13jola
4 Grudzień 2006 23:12
#9
Tylko to, co na czerwono. Trzymałam się instrukcji
Joan
4 Grudzień 2006 23:28
#10
Hmm dziwne nie było syfu a jest… no ale działamy
Ściągasz GMERA
W zakładke CMD -> CMD wklej:
Klikasz Uruchom
W HJT zaznaczasz wpisy i klikasz na dole “Fix checked” :
Dajesz nowe logi, koniecznie też z SilentRunners.
13jola
4 Grudzień 2006 23:32
#11
Przed chwilą znowu ostrzeżenie (Kaspersky) T.Win321.Dlena.an. Wklejam z silenta…
"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
"OM_Monitor" = "C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" ["OLYMPUS IMAGING CORP."]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ATIPTA" = ""C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."]
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"DeviceDiscovery" = ""C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"" ["Hewlett-Packard"]
"InCD" = ""C:\Program Files\Ahead\InCD\InCD.exe"" ["Copyright (C) ahead software gmbh and its licensors"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"HP Software Update" = ""C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"" [null data]
"HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" ["HP"]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"OM_Monitor" = ""C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe"" ["OLYMPUS IMAGING CORP."]
"KAVPersonal50" = ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize" ["Kaspersky Lab"]
"SpywareTerminator" = ""C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"" ["Crawler.com"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{10384d0e-2bc1-48b6-844b-ad0e9e6d2511}\(Default) = "AH IE BHO"
-> {HKLM...CLSID} = "AhIeBho Class"
\InProcServer32\(Default) = "C:\Program Files\ZoomText 8.1\AHOI\ah_ie_bho.dll" ["Ai Squared "]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{F2185E5D-720E-4956-90D9-75F6AC141575}" = "Idea2 SidebarIconHandler Class"
-> {HKLM...CLSID} = "SidebarIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Desktop Sidebar\sbhelp.dll" [file not found]
"{A155339D-CCCD-4714-85EB-3754B804C9DF}" = "a-squared Free Context Menu Shell Extension"
-> {HKLM...CLSID} = "a-squared Free Context Menu"
\InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"]
HKLM\System\CurrentControlSet\Control\Session Manager\
<> "BootExecute" = "autocheck autochk *"|"SsiEfr.exe" [file not found]|"SsiEfr.exe" [file not found]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
<> rpcc\DLLName = "C:\WINDOWS\System32\rpcc.dll" [null data]
<> WRNotifier\DLLName = "WRLogonNTF.dll" [file not found]
HKLM\Software\Classes\PROTOCOLS\Filter\
<> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
IGXMADD\(Default) = "{6DB8751F-2BBF-11d2-A39B-00C04FB96AD2}"
-> {HKLM...CLSID} = "Micrografx Share Media File Import Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Corel\CorelDRAW ESSENTIALS 2\Photobook\Share\Media\igxMadd.dll" ["Micrografx, Inc."]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll" ["Kaspersky Lab"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
a2FreeContMenu\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"
-> {HKLM...CLSID} = "a-squared Free Context Menu"
\InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll" ["Kaspersky Lab"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
a2FreeContMenu\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"
-> {HKLM...CLSID} = "a-squared Free Context Menu"
\InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"]
Default executables:
--------------------
HKLM\Software\Classes\.scr\(Default) = "Icad.load.scr"
<> HKLM\Software\Classes\Icad.load.scr\shell\open\command\(Default) = "Notepad.exe '%1'" [MS]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "None"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Jola\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
squeet
4 Grudzień 2006 23:51
#12
13jola ustalmy jedną rzecz.
Najpierw przeczytaj, o co proszą osoby sprawdzające logi.
Silent jest ucięty - poczekaj na komunikat.
13jola
4 Grudzień 2006 23:52
#13
Zrobiłam :
Logfile of HijackThis v1.99.1
Scan saved at 00:49:31, on 2006-12-05
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Jola\USTAWI~1\Temp\Rar$EX15.938\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
O2 - BHO: AH IE BHO - {10384d0e-2bc1-48b6-844b-ad0e9e6d2511} - C:\Program Files\ZoomText 8.1\AHOI\ah_ie_bho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DeviceDiscovery] "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [OM_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O17 - HKLM\System\CCS\Services\Tcpip\..\{664F370C-1220-4D01-94D8-4D0F5B2074A5}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCAFF892-9568-4E4B-95FA-30E129AF97CC}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC26F1CC-33B6-46FE-9378-A9D3C88F9CA3}: NameServer = 192.168.1.1
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
Złączono Posta : 05.12.2006 (Wto) 0:54
Z silentem walczę od pół godziny. Nie wychodzi to najlepiej. Przepraszam za obcięcie. Próbuję jeszcze raz.
Joan
5 Grudzień 2006 00:02
#14
Jeszcze raz, po kolei.
Ściągasz narzędzie KillBox All Files i wklejasz do pola Full Path of File to Delete ścieżkę:
C:\WINDOWS\System32\rpcc.dll
Klikasz X i reset sysa.
Otwórz notatnik i wklej w nim to:
Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rpcc] [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager] “BootExecute”=hex(7):61,00,75,00,74,00,6f,00,63,00,68,00,65,00,63,00,6b,00,20,\ 00,61,00,75,00,74,00,6f,00,63,00,68,00,6b,00,20,00,2a,00,00,00,00,00
Plik -> zapisz jako -> zmień rozszerzenie na wszystkie pliki -> zapisz pod nazwą FIX.REG
Odpal plik FIX.REG i potwierdź dodanie do rejestru i reset kompa
Potem nowe logi z Hijacka i SilentRunners i, tak jak napisał squeet , Silent ma być cały. To może potrwać
13jola
5 Grudzień 2006 00:16
#15
Po naciśnięciu w KillBox pojawia się ostrzeżenie ie Backup & Delete C:\WINDOWS\System32\rpcc.dll TAK/ NIE. Po zatwierdzeniu:This File could not be Deleted… OK
Joan
5 Grudzień 2006 00:20
#16
To jeszcze inaczej.
Pobierz i uruchom narzędzie The Avenger Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz:
Klikasz Done , a następnie zielone światełko i zgadzasz się na restart klikając OK .
Resztę robisz dokładnie tak, jak napisałam wyżej
13jola
5 Grudzień 2006 00:28
#17
Udało mi się doprowadzić do końca. Jestem na etapie wklejenia do notatnika,ale zmień rozszerzenie na wszystkie pliki, odpal???, potwierdź dodanie do rejestru (gdzie go zapisać)
Joan
5 Grudzień 2006 00:32
#18
Zapisujesz gdziekolwiek, to jest nieważne > sugeruję pulpit.
Ma być plik o nazwie fix.reg , czyli w notatniku zmieniasz domyślne rozszerzenie na “wszystkie pliki”, żeby zapisać z rozszerzeniem “.reg”. Potem utworzony plik uruchamiasz, system pyta, czy dodać do rejestru, zgadzasz się.
Potem wklejasz tu nowe logi.
13jola
5 Grudzień 2006 00:37
#19
Jest odpowiedź: Nie można zaimportować C:\ DOCUME~~1\Pulpit\FIX.REG: Określony plik nie jest skryptem rejestru. Można importować tylko binarne pliki rejestru z wewnątrz Edfytora tekstu
Złączono Posta : 05.12.2006 (Wto) 1:41
Już, po drugiej próbie (powtórzyłam całą procedurę) wszedł. Resetuję komputer.
Złączono Posta : 05.12.2006 (Wto) 1:59
Wklejam logi po restarcie:
Logfile of HijackThis v1.99.1
Scan saved at 02:12:51, on 2006-12-05
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\Jola\USTAWI~1\Temp\Rar$EX12.844\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
O2 - BHO: AH IE BHO - {10384d0e-2bc1-48b6-844b-ad0e9e6d2511} - C:\Program Files\ZoomText 8.1\AHOI\ah_ie_bho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DeviceDiscovery] "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [OM_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O17 - HKLM\System\CCS\Services\Tcpip\..\{664F370C-1220-4D01-94D8-4D0F5B2074A5}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCAFF892-9568-4E4B-95FA-30E129AF97CC}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC26F1CC-33B6-46FE-9378-A9D3C88F9CA3}: NameServer = 192.168.1.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
i następny:
"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
"OM_Monitor" = "C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" ["OLYMPUS IMAGING CORP."]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ATIPTA" = ""C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."]
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"DeviceDiscovery" = ""C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"" ["Hewlett-Packard"]
"InCD" = ""C:\Program Files\Ahead\InCD\InCD.exe"" ["Copyright (C) ahead software gmbh and its licensors"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"HP Software Update" = ""C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"" [null data]
"HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" ["HP"]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"OM_Monitor" = ""C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe"" ["OLYMPUS IMAGING CORP."]
"KAVPersonal50" = ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize" ["Kaspersky Lab"]
"SpywareTerminator" = ""C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"" ["Crawler.com"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{10384d0e-2bc1-48b6-844b-ad0e9e6d2511}\(Default) = "AH IE BHO"
-> {HKLM...CLSID} = "AhIeBho Class"
\InProcServer32\(Default) = "C:\Program Files\ZoomText 8.1\AHOI\ah_ie_bho.dll" ["Ai Squared "]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
Czy dobrze???
Gutek
5 Grudzień 2006 01:12
#20
usuń wpis HJT
Silent niepełny:
W notatniku wklej:
Plik >>> Zapisz jako >>> Ustaw rozszerzenie z TXT na Wszystkie pliki >>> zapisz pod nazwą FIX.REG >>> kliknij podwójnie zrobiony plik i potwierdź >>> reset kompa
Po wszystkim nowe logi
