Pół godziny... uruchamia się system

Leszczynek · 8 Styczeń 2006 09:54

Od pewnego czasu mam problem… kompa mam dość dobrego, bo nie jest stary… P4 i 512Mb RAM. Jednak kiedy go włączam - mogę spokojnie zjeść śniadanie, ponieważ po ekranie “Zapraszamy” Windows potrzebuje całe pół godziny na załadowanie się Jeżeli jest instalowany jakiś program i trzeba kompa zrestartować… no to kapa. Znowu pół godziny czekać… nie mam pojęcia co to może być Ech… wkurzające jest to niezmiernie. Proszę o pomoc…

Dziękuję z góry.

adam9870 · 8 Styczeń 2006 09:56

W autostracie masz pewnie dużo rzeczy.

Start => Uruchom => Wpisz msconfig => Chyba zakładka uruchamianie => I wyłącz programy które poinstalowałeś.

NIE ODZNACZAJ WSZYSTKICH PÓŁ BO MOŻESZ MIEĆ PROBLEMY

tylko sciezki do programow ktore zainstalowaleś !

klaustrofobian · 8 Styczeń 2006 10:02

wklej screena z msconfig

Leszczynek · 8 Styczeń 2006 10:11

Wkleję screena jeszcze, ale tymczasem odkryłem, że prawdopodobnie mam robaka Net-Worm.Win32.Lebreat.b… to by wynikało ze stronki http://wirusy.antivirenkit.pl/pl/opis/Net-Worm.Win32.Lebreat.b.html

Aut. Akt. się nie włączają, są jakieś info o niemożności wysłania jakiegoś maila…

Jak mam się go pozbyć? :(((

klaustrofobian · 8 Styczeń 2006 10:13

więcej szczegółów proszę

program antywirusowy który napewno posiadasz nie chce usunąć go (robaka) z Twojego komputera?

adam9870 · 8 Styczeń 2006 10:15

Zrób loga HijackThis i zamieść go w dziale

Bezpieczeństwo i logi HijackThis

sprawdzi go ktoś i powie jak usunąć tego wira, przy okazji może znajdzie coś jeszcze.

Tu pisze jak zrobić loga:

http://forum.dobreprogramy.pl/viewtopic.php?t=36654

Leszczynek · 8 Styczeń 2006 10:24

Oto log:

Logfile of HijackThis v1.99.1 Scan saved at 11:25:52, on 2006-01-08 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe C:\windows\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\windows\system32\spoolsv.exe C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe C:\Program Files\internet\Kerio\Personal Firewall 4\kpf4ss.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\internet\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\internet\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\winlogon.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE C:\windows\system32\svchost.exe C:\PROGRA~1\Keyboard\Ikeymain.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\windows\Mixer.exe C:\Program Files\PWN\Definicje\Bin\Starter.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\NARZĘDZIA\DAEMON Tools\daemon.exe C:\windows\system32\VTTimer.exe C:\Program Files\film\SlySoft\AnyDVD\AnyDVD.exe C:\windows\system32\paytime.exe C:\windows\smss.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\windows\system32\ctfmon.exe C:\Program Files\GRAFIKA\ScreenshotCaptor\ScreenshotCaptor.exe C:\Program Files\NARZĘDZIA\Weather Watcher\ww.exe C:\windows\system32\paytime.exe C:\Program Files\D-Link AirPlus\AirPlus.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe C:\Program Files\Muzyka\Musicmatch Jukebox\mim.exe C:\PROGRA~1\NARZDZ~1\DesktopX\dxwidget.exe C:\PROGRA~1\NARZDZ~1\DesktopX\dxwidget.exe C:\PROGRA~1\NARZDZ~1\DesktopX\dxwidget.exe C:\Program Files\Muzyka\Musicmatch Jukebox\MMDiag.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\PROGRA~1\NORTON~1\NORTON~2\navw32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Leszczynek.LAS-167909DEE8C\Pulpit\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F2 - REG:system.ini: Shell=explorer.exe “C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe” O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: - {1E6CE4CD-161B-4847-B8BF-E2EF72299D69} - C:\WINDOWS\system32\ib6.dll O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\INTERNET\GetRight\xx2gr.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM…\Run: [iKeyWorks] C:\PROGRA~1\Keyboard\Ikeymain.exe O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM…\Run: [odk_mcd] C:\Program Files\NARZĘDZIA\Odkurzacz 10.0 Pro beta\odk_mcd.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [bootSkin Startup Jobs] “C:\PROGRA~1\NARZDZ~1\BootSkin\BootSkin.exe” /StartupJobs O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [VTTimer] VTTimer.exe O4 - HKLM…\Run: [PayTime] C:\windows\system32\paytime.exe O4 - HKLM…\Run: [Microsoft Windows Session Manager Subsystem] C:\windows\smss.exe O4 - HKLM…\Run: [Microsoft Windows Logon Process] C:\windows\winlogon.exe O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe” O4 - HKLM…\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU…\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe O4 - HKCU…\Run: [WeatherWatcher] C:\Program Files\NARZĘDZIA\Weather Watcher\ww.exe O4 - HKCU…\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU…\Run: [shell] “C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe” O4 - HKCU…\Run: [Windows installer] C:\winstall.exe O4 - HKCU…\Run: [pro] C:\winstall.exe O4 - HKCU…\Run: [PayTime] C:\windows\system32\paytime.exe O4 - Startup: c242 Silica Harddisk-Monitor.lnk = ? O4 - Startup: c242SilicaPerformance.lnk = ? O4 - Startup: Silica Calendar.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: D-Link AirPlus.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Download with GetRight - C:\Program Files\INTERNET\GetRight\GRdownload.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\INTERNET\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk O9 - Extra ‘Tools’ menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip…{799CF3AC-5ACD-4A7F-BFEA-98D8031EC6D6}: NameServer = 192.168.1.1 O20 - Winlogon Notify: avpe32 - avpe32.dll (file missing) O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\NARZDZ~1\WINDOW~1\wbsrv.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\internet\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: Windows Logon Process Service (MSWinLogonProcService) - Unknown owner - C:\WINDOWS\winlogon.exe" -service (file missing) O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Co dalej?

Proph3T · 8 Styczeń 2006 10:51

Start w awaryjnym kasacja:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html 

O4 - HKCU\..\Run: [PayTime] C:\windows\system32\paytime.exe

pliki secure32.html usuwawsz killboxem

Do poczytania

Leszczynek · 8 Styczeń 2006 11:02

A jak można killBoxem to wywalić? Nigdy nie robiłem na tym programie nic.

Złączono Posta : 08.01.2006 (Nie) 12:06

Wyskakuje mi ciągle: “This file could not be deleted”

Złączono Posta : 08.01.2006 (Nie) 12:10

Jak wywalam te secure32.html w hijacku to mi to wraca znowu za chwilę…

Proph3T · 8 Styczeń 2006 11:11

Domyślam się że robisz tak:

Podajesz ścieżkę do pliku i ten czerwony krzyżyk (kasacja) nic to nie pomaga :? lecz możesz jeszcze spróbować tego

i dodatkowo kasacja:

O4 - HKLM\..\Run: [PayTime] C:\windows\system32\paytime.exe

O4 - HKCU\..\Run: [PayTime] C:\windows\system32\paytime.exe

4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

O4 - HKCU\..\Run: [pro] C:\winstall.exe

Złączono Posta : 08.01.2006 (Nie) 12:18

Bo masz wywalić to w trybie awaryjnym i killboxem albo tym drugim co podałem.

Leszczynek · 8 Styczeń 2006 11:19

No to wywaliłem Zobaczymy, teraz robię jeszcze scan kompa… a jak się skończy to spróbujemy go odpalić

Dzięki!

Gutek · 8 Styczeń 2006 11:33

Nie usunołeś:

Na początku Start >>> Uruchom >>> services.msc >>> zatrzymaj i wyłącz Windows Logon Process Service

Wyłączyć Przywracanie systemu w XP TU
Zastartować do trybu awaryjnego bez internetu(opis w linku wyżej).
Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte. Dodatkowo O15 może będzie stawiać opór więc ściągnij KillTrusted 0.7
Skasować z dysku pliki i foldery, które podkreśliłem na czerwono
Dokończyć skanerami online - Scanery do wyboru
Pokazać nowy log

zastosuj Usuwanie tapety SpySheriff

Wklej nowego loga :!: :!: :!:

Proph3T · 8 Styczeń 2006 12:57

W końcu się Gucio pojawił od tego momentu jemu przekazuje pałeczkę :mrgreen:

Leszczynek · 8 Styczeń 2006 14:00

Zrobiłem tak… ale dalej mi wyskakują te okienka Nortona, że mi sprawdza setki jakiś wiadomości… więc ten wirus dalej tam jest Podaję jeszcze log.

Logfile of HijackThis v1.99.1 Scan saved at 14:59:27, on 2006-01-08 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\savedump.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe C:\windows\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\windows\system32\spoolsv.exe C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe C:\Program Files\internet\Kerio\Personal Firewall 4\kpf4ss.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\internet\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\internet\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE C:\windows\system32\svchost.exe C:\PROGRA~1\Keyboard\Ikeymain.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\windows\Mixer.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\windows\system32\VTTimer.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\windows\system32\ctfmon.exe C:\Program Files\NARZĘDZIA\Weather Watcher\ww.exe C:\Program Files\D-Link AirPlus\AirPlus.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe C:\PROGRA~1\NARZDZ~1\DesktopX\dxwidget.exe C:\PROGRA~1\NARZDZ~1\DesktopX\dxwidget.exe C:\PROGRA~1\NARZDZ~1\DesktopX\dxwidget.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\windows\system32\wuauclt.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Documents and Settings\Leszczynek.LAS-167909DEE8C\Pulpit\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F3 - REG:win.ini: load=c:\progra~1\watch.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\INTERNET\GetRight\xx2gr.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM…\Run: [iKeyWorks] C:\PROGRA~1\Keyboard\Ikeymain.exe O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM…\Run: [odk_mcd] C:\Program Files\NARZĘDZIA\Odkurzacz 10.0 Pro beta\odk_mcd.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [VTTimer] VTTimer.exe O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe” O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [MimBoot] C:\PROGRA~1\Muzyka\MUSICM~1\mimboot.exe O4 - HKLM…\Run: [DemonStarter] C:\Program Files\PWN\Definicje\Bin\Starter.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe O4 - HKCU…\Run: [WeatherWatcher] C:\Program Files\NARZĘDZIA\Weather Watcher\ww.exe O4 - HKCU…\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU…\Run: [screenshot Captor] “C:\Program Files\GRAFIKA\ScreenshotCaptor\ScreenshotCaptor.exe” /autorun O4 - Startup: c242 Silica Harddisk-Monitor.lnk = ? O4 - Startup: c242SilicaPerformance.lnk = ? O4 - Startup: Silica Calendar.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: D-Link AirPlus.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Download with GetRight - C:\Program Files\INTERNET\GetRight\GRdownload.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\INTERNET\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk O9 - Extra ‘Tools’ menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab O17 - HKLM\System\CCS\Services\Tcpip…{799CF3AC-5ACD-4A7F-BFEA-98D8031EC6D6}: NameServer = 192.168.1.1 O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\NARZDZ~1\WINDOW~1\wbsrv.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\internet\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: Windows Logon Process Service (MSWinLogonProcService) - Unknown owner - C:\WINDOWS\winlogon.exe" -service (file missing) O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Gutek · 8 Styczeń 2006 14:13

Start >>> Uruchom >>> services.msc >>> zatrzymaj i wyłącz Windows Logon Process Service

Użyj Pocket Killbox. Zaznaczasz opcję Delete on Reboot i w polu Full Path of File to Delete wklejasz ścieżkę

:\WINDOWS\winlogon.exe i naciskasz X czerwony. Program poprosi o reset kompa … czyli resetujesz.

Leszczynek · 8 Styczeń 2006 20:21

Teraz mój log wygląda tak:

Logfile of HijackThis v1.99.1 Scan saved at 21:19:52, on 2006-01-08 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe C:\windows\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\windows\system32\spoolsv.exe C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe C:\Program Files\internet\Kerio\Personal Firewall 4\kpf4ss.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\internet\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\internet\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE C:\windows\system32\svchost.exe C:\windows\system32\ntvdm.exe C:\PROGRA~1\Keyboard\Ikeymain.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\windows\Mixer.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\windows\system32\VTTimer.exe C:\Program Files\PWN\Definicje\Bin\Starter.exe C:\windows\system32\ctfmon.exe C:\Program Files\NARZĘDZIA\Weather Watcher\ww.exe C:\Program Files\GRAFIKA\ScreenshotCaptor\ScreenshotCaptor.exe C:\Program Files\D-Link AirPlus\AirPlus.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe C:\PROGRA~1\Muzyka\MUSICM~1\MMDiag.exe C:\PROGRA~1\NARZDZ~1\DesktopX\dxwidget.exe C:\PROGRA~1\NARZDZ~1\DesktopX\dxwidget.exe C:\PROGRA~1\NARZDZ~1\DesktopX\dxwidget.exe C:\Program Files\Muzyka\Musicmatch Jukebox\mim.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\INTERNET\Azureus\Azureus.exe C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe C:\Program Files\INTERNET\Gadu-Gadu\gg.exe C:\Documents and Settings\Leszczynek.LAS-167909DEE8C\Pulpit\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F3 - REG:win.ini: load=c:\progra~1\watch.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\INTERNET\GetRight\xx2gr.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM…\Run: [iKeyWorks] C:\PROGRA~1\Keyboard\Ikeymain.exe O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM…\Run: [odk_mcd] C:\Program Files\NARZĘDZIA\Odkurzacz 10.0 Pro beta\odk_mcd.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [VTTimer] VTTimer.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [MimBoot] C:\PROGRA~1\Muzyka\MUSICM~1\mimboot.exe O4 - HKLM…\Run: [DemonStarter] C:\Program Files\PWN\Definicje\Bin\Starter.exe O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe” O4 - HKCU…\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe O4 - HKCU…\Run: [WeatherWatcher] C:\Program Files\NARZĘDZIA\Weather Watcher\ww.exe O4 - HKCU…\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU…\Run: [screenshot Captor] “C:\Program Files\GRAFIKA\ScreenshotCaptor\ScreenshotCaptor.exe” /autorun O4 - Startup: c242 Silica Harddisk-Monitor.lnk = ? O4 - Startup: c242SilicaPerformance.lnk = ? O4 - Startup: Silica Calendar.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: D-Link AirPlus.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Download with GetRight - C:\Program Files\INTERNET\GetRight\GRdownload.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\INTERNET\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk O9 - Extra ‘Tools’ menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/ … nicode.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab O17 - HKLM\System\CCS\Services\Tcpip…{799CF3AC-5ACD-4A7F-BFEA-98D8031EC6D6}: NameServer = 192.168.1.1 O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\NARZDZ~1\WINDOW~1\wbsrv.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\internet\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Gutek · 8 Styczeń 2006 20:46

No juz Ok

Leszczynek · 9 Styczeń 2006 16:41

Jej… dziękuję Wam wszystkim niesamowicie :-))))))))))