Po zaistalowaniu servise pack nie mam neta


(Areecki 18) #1

Otóż zaistalowałem servise pack 1 & 2 i po restarcie nie miałem neta tnz byłem połączony ale na avascie najpierw syskoczyło że ktoś mnie atakuje z jakiegoś IP i odparłem atak i nie mam neta nie moge chodzic po stronkach nie wiem jak to wyłaczyc w avascie...teraz odistalowałem avasta i wyłączyłem wszytskie zapory i aktualizacjie w windowsie i jak narazie net jest...Zawsze przed przerwaniem połączenia zmienia mi sie skórka w windowsie na chwile...

Prosze o pomoc! !!


(Gutek) #2

Pytanie jak włączysz zaporę Windowsa masz neta? Daj log z HJT + Silenta - http://forum.dobreprogramy.pl/viewtopic.php?t=36654


(Areecki 18) #3

Teraz odistalowałem avasta i servise pack 2 ...

Za to wyskoczył mi piękny błąd przed chwilą ( po odinstalowaniu servise packa ) :

http://www.fotosik.pl/pokaz_obrazek/172 ... 13d78.html

Co do pytania...

-Jak włącze zapore i mam uruchomionego avasta - nie mam neta

-Wyłącze avasta z włączoną zaporą - nie mam neta

  • Wyłącze to i to - nie mam neta bo blokuje chyba to coś z servise packa

Dopiero jak odinstalowałem servise packa i avasta net mi działa...

Dodam jeszcze że istalowałem servise pack 1 & 2 ( instalacja poszła ok ) no i wczesniej miałem avasta i neta wiec chyba coś jest nie tak z tym servise packiem albo ustawieniami w tych jego zaporach ...

Za chwile dam logi i prosze jeszcze o jakiś pewny servise pack 2 to zaistaluje i zobaczymy co się bedzie działo...Bo servise pack mi jest potrzebny do gry no i avast tez musi byc na kompie wiec problem rozwiązac trzeba koniecznie...

no dobra zabieram sie za logi może one coś wykażą...

O i teraz net znowu zamula i wyskoczył błąd o jakimś module! !!

Czuje że zbliża sie format! !!

Złączono Posta : 21.09.2007 (Pią) 1:17

Logfile of HijackThis v1.99.1

Scan saved at 01:15:47, on 2007-09-21

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\System32\Ati2evxx.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\system32\spoolsv.exe

C:\windows\system32\dllcache\services.exe

C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE

C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe

C:\windows\system\NOTEPAD.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\windows\System32\svchost.exe

C:\windows\system32\Ati2evxx.exe

C:\windows\Explorer.EXE

C:\windows\System32\RunDll32.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\PROGRA~1\NEOSTR~1\CnxMon.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Program Files\Neostrada TP\taskbaricon.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\MSN Apps\Updater\01.02.3000.1001\pl-pl\msnappau.exe

C:\Program Files\Winamp\winampa.exe

C:\windows\System32\mssmpp.exe

C:\windows\System32\ctfmon.exe

C:\Program Files\NetMeter\NetMeter.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\windows\System32\WScript.exe

C:\Program Files\Neostrada TP\NeostradaTP.exe

C:\Program Files\Neostrada TP\ComComp.exe

C:\Program Files\Neostrada TP\Watch.exe

C:\Program Files\Opera\Opera.exe

D:\akcesoria\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: (no name) - {733E9132-53CA-4C97-9AC9-145C4502FA20} - C:\windows\System32\gebxwvs.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\pl-pl\msntb.dll

O2 - BHO: (no name) - {f686506f-c42c-4f70-9141-f173810a166a} - C:\windows\system32\dcom857.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\pl-pl\msntb.dll

O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\system32\msdxm.ocx

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Neostrada TP\taskbaricon.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup

O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\pl-pl\msnappau.exe"

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Winamp Agent] C:\windows\System32\winamp.exe

O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\windows\System32\xhqvfdfu.exe

O4 - HKLM\..\Run: [Microsft Security Monitor Process] mssmpp.exe

O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] mssmpp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\System32\ctfmon.exe

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [C] C:\Program Files\NetMeter\NetMeter.exe

O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{A1057B05-7E53-4DA8-9EE8-289D77231E20}: NameServer = 194.204.159.1 217.98.63.164

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: dcom857 - C:\windows\SYSTEM32\dcom857.dll

O20 - Winlogon Notify: gebxwvs - C:\windows\SYSTEM32\gebxwvs.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Mims service (Mimserv) - Unknown owner - C:\windows\system32\dllcache\services.exe

O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE

O23 - Service: NOTEPAD - Unknown owner - C:\windows\system\NOTEPAD.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)

Złączono Posta : 21.09.2007 (Pią) 2:11

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\windows\System32\ctfmon.exe" [MS]

"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]

"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" [file not found]

"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]

"C:\Program Files\NetMeter\NetMeter.exe" = "C:\Program Files\NetMeter\NetMeter.exe" [null data]


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]

"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]

"ATICCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime" [null data]

"WooCnxMon" = "C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [empty string]

"SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]

"WOOWATCH" = "C:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom RD"]

"WOOTASKBARICON" = "C:\Program Files\Neostrada TP\taskbaricon.exe" ["France Télécom RD"]

"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"Resume copy" = "copyfstq.exe /startup" [null data]

"msnappau" = ""C:\Program Files\MSN Apps\Updater\01.02.3000.1001\pl-pl\msnappau.exe"" [MS]

"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]

"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

"Winamp Agent" = "C:\windows\System32\winamp.exe" [file not found]

"Advanced DHTML Enable" = "C:\windows\System32\xhqvfdfu.exe" [file not found]

"Microsft Security Monitor Process" = "mssmpp.exe" [null data]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)

  - {HKLM...CLSID} = "Yahoo! Toolbar Helper"

                   \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

{733E9132-53CA-4C97-9AC9-145C4502FA20}\(Default) = (no title provided)

  - {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\windows\System32\gebxwvs.dll" [null data]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  - {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]

{8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489}\(Default) = (no title provided)

  - {HKLM...CLSID} = "Alcohol Toolbar Helper"

                   \InProcServer32\(Default) = "C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll" [null data]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)

  - {HKLM...CLSID} = "Windows Live Sign-in Helper"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

{9394EDE7-C8B5-483E-8773-474BF36AF6E4}\(Default) = (no title provided)

  - {HKLM...CLSID} = "ST"

                   \InProcServer32\(Default) = "C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll" [MS]

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided)

  - {HKLM...CLSID} = "MSNToolBandBHO"

                   \InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\pl-pl\msntb.dll" [MS]

{f686506f-c42c-4f70-9141-f173810a166a}\(Default) = (no title provided)

  - {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\windows\system32\dcom857.dll" [null data]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  - {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  - {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"

  - {HKLM...CLSID} = "SimpleShlExt Class"

                   \InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]

"{A4D78B20-6E05-1069-8758-4E73FD83DEAD}" = "QCopy"

  - {HKLM...CLSID} = "QCopy"

                   \InProcServer32\(Default) = "dropcpyr.dll" [null data]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  - {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"

  - {HKLM...CLSID} = "NeroDigitalIconHandler Class"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"

  - {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}" = "jetAudio"

  - {HKLM...CLSID} = "JetFlExt Class"

                   \InProcServer32\(Default) = "C:\Program Files\JetAudio\JetFlExt.dll" ["COWON America"]

"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"

  - {HKLM...CLSID} = "Moje foldery udostępniania"

                   \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]

"{596AB062-B4D2-4215-9F74-E9109B0A8153}" = "Previous Versions Property Page"

  - {HKLM...CLSID} = "Previous Versions Property Page"

                   \InProcServer32\(Default) = "C:\windows\System32\twext.dll" [file not found]

"{9DB7A13C-F208-4981-8353-73CC61AE2783}" = "Previous Versions"

  - {HKLM...CLSID} = "Previous Versions"

                   \InProcServer32\(Default) = "C:\windows\System32\twext.dll" [file not found]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

 "{733E9132-53CA-4C97-9AC9-145C4502FA20}" = "*U" (unwritable string)

  - {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\windows\System32\gebxwvs.dll" [null data]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

 AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

 dcom857\DLLName = "dcom857.dll" [null data]

 gebxwvs\DLLName = "gebxwvs.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"

  - {HKLM...CLSID} = "NeroDigitalColumnHandler Class"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  - {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

jetAudio\(Default) = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}"

  - {HKLM...CLSID} = "JetFlExt Class"

                   \InProcServer32\(Default) = "C:\Program Files\JetAudio\JetFlExt.dll" ["COWON America"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  - {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

jetAudio\(Default) = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}"

  - {HKLM...CLSID} = "JetFlExt Class"

                   \InProcServer32\(Default) = "C:\Program Files\JetAudio\JetFlExt.dll" ["COWON America"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  - {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------


Note: detected settings may not have any effect.


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}


"SynchronousMachineGroupPolicy" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"SynchronousUserGroupPolicy" = (REG_DWORD) hex:0x00000000

{unrecognized setting}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\Documents and Settings\Areecki\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Areecki\Dane aplikacji\Opera\Opera\profile\skin\109.bmp"



Startup items in "Areecki" "All Users" startup folders:

---------------------------------------------------------


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"ATI CATALYST System Tray" - shortcut to: "C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe SystemTray" [null data]



Enabled Scheduled Tasks:

------------------------


"AppleSoftwareUpdate" - launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Computer, Inc."]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"

  - {HKLM...CLSID} = "Yahoo! Toolbar"

                   \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

"{ED4BD629-C1B6-4399-8A34-02CCAA921DC9}"

  - {HKLM...CLSID} = "Alcohol Toolbar"

                   \InProcServer32\(Default) = "C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll" [null data]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"

  - {HKLM...CLSID} = "MSN"

                   \InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\pl-pl\msntb.dll" [MS]


HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)

  - {HKLM...CLSID} = "Yahoo! Toolbar"

                   \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

"{ED4BD629-C1B6-4399-8A34-02CCAA921DC9}" = "Alcohol Toolbar"

  - {HKLM...CLSID} = "Alcohol Toolbar"

                   \InProcServer32\(Default) = "C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll" [null data]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0"

  - {HKLM...CLSID} = "MSN"

                   \InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\pl-pl\msntb.dll" [MS]


Explorer Bars


HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\


HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\(Default) = "Volet Wanadoo"

Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]


HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\(Default) = "ToolBand Class"

Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]


HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\(Default) = "Volet Wanadoo"

Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}"

  - {HKCU...CLSID} = "Java Plug-in 1.6.0_02"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]

  - {HKLM...CLSID} = "Java Plug-in 1.6.0_02"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll" ["Sun Microsystems, Inc."]



Miscellaneous IE Hijack Points

------------------------------


HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

 "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)

  - {HKLM...CLSID} = "Search Class"

                   \InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string]

 "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "*]" (unwritable string)

  - {HKLM...CLSID} = "Yahoo! Toolbar"

                   \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


Ati HotKey Poller, Ati HotKey Poller, "C:\windows\System32\Ati2evxx.exe" ["ATI Technologies Inc."]

Local Service, Local Service, ""C:\windows\wuauapl.exe"" ["Microsoft® Windows Defender 32Bit Driver"]

Mims service, Mimserv, ""C:\windows\system32\dllcache\services.exe"" [null data]

MWAgent, MWAgent, "C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE" ["MicroWorld Technologies Inc."]

NOTEPAD, NOTEPAD, ""C:\windows\system\NOTEPAD.exe"" [null data]

StarWind iSCSI Service, StarWindService, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]

Usługa Messenger Sharing Folders USN Journal Reader, usnjsvc, "C:\Program Files\MSN Messenger\usnsvc.exe" [MS]



----------

: Suspicious data at a malware launch point.

: Suspicious data at a browser hijack point.


+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points, use the -supp parameter or answer "No" at the

  first message box and "Yes" at the second message box.

---------- (total run time: 1945 seconds, including 5 seconds for message boxes)

Złączono Posta : 21.09.2007 (Pią) 2:18

Drugiego loga robiłem 40 min...

Net mi chodzi jak stary dziadziuś po wojnie...

czekam na propozycjie

Złączono Posta : 21.09.2007 (Pią) 10:44

Pomoże mi ktoś ???:frowning:


(jessica) #4

W sprawie Service Pack ja Ci nic nie pomogę, choć mam całą broszurkę o prawidłowej konfiguracji Service Packa.

Broszurka była dołączona do Service Packa na CD dołączonym do gazety. No ale przecież przez internet nie wyślę Ci tej broszurki.

Tak więc może tu ktoś inny zajmie się Twoim problemem.

Ja tylko spróbuję Ci pomóc usunąć infekcje, które masz.

Te w/w wpisy sfiksuj w Hijacku:

>>Hijack>>scan(Do a system scan only)>>zaznacz je >> Fix checked.

Użyj -->SDFix

Uwaga: Da się go uruchomić tylko w Trybie Awaryjnym.

Pokaż Report.txt znajdujący się w folderze SDFix.

Ściągnij -->ComboFix (na dole tej strony z linku).

Wklej do Notatnika :

File::

C:\windows\System32\gebxwvs.dll

C:\windows\system32\dcom857.dll

C:\windows\system\NOTEPAD.exe


Driver::

NOTEPAD


Registry::

HKey_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ 

"{733E9132-53CA-4C97-9AC9-145C4502FA20}"=-

>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe

(czyli ikonkę CFScript.txt na ikonkę ComboFix.exe ) – podobnie jak na tym obrazku --> Klik

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: **** Qoobox.

Potem sfiksuj te powyższe:

>>Hijack>>scan(Do a system scan only)>>zaznacz je >> Fix checked.

Potem daj tu:

1) raport SDFix

2) log z Hijacka

3) log z ComboFixa.

Log wklej na http://wklej.org/, a w poście daj tylko link.(czyli skopiuj adres z paska adresów)

jessi


(Areecki 18) #5

http://wklej.org/id/fd9eb04663

http://wklej.org/id/de94b5c41d

Złączono Posta : 21.09.2007 (Pią) 13:03

http://wklej.org/id/3a09cebf43

Złączono Posta : 21.09.2007 (Pią) 13:11

Nadal wyskakują mi błędy...

Np :http://www.fotosik.pl/pokaz_obrazek/488e1b35ebbfcf0f.html

Zamulona praca dysku oraz internetu !!

Znikła mi ikona od gg i coś wysyła mi do neta non toper !


(jessica) #6

To nie koniec usuwania - SDFix nie usunął tego, co do tej pory usuwał, nie wiem dlaczego tym razem nie usunął.

Tylko tak się zastanawiam:

Czy warto usuwać, skoro i tak chyba sformatujesz dysk, bo nie widzę, by ktoś tu chciał się zająć Twoim głównym problemem, czy czcionkami.?

Wklej do Notatnika :

File::

C:\WINDOWS\system32\mjpulcgq.dll

C:\WINDOWS\system32\ssqro.dll

C:\WINDOWS\system32\awvvt.dll

C:\WINDOWS\system32\msoft23246.exe

C:\WINDOWS\system32\msoft13025.exe

C:\WINDOWS\wuauapl.exe

C:\WINDOWS\system32\re1.exe

C:\WINDOWS\system32\msoft18327.exe

C:\WINDOWS\system\NOTEPAD.exe

C:\eralf.exe

C:\windows\system32\dllcache\services.exe


Driver::

"Local Service"

Mimserv


Registry::

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] 

"wuauapl.exe"=-

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] 

"wuauapl.exe"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SearchIndexer"=-

>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe ) – podobnie jak na tym obrazku --> Klik

Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: **** Qoobox.

Daj nowe logi z Hijacka i ComboFixa.

jessi


(Areecki 18) #7

Zrobiłem format dysku C

Zainstalowałem sterowniki i servis pack odrazu 2 nie wiem czy powinno sie najpierw 1 potem 2 ale ja zaistalowałem odrazu 2 , potem zaistalowałem Neostarde TP teraz czas na Avasta ...

Jak narazie jest wszytsko ok :slight_smile:

Pozdro i dzieki za pomoc !!