Proszę o sprawdzenie loga

mam ten sam problem co kolega. Wczoraj mój komp był zjadany przez SpySheriff. Ale chyba nie do końca udało mi sie wszystko wywalić, bo ciągle znowu pojawia sie ten komunikat o braku ibm00001.exe nawet w trybie awaryjnym(z którego nawet teraz pisze). Do tego doszło jeszcze cos takiego : “ERROR! Cannot get device.(2)” o co chodzi? przeprowadzilam mnóstwo konfiguracji , powywalałam co sie dało, odhaczałam ptaszki , a tego jednego zostawiałam :wink: ale mimo to… moze tu ponizej jest jekies ********* Z góry dziękuje za pomoc, bo mój komp chodzi tak wolno jak nigdy!

Logfile of HijackThis v1.99.1

Scan saved at 17:24:28, on 2005-11-14

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Avant Browser\avant.exe

C:\Documents and Settings\f-e-i-l-a\Pulpit\hijackthis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"

F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\system32\pavdr.exe,C:\WINDOWS\system32\userinit.exe,

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [ixproxy] C:\WINDOWS\ixproxy.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\PowerGG.exe"

O4 - HKCU\..\Run: [Shellapi32] svcnet.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ixproxy] C:\WINDOWS\ixproxy.exe

O4 - Global Startup: MpegTV Station PCITV Remote Control.lnk = C:\Program Files\KWORLD\MpegTV Station PCITV\RemoteCtl.exe

O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:\Program Files\Avant Browser\AddAllToADBlackList.htm

O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program Files\Avant Browser\AddToADBlackList.htm

O8 - Extra context menu item: Otwórz w nowym Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm

O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... - C:\Program Files\Avant Browser\OpenAllLinks.htm

O8 - Extra context menu item: Podświetl - C:\Program Files\Avant Browser\Highlight.htm

O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\szsvcs.dll (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe

O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe

O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe

O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
  1. Wyłączyć Przywracanie systemu w XP TU

  2. Zastartować do trybu awaryjnego bez internetu(opis w linku wyżej).

  3. Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte.

  4. Skasować z dysku pliki i foldery, które podkreśliłem na czerwono

  5. Dokończyć skanerami online - Scanery do wyboru

  6. Pokazać nowy log :stuck_out_tongue:

Usuwanie VX2.BetterInternet i jak przeczytasz daj mi log nr 1 z

L2Mfix

zrobiłam dokładnie tak jak wyżej :stuck_out_tongue:

wcześniej nie odhaczyłam

F2 - REG:system.ini: Shell=explorer.exe “C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe”

bo to w Hijacku “ucieka” na prawo :wink: i mozna łatwo przeoczyć, więc strzeżcie sie !!

ale w końcu usunęłam , problem zniknął

log wygląda teraz tak :

Logfile of HijackThis v1.99.1

Scan saved at 18:34:33, on 2005-11-14

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\f-e-i-l-a\Pulpit\hijackthis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=iear=iesearch

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\system32\pavdr.exe,C:\WINDOWS\system32\userinit.exe,

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\PowerGG.exe"

O4 - HKCU\..\Run: [Shellapi32] svcnet.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ixproxy] C:\WINDOWS\ixproxy.exe

O4 - Global Startup: MpegTV Station PCITV Remote Control.lnk = C:\Program Files\KWORLD\MpegTV Station PCITV\RemoteCtl.exe

O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:\Program Files\Avant Browser\AddAllToADBlackList.htm

O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program Files\Avant Browser\AddToADBlackList.htm

O8 - Extra context menu item: Otwórz w nowym Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm

O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... - C:\Program Files\Avant Browser\OpenAllLinks.htm

O8 - Extra context menu item: Podświetl - C:\Program Files\Avant Browser\Highlight.htm

O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe

O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe

O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe

O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe

zeskanowałam na awaryjnym w Kaspersky’m online

propos: Usuwanie VX2.BetterInternet dla Windows 2000/XP

poszło ładnie

zagalopowałam sie i nie zrobiłam loga nr 1 z

L2Mfix :?

miałam loga “po” ale próbowałam ponownie właczyc ten program, trzeba czekac w nieskonczoność…

nie wiem czy to koniec tego koszmaru na dzis , bo komp wciaz dosc długo sie ładuje, ciagle wyskakuje info:

Error! cannot get device.(2) po zalogowaniu

plus : Remote Ctl.exe (wyst.problem z aplikacją i zostanie ona zamknięta…)o co biega…

poza tym jestem bardzo bardzo wdzięczna !!

dzięki!

Usuń: (wszystko oczywiście robisz w trybie awaryjnym z wyłączonym przywracaniem systemu)

Pliki na czerwono usun ręcznie z dysku

Plik svcnet.exe usuń programem Pocket Killbox czyli odpalasz Killboxa zaznacz opcję Delete on Reboot następnie w polu Full Path of File to Delete wklej ścieżke:

C:\WINDOWS\SYSTEM32** svcnet.exe**

następnie program będzie pytał o restart (oczywiście zgadzasz sie)

feilaaa nie podpinaj się do kogoś tematu tylko zakładaj własne :?

Wydzielono z innego tematu

czekam po usuwaniu na ten log :wink:

dla Gutka2222 proszę bardzo:

L2MFIX find log 1.04a

No log OK dobra daj log z Silent Runners

Jak używać Killboxa masz opisane wyżej

proszę bardzo :

"Silent Runners.vbs", revision 41, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\PowerGG.exe"" [null data]

"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"HP Software Update" = "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [null data]

"DeviceDiscovery" = "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" ["Hewlett-Packard"]

"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" ["Sun Microsystems, Inc."]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]


HKLM\Software\Microsoft\Active Setup\Installed Components\

>{26923b43-4d38-484f-9b9e-de460746276c}\(Default) = "Internet Explorer"

                                        \StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" [file not found]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"

  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]

"{A0752120-6D75-D111-B5B1-0800095A2318}" = "HandyBits EasyCrypto Shell Extensions"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\tsseCryp.dll" [null data]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]


HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

INFECTION WARNING! "Userinit" = "C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\system32\pavdr.exe,C:\WINDOWS\system32\userinit.exe," [MS], [file not found], [null data], [file not found], [MS]


HKLM\System\CurrentControlSet\Control\Session Manager\

INFECTION WARNING! "BootExecute" = "autocheck autochk * PFDNNT C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll PFDNNT C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll" [file not found], [MS], [file not found], [file not found], [file not found], [file not found], [file not found], [file not found], [file not found], [file not found], [file not found], [file not found], [file not found], [file not found], [file not found]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! wzcnotif\DLLName = "wzcdlg.dll" [MS]


HKLM\Software\Classes\PROTOCOLS\Filter\

INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

EasyCryptoMenu\(Default) = "{A0752120-6D75-D111-B5B1-0800095A2318}"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\tsseCryp.dll" [null data]

SharedMenuHandler\(Default) = "{916F1ADF-2F02-46C2-B7D2-310468390750}"

  -> {CLSID}\InProcServer32\(Default) = "ssmenu.dll" ["Teknum Systems AS"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

EasyCryptoMenu\(Default) = "{A0752120-6D75-D111-B5B1-0800095A2318}"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\tsseCryp.dll" [null data]

SharedMenuHandler\(Default) = "{916F1ADF-2F02-46C2-B7D2-310468390750}"

  -> {CLSID}\InProcServer32\(Default) = "ssmenu.dll" ["Teknum Systems AS"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



Active Desktop and Wallpaper:

-----------------------------


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\WINDOWS\ACD Wallpaper.bmp"



Startup items in "f-e-i-l-a" & "All Users" startup folders:

-----------------------------------------------------------


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"MpegTV Station PCITV Remote Control" -> shortcut to: "C:\Program Files\KWORLD\MpegTV Station PCITV\RemoteCtl.exe" [null data]



Enabled Scheduled Tasks:

------------------------


"A5FEF67E91E167E2" -> launches: "c:\docume~1\gocha\daneap~1\binlog~1\Exit Dumb Cake.exe" [null data]

"AE28CE7A919B7F7E" -> launches: "c:\docume~1\gocha\daneap~1\binlog~1\Exit Dumb Cake.exe" [null data]

"AE6286A991853779" -> launches: "c:\docume~1\gocha\daneap~1\binlog~1\Exit Dumb Cake.exe" [null data]

"AF65F43B91B26F77" -> launches: "c:\docume~1\sa\daneap~1\binlog~1\Exit Dumb Cake.exe" [null data]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll" ["Sun Microsystems, Inc."]



All Non-Disabled Services (Display Name, Service Name, Path {Service DLL}):

---------------------------------------------------------------------------


ASP.NET State Service, aspnet_state, "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe" [MS]

HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}

Karta wydajności WMI, WmiApSrv, "C:\WINDOWS\System32\wbem\wmiapsrv.exe" [MS]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

Remote Procedure Call (RPC) Extensions, RpcxSs, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"RpcxSs.Dll" [MS]}

Usługa administracyjna Menedżera dysków logicznych, dmadmin, "C:\WINDOWS\System32\dmadmin.exe /com" ["Microsoft Corp., Veritas Software"]

Usługa dostarczania sieci, xmlprov, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\xmlprov.dll" [MS]}

Usługa numeru seryjnego multimediów przenośnych, WmdmPmSN, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\mspmsnsv.dll" [MS]}



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

hpzsnt08\Driver = "hpzsnt08.dll" ["HP"]

Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]



----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

  use the -supp parameter or answer "No" at the first message box.

---------- (total run time: 53 seconds, including 12 seconds for message boxes)

ps juz na samym poczatku przestudiowałam jak uzywac Killboxa, ale i tak …nic

PS juz wiem o co chodziło z tym Error’em - odnosi sie do tunera tv

No nie jest źle z log0-a wynika, ale co do tunera tv proponuję reinstalację

prosze tylko o dop. na pytanko :

“czy to juz koniec z tym badziewiem ???” :stuck_out_tongue: :stuck_out_tongue: :stuck_out_tongue:

i moze pójde spac spokojnie?

TAK koniec z badziewiem :wink:

dzięki z całego serca !!

teraz sie czuje tak :twisted:

dzięki bardzo i do następnego :wink: