Prosba o pomoc z funk.exe


(Acipiter) #1

proszę o pomoc z plikiem funk.exe. udalo mi sie go wykasowac dzieki temu, ze wylaczylem go w msconfig, mimo tego komp nie dziala jak powinien - pasek do przesuwania dokumentow (na touchpadzie) nie dziala, touchpad nie reaguje rowneiz na podwojne klikniecie. wczesniej narzedzie przywracania systemu w ogole nie chcialo zadzialac (tzn. wyswietlal sie komunikat, ze system nie moze zostac przywrocony do poprzedniego stanu), obecnie narzedzie przywracania systemu jest wylaczone.

moj log


(Gblade) #2

skasuj w hjt i pogrubiony plik:

wyszukaj plik i skasuj w trybie awaryjnym

skan http://www.ewido.net

wrzuć log z silent runners (opis w przyklejonym)


(Acipiter) #3

dzieki, niedawno wrocilem i dopiero teraz zabralem sie za sprawe. wyglada na to, ze po funk.exe nie ma sladu, natomiast nadal nie dziala touchpad (dokladnie: mozna przesuwac kursor touchpadem i klikac przyciskami przy touchpadzie, natomiast komp nie reaguje na pojedyncze czy podwojne stukniecie w touchpad) - nie mam pojecia czy zostalo jeszcze jakies swinstwo, czy to problem hardwareowy.

to log z silent runners, dzieki raz jeszcze

CYTAT:

"Silent Runners.vbs", revision 45, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"ATIModeChange" = "Ati2mdxx.exe" ["ATI Technologies, Inc."]

"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]

"dla" = "C:\WINDOWS\system32\dla\tfswctrl.exe" ["Sonic Solutions"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM...CLSID} = "AcroIEHlprObj Class"

\InProcServer32(Default) = "E:\programy pozostałe\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{5CA3D70E-1895-11CF-8E15-001234567890}(Default) = "*g" (unwritable string)

-> {HKLM...CLSID} = "DriveLetterAccess"

\InProcServer32(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]

{BDF3E430-B101-42AD-A544-FADC6B084872}(Default) = "NAV Helper"

-> {HKLM...CLSID} = "CNavExtBho Class"

\InProcServer32(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

\InProcServer32(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places"

-> {HKLM...CLSID} = "My Bluetooth Places"

\InProcServer32(Default) = "C:\WINDOWS\System32\btneighborhood.dll" ["WIDCOMM, Inc."]

"{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess"

-> {HKLM...CLSID} = "DriveLetterAccess"

\InProcServer32(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]

"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"

-> {HKLM...CLSID} = "RecordNow! SendToExt"

\InProcServer32(Default) = "C:\Program Files\RecordNow!\shlext.dll" ["Sonic Solutions"]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

-> {HKLM...CLSID} = "Microsoft Office Outlook"

\InProcServer32(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

\InProcServer32(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

-> {HKLM...CLSID} = "iTunes"

\InProcServer32(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]

"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"

-> {HKLM...CLSID} = "Shell Search Band"

\InProcServer32(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "E:\programy pozostałe\WinRAR\rarext.dll" [null data]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLM\Software\Classes\PROTOCOLS\Filter\

INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

ewido(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"

-> {HKLM...CLSID} = "Ctest Object"

\InProcServer32(Default) = "E:\ewido anti-malware\context.dll" ["ewido networks"]

Symantec.Norton.Antivirus.IEContextMenu(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"

-> {HKLM...CLSID} = "IEContextMenu Class"

\InProcServer32(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "E:\programy pozostałe\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

ewido(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"

-> {HKLM...CLSID} = "Ctest Object"

\InProcServer32(Default) = "E:\ewido anti-malware\context.dll" ["ewido networks"]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "E:\programy pozostałe\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

Symantec.Norton.Antivirus.IEContextMenu(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"

-> {HKLM...CLSID} = "IEContextMenu Class"

\InProcServer32(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "E:\programy pozostałe\WinRAR\rarext.dll" [null data]

Active Desktop and Wallpaper:


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\user\Dane aplikacji\Microsoft\Internet Explorer\Tapeta programu Internet Explorer.bmp"

Enabled Screen Saver:


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]

Startup items in "user" & "All Users" startup folders:


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"BTTray" -> shortcut to: "C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe" ["WIDCOMM, Inc."]

Enabled Scheduled Tasks:


"Norton AntiVirus - Skanuj komputer - user" -> launches: "C:\PROGRA~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]

"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]

Winsock2 Service Provider DLLs:


Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:


Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"

-> {HKLM...CLSID} = "Norton AntiVirus"

\InProcServer32(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"

-> {HKLM...CLSID} = "Norton AntiVirus"

\InProcServer32(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Badanie"

HOSTS file


C:\WINDOWS\System32\drivers\etc\HOSTS

maps: 436 domain names to IP addresses,

2 of the IP addresses are *not* localhost!

Running Services (Display Name, Service Name, Path {Service DLL}):


Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]

ewido security suite control, ewido security suite control, "E:\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]

Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]

SAVScan, SAVScan, ""C:\Program Files\Norton AntiVirus\SAVScan.exe"" ["Symantec Corporation"]

SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]

Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]

Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]

SymWMI Service, SymWSC, ""C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"" ["Symantec Corporation"]

Usługa Auto Protect programu Norton AntiVirus, navapsvc, ""C:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]

Print Monitors:


HKLM\System\CurrentControlSet\Control\Print\Monitors\

Bluetooth Printer Port\Driver = "bthcrp.dll" ["WIDCOMM, Inc."]

Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


  • This report excludes default entries except where indicated.

  • To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

  • To search all directories of local fixed drives for DESKTOP.INI

DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

use the -supp parameter or answer "No" at the first message box.

---------- (total run time: 110 seconds, including 18 seconds for message boxes)


(Gblade) #4

log ogólnie ok, ale

C:\WINDOWS\System32\drivers\etc\HOSTS

edytuj plik hosts w notatniku, powinna znajdowac się tam tylko linijka

127.0.0.1 localhost


(Acipiter) #5

dzięki, zrobione! myslisze, ze touchpad wylozyl sie przez te problemy z wirusem czy to cos innego?