Trebron
(Trebron)
15 Maj 2006 05:17
#1
Witam. Mam taki problem. Pidczas korzystania z klienta FTP CuteFTP 6.1 oragdy dochodzi dio jakiegoś błędu połączenie, następuje nagły restart kompa. Taka sama sytuacja zaszła raz przy używaniu GG. Po ponownym włączeniu pokazuje się okno błędu systemu:
Gdy dam właściwości błędu, pokazuje się takie okno
Co mam zrobić, by nie dochodzilo do tych restartów ?? Proszę o pomoc.
Log HiJackThis Logfile of HijackThis v1.99.1 Scan saved at 07:12:59, on 2006-05-15 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5346.0005) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\NetLimiter 2 Pro\nlsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AVENGINE.EXE C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe C:\WINDOWS\System32\wdfmgr.exe C:\Program Files\NetLimiter 2 Pro\NLClient.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE C:\Program Files\DAP\DAP.EXE C:\Program Files\Webroot\Accelerate\accelerate.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\SRVLOAD.EXE C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\WebProxy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Documents and Settings\Trebronus\Pulpit\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245clcid={SUB_CLCID} R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.pspolska.pl/download/aktualizacje/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 125.243.145.2:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM…\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe O4 - HKLM…\Run: [APVXDWIN] “C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE” /s O4 - HKLM…\Run: [sCANINICIO] “C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe” O4 - HKLM…\Run: [DownloadAccelerator] “C:\Program Files\DAP\DAP.EXE” /STARTUP O4 - HKLM…\Run: [Accelerate] C:\Program Files\Webroot\Accelerate\accelerate.exe /S O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O8 - Extra context menu item: Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: Download with DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: Eksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Konwertuj do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Konwertuj do istniejącego pliku PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Konwertuj miejsce docelowe łącza do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Konwertuj miejsce docelowe łącza do istniejącego pliku PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Konwertuj wybrane łącza do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Konwertuj wybrane łącza do istniejącego pliku PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Konwertuj zaznaczenie do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Konwertuj zaznaczenie do istniejącego pliku PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O11 - Options group: [iNTERNATIONAL] International* O17 - HKLM\System\CCS\Services\Tcpip…{45FE323D-20A3-478D-AF03-CEEFCAAC73DE}: NameServer = 194.204.159.1,194.204.152.34 O17 - HKLM\System\CS1\Services\Tcpip…{45FE323D-20A3-478D-AF03-CEEFCAAC73DE}: NameServer = 194.204.159.1,194.204.152.34 O17 - HKLM\System\CS2\Services\Tcpip…{45FE323D-20A3-478D-AF03-CEEFCAAC73DE}: NameServer = 194.204.159.1,194.204.152.34 O17 - HKLM\System\CS3\Services\Tcpip…{45FE323D-20A3-478D-AF03-CEEFCAAC73DE}: NameServer = 194.204.159.1,194.204.152.34 O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll O20 - Winlogon Notify: winmrj32 - winmrj32.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe O23 - Service: Panda Antispam Engine (pmshellsrv) - PANDA SOFTWARE - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
Gutek
(Gutek)
15 Maj 2006 06:12
#2
usuń hijackiem wpisy
Czyszczenie rejestru:
RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177 albo
jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509
Otwórz Notatnik i wklej w nim to:
Plik >>> Zapisz jako >>> Ustaw rozszerzenie z TXT na Wszystkie pliki >>> zapisz pod nazwą FIX.REG >>> kliknij podwójnie zrobiony plik i potwierdź >>> reset kompa
Daj log z Silenta http://forum.dobreprogramy.pl/viewtopic.php?t=36654
Trebron
(Trebron)
15 Maj 2006 10:33
#3
Usunęłem wpisy i czyściłem, jak napisał Gutek. Niestety problem nie ustaje. Nie jest to raczej wina programu, ponieważ problem nie występuje w trybie awaryjny. Tam jest wszystko OK. Gdy łącze się z serwerem ,na którym jest bład 421 w trybie awaryjnym nic sie nie dzieje a w zwykłym restart
Log
“Silent Runners.vbs”, revision 45, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “WheelMouse” = “C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe” [“A4Tech Co.,Ltd.”] “APVXDWIN” = ““C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE” /s” [“Panda Software International”] “SCANINICIO” = ““C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe”” [“Panda Software International”] “DownloadAccelerator” = ““C:\Program Files\DAP\DAP.EXE” /STARTUP” [“Speedbit Ltd.”] “Accelerate” = “C:\Program Files\Webroot\Accelerate\accelerate.exe /S” [“Webroot Software, Inc.”] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit” [MS] “NWEReboot” = (empty string) “NeroFilterCheck” = “C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [“Nero AG”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {AE7CD045-E861-484f-8273-0445EE161910}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEToolbarHelper Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll” [“Adobe Systems Incorporated”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{30D02401-6A81-11d0-8274-00C04FD5AE38}” = “IE Search Band” -> {HKLM…CLSID} = “IE Search Band” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}” = “Shell DocObject Viewer” -> {HKLM…CLSID} = “Shell DocObject Viewer” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{FBF23B40-E3F0-101B-8488-00AA003E56F8}” = “InternetShortcut” -> {HKLM…CLSID} = “Internet Shortcut” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{3C374A40-BAE4-11CF-BF7D-00AA006946EE}” = “Microsoft Url History Service” -> {HKLM…CLSID} = “Microsoft Url History Service” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{FF393560-C2A7-11CF-BFF4-444553540000}” = “History” -> {HKLM…CLSID} = “History” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{7BD29E00-76C1-11CF-9DD0-00A0C9034933}” = “Temporary Internet Files” -> {HKLM…CLSID} = “Temporary Internet Files” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{7BD29E01-76C1-11CF-9DD0-00A0C9034933}” = “Temporary Internet Files” -> {HKLM…CLSID} = “Temporary Internet Files” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{CFBFAE00-17A6-11D0-99CB-00C04FD64497}” = “Microsoft Url Search Hook” -> {HKLM…CLSID} = “Microsoft Url Search Hook” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}” = “The Internet” -> {HKLM…CLSID} = “The Internet” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{871C5380-42A0-1069-A2EA-08002B30309D}” = “Internet Name Space” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{65756541-C65C-11CD-0000-4B656E696100}” = “Panda Antivirus” -> {HKLM…CLSID} = “Panda Antivirus” \InProcServer32(Default) = “C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVOLE.DLL” [“Panda Software”] “{640167b4-59b0-47a6-b335-a6b3c0695aea}” = “Portable Media Devices” -> {HKLM…CLSID} = “Portable Media Devices” \InProcServer32(Default) = “C:\WINDOWS\System32\Audiodev.dll” [MS] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\System32\Audiodev.dll” [MS] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] “{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}” = “Adobe.Acrobat.ContextMenu” -> {HKLM…CLSID} = “Acrobat Elements Context Menu” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll” [“Adobe Systems Inc.”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{B327765E-D724-4347-8B16-78AE18552FC3}” = “NeroDigitalIconHandler” -> {HKLM…CLSID} = “NeroDigitalIconHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] “{7F1CF152-04F8-453A-B34C-E609530A9DC8}” = “NeroDigitalPropSheetHandler” -> {HKLM…CLSID} = “NeroDigitalPropSheetHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] “{43886CD5-6529-41c4-A707-7B3C92C05E68}” = “IE Navigation Bar” -> {HKLM…CLSID} = “IE Navigation Bar” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{3028902F-6374-48b2-8DC6-9725E775B926}” = “IE AutoComplete” -> {HKLM…CLSID} = “IE AutoComplete” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{4B78D326-D922-44f9-AF2A-07805C2A3560}” = “IE Menu Band” -> {HKLM…CLSID} = “IE Menu Band” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{6CF48EF8-44CD-45d2-8832-A16EA016311B}” = “IE IShellFolderBand” -> {HKLM…CLSID} = “IE IShellFolderBand” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{F2CF5485-4E02-4f68-819C-B92DE9277049}” = “&Links” -> {HKLM…CLSID} = “&Links” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{1C1EDB47-CE22-4bbb-B608-77B48F83C823}” = “IE Fade Task” -> {HKLM…CLSID} = “IE Fade Task” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}” = “IE Tracking Shell Menu” -> {HKLM…CLSID} = “IE Tracking Shell Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{44C76ECD-F7FA-411c-9929-1B77BA77F524}” = “IE Menu Site” -> {HKLM…CLSID} = “IE Menu Site” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{07C45BB1-4A8C-4642-A1F5-237E7215FF66}” = “IE Microsoft BrowserBand” -> {HKLM…CLSID} = “IE Microsoft BrowserBand” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{0D6D4F41-2994-4ba0-8FEF-620E43CD2812}” = “IE Microsoft Internet Toolbar” -> {HKLM…CLSID} = “IE Microsoft Internet Toolbar” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{205D7A97-F16D-4691-86EF-F3075DCCA57D}” = “IE Menu Desk Bar” -> {HKLM…CLSID} = “IE Menu Desk Bar” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{482A7CB3-2EDF-4595-A315-A5244F1E96E6}” = “IE Search Control” -> {HKLM…CLSID} = “IE Search Control” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{6038EF75-ABFC-4e59-AB6F-12D397F6568D}” = “IE Microsoft History AutoComplete List” -> {HKLM…CLSID} = “IE Microsoft History AutoComplete List” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{6D8BB3D3-9D87-4a91-AB56-4F30CFFEFE9F}” = “Explorer Search Band” -> {HKLM…CLSID} = “Explorer Search Band” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{73CFD649-CD48-4fd8-A272-2070EA56526B}” = “IE BandProxy” -> {HKLM…CLSID} = “IE BandProxy” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{7E48925F-FF5C-47fa-A99A-F5912A10623B}” = “IE Address EditBox” -> {HKLM…CLSID} = “IE Address EditBox” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}” = “IE MRU AutoComplete List” -> {HKLM…CLSID} = “IE MRU AutoComplete List” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}” = “IE Microsoft Shell Folder AutoComplete List” -> {HKLM…CLSID} = “IE Microsoft Shell Folder AutoComplete List” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{B31C5FAE-961F-415b-BAF0-E697A5178B94}” = “IE Microsoft Multiple AutoComplete List Container” -> {HKLM…CLSID} = “IE Microsoft Multiple AutoComplete List Container” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}” = “Microsoft Browser Architecture” -> {HKLM…CLSID} = “Microsoft Browser Architecture” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}” = “IE Shell Rebar BandSite” -> {HKLM…CLSID} = “IE Shell Rebar BandSite” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{C4EC38BD-4E9E-4b5e-935A-D1BFF237D980}” = “Explorer Travel Band” -> {HKLM…CLSID} = “Explorer Travel Band” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{DE011590-0531-4804-9C9C-3FEDC7E6E5C8}” = “IE &Address” -> {HKLM…CLSID} = “IE &Address” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{E6EE9AAC-F76B-4947-8260-A9F136138E11}” = “IE Shell Band Site Menu” -> {HKLM…CLSID} = “IE Shell Band Site Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{F0353E1D-FEEC-474e-A984-1E5C6865E380}” = “IE Global Folder Settings” -> {HKLM…CLSID} = “IE Global Folder Settings” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}” = “IE Registry Tree Options Utility” -> {HKLM…CLSID} = “IE Registry Tree Options Utility” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}” = “IE User Assist” -> {HKLM…CLSID} = “IE User Assist” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}” = “IE Custom MRU AutoCompleted List” -> {HKLM…CLSID} = “IE Custom MRU AutoCompleted List” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\ INFECTION WARNING! “{553858A7-4922-4e7e-B1C1-97140C1C16EF}” = “IE Component Categories cache daemon” -> {HKLM…CLSID} = “IE Component Categories cache daemon” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] HKLM\System\CurrentControlSet\Control\Session Manager\ INFECTION WARNING! “BootExecute” = “autocheck autochk *” [file not found], [MS], [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! avldr\DLLName = “avldr.dll” [“Panda Software”] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}(Default) = “NeroDigitalExt.NeroDigitalColumnHandler” -> {HKLM…CLSID} = “NeroDigitalColumnHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ Adobe.Acrobat.ContextMenu(Default) = “{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}” -> {HKLM…CLSID} = “Acrobat Elements Context Menu” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll” [“Adobe Systems Inc.”] DAP_Menu(Default) = “{BED4C38B-F765-45AC-8C56-613F76BBF43E}” -> {HKLM…CLSID} = “DAPMenuShellExt Class” \InProcServer32(Default) = “C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL” [“Speedbit Ltd.”] Panda Antivirus(Default) = “{65756541-C65C-11CD-0000-4B656E696100}” -> {HKLM…CLSID} = “Panda Antivirus” \InProcServer32(Default) = “C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVOLE.DLL” [“Panda Software”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Panda Antivirus(Default) = “{65756541-C65C-11CD-0000-4B656E696100}” -> {HKLM…CLSID} = “Panda Antivirus” \InProcServer32(Default) = “C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVOLE.DLL” [“Panda Software”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Trebronus\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll ["Panda Software "], 01 - 03, 09 %SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 10 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{47833539-D0C5-4125-9FA8-0819E2EAAC93}” -> {HKLM…CLSID} = “Adobe PDF” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll” [“Adobe Systems Incorporated”] “{F2CF5485-4E02-4F68-819C-B92DE9277049}” -> {HKLM…CLSID} = “&Links” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{47833539-D0C5-4125-9FA8-0819E2EAAC93}” = (no title provided) -> {HKLM…CLSID} = “Adobe PDF” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll” [“Adobe Systems Incorporated”] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {182EC0BE-5110-49C8-A062-BEB1D02A220B}(Default) = (no title provided) -> {HKLM…CLSID} = “Adobe PDF” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll” [“Adobe Systems Incorporated”] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}” -> {HKLM…CLSID} = “Java Plug-in 1.5.0_04” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll” [“Sun Microsystems, Inc.”] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to “Reset Web Settings”) Added lines (compared with English-language version): [strings]: START_PAGE_URL=“http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ” [strings]: MS_START_PAGE_URL=“http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ” Missing lines (compared with English-language version): [strings]: 2 lines HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ HIJACK WARNING! “NavigationFailure” = “res://ieframe.dll/navcancl.htm” [MS] HIJACK WARNING! “DesktopItemNavigationFailure” = “res://ieframe.dll/navcancl.htm” [MS] HIJACK WARNING! “NavigationCanceled” = “res://ieframe.dll/navcancl.htm” [MS] HIJACK WARNING! “OfflineInformation” = “res://ieframe.dll/offcancl.htm” [MS] HIJACK WARNING! “PostNotCached” = “res://ieframe.dll/repost.htm” [MS] HIJACK WARNING! “NoAdd-ons” = “res://ieframe.dll/noaddon.htm” [MS] HIJACK WARNING! “NoAdd-onsInfo” = “res://ieframe.dll/noaddoninfo.htm” [MS] HIJACK WARNING! “SecurityRisk” = “res://ieframe.dll/securityatrisk.htm” [MS] HIJACK WARNING! “Tabs” = “res://ieframe.dll/tabswelcome.htm” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS] NetLimiter, nlsvc, ““C:\Program Files\NetLimiter 2 Pro\nlsvc.exe”” [“Locktime Software”] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\System32\nvsvc32.exe” [“NVIDIA Corporation”] Panda anti-virus service, PAVSRV, ““C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe”” [“Panda Software”] Panda Antispam Engine, pmshellsrv, “C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe” [“PANDA SOFTWARE”] Panda Function Service, PAVFNSVR, ““C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe”” [“Panda Software”] Panda IManager Service, PSIMSVC, ““C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe”” [“Panda Software Internacional”] Panda Network Manager, PNMSRV, ““c:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE”” [“Panda Software”] Panda Process Protection Service, PavPrSrv, ““C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe”” [“Panda Software”] Panda TPSrv, TPSrv, ““C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe”” [“Panda Software”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\System32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Adobe PDF Port\Driver = “C:\WINDOWS\System32\AdobePDF.dll” [“Adobe Systems Incorporated.”] Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer “No” at the first message box. ---------- (total run time: 58 seconds, including 12 seconds for message boxes)
Gutek
(Gutek)
15 Maj 2006 12:45
#4
kosmetycznie - Proszę otworzyć edytor rejestru Start >>> Uruchom >>> regedit i przejść do klucza HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager Tam kliknąć podwójnie na wartość BootExecute i z okienka usunąć wszystko z wyjątkiem autocheck autochk *.
Nic nie widzę, zobacz Start>>>Uruchom>>>eventvwr i co wyskakuje najcześciej?