system
(system)
30 Wrzesień 2006 16:33
#1
witam mam problem z plikiem msdnxp.exe tzn.po odpaleniu kompa pokazuje sie komunikat że brakuje tego pliku.Ponadto nie mogę na żadnym odtwarzaczu odtworzyć filmu bo komp sie od razu restartuje.Dodam także że niepokoi mnie też taka aplikacja jak internal.exe
daje log z hjt a log z silenta nie udało sie zrobic bo wyskakuje błąd krytyczny
Logfile of HijackThis v1.99.1 Scan saved at 17:51:45, on 2006-09-30 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\internal.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\SYSCFG16.EXE C:\WINDOWS\System32\mysvcc.exe C:\WINDOWS\System32\svcchost.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Greg\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F2 - REG:system.ini: Shell=Explorer.exe msdnxp.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,msdnxp.exe O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe O4 - HKLM…\Run: [Windows System Configuration] C:\WINDOWS\SYSCFG16.EXE O4 - HKLM…\Run: [Windows DLL Loader] C:\WINDOWS\SYSCFG16.EXE O4 - HKLM…\Run: [mysvcig38] mysvcc.exe O4 - HKLM…\Run: [msvcc25] svcchost.exe O4 - HKLM…\Run: [Microsoft explorer Update] internal.exe O4 - HKLM…\RunServices: [MSDN for Windows NT & Windows XP] msdnxp.exe O4 - HKLM…\RunServices: [mysvcig38] mysvcc.exe O4 - HKLM…\RunServices: [msvcc25] svcchost.exe O4 - HKLM…\RunServices: [Microsoft explorer Update] internal.exe O4 - HKLM…\RunOnce: [Microsoft explorer Update] internal.exe O4 - HKCU…\Run: [Odkurzacz-MCD] D:\Program Files\Odkurzacz\odk_mcd.exe O4 - HKCU…\Run: [Microsoft explorer Update] internal.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\RunServices: [MSDN for Windows NT & Windows XP] msdnxp.exe O4 - HKCU…\RunOnce: [Microsoft explorer Update] internal.exe O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleAc … refid=1123 O17 - HKLM\System\CCS\Services\Tcpip…{7A6EF6D0-9F93-4CA8-BEFD-8B3BCD3CAFF8}: NameServer = 213.241.79.37 195.114.181.130 O20 - AppInit_DLLs: O20 - Winlogon Notify: winzdn32 - winzdn32.dll (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Win32 Kernel Update (Win32Kernel) - Unknown owner - C:\WINDOWS\win32host.exe (file missing)
z silenta mam takie coś
“Silent Runners.vbs”, revision 48, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” FATAL ERROR! ------------ “Silent Runners” cannot use WMI to identify the operating system. This is caused by corruption of the WMI installation. WMI is complex and it is recommended that you use a Microsoft tool, “WMIDiag.vbs,” to diagnose WMI on your system. It can be downloaded here: http://go.microsoft.com/fwlink/?LinkId=62562
proszę poradzcie coś
Bieniol
(Bbieniol)
30 Wrzesień 2006 17:23
#2
Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (jeżeli jakieś znaczki są żółte, to niech takie zostaną). Po użyciu tego narzędzia wymagany jest reset sysa.
Start --> uruchom --> services.msc --> zatrzymaj i wyłącz usługe Win32 Kernel Update
Otwórz hijackthis --> open misc tools section --> delete a NT service --> wpisz Win32Kernel i ok
W trybie awaryjnym z wyłączonym przywracaniem systemu usuwasz (wpisy Hijackiem, pliki/foldery na czerwono ręcznie z dysku):
F2 - REG:system.ini: Shell=Explorer.exe msdnxp.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,msdnxp.exe O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL O4 - HKLM…\Run: [Windows System Configuration] C:\WINDOWS\SYSCFG16.EXE O4 - HKLM…\Run: [Windows DLL Loader] C:\WINDOWS\SYSCFG16.EXE O4 - HKLM…\Run: [mysvcig38] mysvcc.exe O4 - HKLM…\Run: [msvcc25] svcchost.exe O4 - HKLM…\Run: [Microsoft explorer Update] internal.exe O4 - HKLM…\RunServices: [MSDN for Windows NT & Windows XP] msdnxp.exe O4 - HKLM…\RunServices: [mysvcig38] mysvcc.exe O4 - HKLM…\RunServices: [msvcc25] svcchost.exe O4 - HKLM…\RunServices: [Microsoft explorer Update] internal.exe O4 - HKLM…\RunOnce: [Microsoft explorer Update] internal.exe O4 - HKCU…\Run: [Microsoft explorer Update] internal.exe O4 - HKCU…\RunServices: [MSDN for Windows NT & Windows XP] msdnxp.exe O4 - HKCU…\RunOnce: [Microsoft explorer Update] internal.exe O20 - AppInit_DLLs: O20 - Winlogon Notify: winzdn32 - winzdn32.dll (file missing) O23 - Service: Win32 Kernel Update (Win32Kernel) - Unknown owner - C:\WINDOWS\win32host.exe (file missing)
Po zabiegach nowe logi
Co do Silenta, to poczytaj tutaj -> http://www.searchengines.pl/phpbb203/in … opic=15989
system
(system)
4 Październik 2006 17:23
#3
po zabiegach nowy log do sprawdzenia
Logfile of HijackThis v1.99.1 Scan saved at 19:20:51, on 2006-10-04 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Eset\nod32krn.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\System32\drivers\atixd.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE C:\Program Files\Creative\ShareDLL\MediaDet.Exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\ftp.exe D:\BitComet\BitComet\BitComet.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\System32\devldr32.exe D:\gry\enclave\Enclave.exe C:\Documents and Settings\Greg\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,msdnxp.exe O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [Microsoft explorer Update] internal.exe O4 - HKLM…\Run: [ATI Display Driver] C:\WINDOWS\System32\drivers\atixd.exe O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM…\Run: [Microsoft Security Monitor Process] scvhost.exe O4 - HKLM…\Run: [updReg] C:\WINDOWS\Updreg.exe O4 - HKLM…\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe O4 - HKLM…\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE O4 - HKLM…\RunServices: [MSDN for Windows NT & Windows XP] msdnxp.exe O4 - HKLM…\RunServices: [Microsoft explorer Update] internal.exe O4 - HKLM…\RunServices: [msvcc25] svcchost.exe O4 - HKLM…\RunServices: [mysvcig38] mysvcc.exe O4 - HKLM…\RunServices: [ATI Display Driver] C:\WINDOWS\System32\drivers\atixd.exe O4 - HKLM…\RunServices: [Microsoft Security Monitor Process] scvhost.exe O4 - HKCU…\Run: [Microsoft explorer Update] internal.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleAc … refid=1123 O17 - HKLM\System\CCS\Services\Tcpip…{7A6EF6D0-9F93-4CA8-BEFD-8B3BCD3CAFF8}: NameServer = 213.241.79.37 195.114.181.130 O20 - AppInit_DLLs: O20 - Winlogon Notify: winzdn32 - winzdn32.dll (file missing) O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.EXE (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing) O23 - Service: ľ2:ˇ/ wů:Gź·siÖ (€? ) - Unknown owner - C:\WINDOWS\mnsmsgr.exe (file missing)
Bieniol
(Bbieniol)
4 Październik 2006 17:28
#4
W trybie awaryjnym z wyłączonym przywracaniem systemu usuwasz (wpisy Hijackiem, pliki/foldery na czerwono ręcznie z dysku):
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,msdnxp.exe O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch \bar\2.bin\MGSBAR.DLL O4 - HKLM…\Run: [Microsoft explorer Update] internal.exe O4 - HKLM…\Run: [Microsoft Security Monitor Process] scvhost.exe O4 - HKLM…\RunServices: [MSDN for Windows NT & Windows XP] msdnxp.exe O4 - HKLM…\RunServices: [Microsoft explorer Update] internal.exe O4 - HKLM…\RunServices: [msvcc25] svcchost.exe O4 - HKLM…\RunServices: [mysvcig38] mysvcc.exe O4 - HKLM…\RunServices: [Microsoft Security Monitor Process] scvhost.exe O4 - HKCU…\Run: [Microsoft explorer Update] internal.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O20 - Winlogon Notify: winzdn32 - winzdn32.dll (file missing) O23 - Service: ľ2:ˇ/ wů:Gź·siÖ (€? ) - Unknown owner - C:\WINDOWS\mnsmsgr.exe (file missing)
Po zabiegach nowy log
Co z logiem z Silenta?
system
(system)
4 Październik 2006 18:21
#5
Jesszcze bieniol powiedz jak ręcznie sie usówa tzn prawoklik myszy? i jak znależć te pliki co je trzeba ręcznie usunąć? te na czerwono.
Bieniol
(Bbieniol)
4 Październik 2006 18:27
#6
Pliki które nie mają w logu ścieżki prawdopodobnie znajdują się w folderze: *C:\WINDOWS\System32*
Usuwasz je poprzez klawisz Delete , lub jeżeli będą problemy za pomocą narzędzia KillBox , zaznaczając Delete on reboot
Daj po zabiegach logi o które proszę
system
(system)
8 Październik 2006 19:23
#7
wklejam logi po zabiegach
Logfile of HijackThis v1.99.1 Scan saved at 15:08:53, on 2006-10-08 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\htpatch.exe C:\Program Files\Anti-Trojan-55\ATWatch.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\System32\devldr32.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\System32\msiexec.exe G:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM…\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM…\Run: [AT-Watch] C:\Program Files\Anti-Trojan-55\ATWatch.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [KAVPersonal50] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe” /minimize O4 - HKLM…\Run: [PC Tilecom] Tilecompc.com O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\RunServices: [PC Tilecom] Tilecompc.com O4 - HKCU…\Run: [Odkurzacz-MCD] D:\Program Files\Odkurzacz\odk_mcd.exe O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O17 - HKLM\System\CCS\Services\Tcpip…{F10B10A5-C26F-4D7F-B61E-95A1B2BF36B3}: NameServer = 213.241.79.37 195.114.181.130 O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
“Silent Runners.vbs”, revision 48, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “Odkurzacz-MCD” = “D:\Program Files\Odkurzacz\odk_mcd.exe” [file not found] “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}” = ““C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”” [“Nero AG”] “Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “SpeedTouch USB Diagnostics” = ““C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon” [“THOMSON Telecom Belgium”] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit” [MS] “HTpatch” = “C:\WINDOWS\htpatch.exe” [null data] “SiSUSBRG” = “C:\WINDOWS\SiSUSBrg.exe” [“Silicon Integrated Systems Corp.”] “AT-Watch” = “C:\Program Files\Anti-Trojan-55\ATWatch.exe” [“Anti-Trojan Network”] “NeroFilterCheck” = “C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [“Nero AG”] “KAVPersonal50” = ““C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe” /minimize” [“Kaspersky Lab”] “PC Tilecom” = “Tilecompc.com ” [file not found] “KernelFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -k” [MS] HKLM\Software\Microsoft\Active Setup\Installed Components\ {306D6C21-C1B6-4629-986C-E59E1875B8AF}(Default) = (no title provided) \StubPath = ““C:\WINDOWS\System32\rundll32.exe” “C:\Program Files\Messenger\msgsc.dll”,ShowIconsUser” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\PROGRA~1\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{B327765E-D724-4347-8B16-78AE18552FC3}” = “NeroDigitalIconHandler” -> {HKLM…CLSID} = “NeroDigitalIconHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] “{7F1CF152-04F8-453A-B34C-E609530A9DC8}” = “NeroDigitalPropSheetHandler” -> {HKLM…CLSID} = “NeroDigitalPropSheetHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}(Default) = “NeroDigitalExt.NeroDigitalColumnHandler” -> {HKLM…CLSID} = “NeroDigitalColumnHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll” [“Kaspersky Lab”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll” [“Kaspersky Lab”] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\GREG\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS] Startup items in “GREG” & “All Users” startup folders: ------------------------------------------------------ C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Kaspersky Anti-Hacker” -> shortcut to: “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe /silence” [“Kaspersky Lab”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}” -> {HKLM…CLSID} = “Java Plug-in 1.5.0_06” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll” [“Sun Microsystems, Inc.”] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ kavsvc, kavsvc, ““C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe”” [“Kaspersky Lab”] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\System32\nvsvc32.exe” [“NVIDIA Corporation”] Sunbelt Kerio Personal Firewall 4, KPF4, “C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe” [“Sunbelt Software”] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 55 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 24 seconds. ---------- (total run time: 174 seconds)
mam nadzieje że wreszcie logi sa czyste
Bieniol
(Bbieniol)
8 Październik 2006 19:44
#8
Do usunięcia Hijackiem te wpisy:
Poza tym już czysto
adam9870
(adam9870)
8 Październik 2006 19:48
#9
Bieniol Jeśli usunie wpisy
to zostanie resztka w rejestrze ponieważ pliku fizycznie nie ma na dysku.
Dlatego potem należy otworzyć notatnik i wkleić w nim to:
Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG i uruchom go.
Bieniol
(Bbieniol)
8 Październik 2006 19:50
#10
adam9870 -> usunięcie wpisów w Hijacku jest równoznaczne z usunięciem ich z rejestru. Tak więc albo jedno albo drugie