Summer
(Morante)
10 Wrzesień 2006 12:37
#1
Witam ponownie,
jakis czas temu mialam problem z wysakujacymi okienkami o tresci “runtime error 226 at…” i tu nastepuja ciag literek i cyferek. Myslalam, ze po klopocie, gdyz pousuwalam pare wpisow z rejestru. Ale jak widac, dziadostwo gdzies glebej siedzi, bo dzisiaj otrzymalam ponownie owe komunikaty, a dodatkowo wyskoczylo mi okienko z nazwa “Microsoft Visual C++ Runtime Library” o tresci “Runtime Error! Program: C:\Windows\Explorer.exe abnormal program termination”. Nacisnelam ok, a wtedy explorer zrobil wywrotke, poznikaly mi wszystkie ikony i cisza. Martwy komp, jedynie tapeta na pulpicie zostala No to musialam zresetowac pc.
Podaje loga, bo moze ktos wie, gdzie tkwi blad.
Logfile of HijackThis v1.99.1 Scan saved at 14:34:20, on 06-09-10 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\RUNSERVICE.EXE C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\PWSTRAY.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\SBPCI\CTMIX32.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\RunDLL.exe C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE C:\PROGRAM FILES\SPAMPAL\SPAMPAL.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE D:\INSTALKI\GADU-GADU\GG.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE D:\MAGAZYN\HIJACKTHIS\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.2.100:8192 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F1 - win.ini: run=hpfsched O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL O4 - HKLM…\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM…\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM…\Run: [systemTray] SysTray.Exe O4 - HKLM…\Run: [Zasobnik systemowy] SysTray.Exe O4 - HKLM…\Run: [PWSTray] PwsTray.exe O4 - HKLM…\Run: [LSTray] LSTray.exe O4 - HKLM…\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM…\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM…\Run: [CreativeMixer] C:\SBPCI\ctmix32.exe /T O4 - HKLM…\RunServices: [MSDTC] msdtcw -start O4 - HKLM…\RunServices: [LicCtrl] runservice.exe O4 - HKLM…\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM…\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE O4 - HKLM…\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE O4 - HKCU…\Run: [Gadu-Gadu] “D:\INSTALKI\GADU-GADU\GG.EXE” /tray O4 - HKCU…\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe O8 - Extra context menu item: Ściągnij przy pomocy FlashGet’a - C:\PROGRAM FILES\FLASHGET\jc_link.htm O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet’a - C:\PROGRAM FILES\FLASHGET\jc_all.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll O12 - Plugin for .m15: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O15 - Trusted Zone: http://skaner.mks.com.pl O15 - Trusted Zone: http://bezpieczenstwo.onet.pl O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = workgroup O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 194.204.159.1,194.204.152.34
“Silent Runners.vbs”, revision 47, http://www.silentrunners.org/ Operating System: Windows 98 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “Gadu-Gadu” = ““D:\INSTALKI\GADU-GADU\GG.EXE” /tray” [“sms-express.com ”] “Taskbar Display Controls” = “RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY” [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “ScanRegistry” = “C:\WINDOWS\scanregw.exe /autorun” [MS] “TaskMonitor” = “C:\WINDOWS\taskmon.exe” [MS] “SystemTray” = “SysTray.Exe” [MS] “Zasobnik systemowy” = “SysTray.Exe” [MS] “PWSTray” = “PwsTray.exe” [MS] “LSTray” = “LSTray.exe” [“I-D Media AG”] “LoadPowerProfile” = “Rundll32.exe powrprof.dll,LoadCurrentPwrScheme” [MS] “StillImageMonitor” = “C:\WINDOWS\SYSTEM\STIMON.EXE” [MS] “CreativeMixer” = “C:\SBPCI\ctmix32.exe /T” [“Creative Technology Ltd.”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ {++} “MSDTC” = “msdtcw -start” [MS] “LicCtrl” = “runservice.exe” [null data] “LoadPowerProfile” = “Rundll32.exe powrprof.dll,LoadCurrentPwrScheme” [MS] “KB891711” = “C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE” [MS] “KB918547” = “C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE” [MS] HKLM\Software\Microsoft\Active Setup\Installed Components\ PerUser_CVT_Inis(Default) = “Instalator systemu Windows — Konwerter FAT32” \StubPath = “rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis_remove 64 C:\WINDOWS\INF\applets1.inf” [MS] {44BBA851-CC51-11CF-AAFA-00AA00B6015C}(Default) = “Microsoft - Kreator publikacji w sieci Web 1.6” \StubPath = “rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wpie5x86.inf,PerUserRemove” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {A5366673-E8CA-11D3-9CD9-0090271D075B}(Default) = (no title provided) -> {HKLM…CLSID} = “IeCatch2 Class” \InProcServer32(Default) = “C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL” [“Amaze Soft”] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX” ["("] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Spybot - Search & Destroy\SDHelper.dll” [null data] {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A}(Default) = (no title provided) -> {HKLM…CLSID} = “Big Fish Games Toolbar” \InProcServer32(Default) = “C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL” [empty string] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\PROGRAM FILES\WINRAR\rarext.dll” [null data] “{D0FAC080-AE1A-11ce-8016-CE90976DC901}” = “Picture Publisher File Viewer” -> {HKLM…CLSID} = “Picture Publisher File Viewer” \InProcServer32(Default) = “ppiv30.dll” [null data] “{2E9D3540-211C-11d0-A5F2-00A0248C37BE}” = “Nero Shell Extension Property Sheet” -> {HKLM…CLSID} = “Nero Shell Extension Property Sheet” \InProcServer32(Default) = “C:\Program Files\Ahead\Nero\neroshx.dll” ["ahead software gmbh im stoeckmaedle 6 76307 karlsbad, germany Fax: ++49-7248-911-888 e-mail: info@ahead.de ] “{CCA60260-A2C9-11D2-BA62-0020188191B2}” = “Registrar Registry Manager SHell Extension” -> {HKLM…CLSID} = “Registrar Registry Manager SHell Extension” \InProcServer32(Default) = “rrShellX.dll” [file not found] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\PROGRAM FILES\WINRAR\rarext.dll” [null data] ZFAdd(Default) = “{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}” -> {HKLM…CLSID} = “WinAceContext Menu (Add) Extension” \InProcServer32(Default) = “C:\PROGRAM FILES\WINACE\arcext.dll” [“e-merge GmbH”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\PROGRAM FILES\WINRAR\rarext.dll” [null data] ZFAdd(Default) = “{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}” -> {HKLM…CLSID} = “WinAceContext Menu (Add) Extension” \InProcServer32(Default) = “C:\PROGRAM FILES\WINACE\arcext.dll” [“e-merge GmbH”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\PROGRAM FILES\WINRAR\rarext.dll” [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Moje dokumenty\Moje obrazy\tapeta10_800x600.bmp” WIN.INI & SYSTEM.INI launch points: ----------------------------------- WIN.INI [windows] INFECTION WARNING! “Run=hpfsched” [null data] Startup items in “Startup” & “All Users…Startup” folders: ----------------------------------------------------------- C:\WINDOWS\Menu Start\Programy\Autostart “Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS] “Image Transfer” -> shortcut to: “C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe” [null data] “Adobe Gamma Loader.exe” -> shortcut to: “C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe” [“Adobe Systems, Inc.”] “SpamPal” -> shortcut to: “C:\Program Files\SpamPal\spampal.exe” [“www.spampal.org ”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “C:\WINDOWS\SYSTEM\rnr20.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range: C:\WINDOWS\SYSTEM\msafd.dll [MS], 1 - 3 C:\WINDOWS\SYSTEM\rsvpsp.dll [MS], 4 - 5 C:\WINDOWS\SYSTEM\mswsosp.dll [MS], 6 - 9 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{4D5C8C2A-D075-11D0-B416-00C04FB90376}” -> {HKLM…CLSID} = “Pasek poleceń Microsoft” \InProcServer32(Default) = “C:\WINDOWS\SYSTEM\BROWSEUI.DLL” [MS] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{E0E899AB-F487-11D5-8D29-0050BA6940E3}” = “FlashGet Bar” -> {HKLM…CLSID} = “FlashGet Bar” \InProcServer32(Default) = “C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL” [“Amaze Soft”] “{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A}” = (no title provided) -> {HKLM…CLSID} = “Big Fish Games Toolbar” \InProcServer32(Default) = “C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL” [empty string] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\ “ButtonText” = “FlashGet” “MenuText” = “&FlashGet” “Exec” = “C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE” [“Amaze Soft”] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}” -> {HKLM…CLSID} = “Java Plug-in 1.5.0_05” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll” [“Sun Microsystems, Inc.”] Miscellaneous IE Hijack Points ------------------------------ HKLM\Software\Microsoft\Internet Explorer\Version = (invalid data) The Internet Explorer version cannot be found! C:\WINDOWS\INF\IERESET.INF (used to “Reset Web Settings”) The contents of IERESET.INF cannot be reliably checked! Added lines (compared with English-language version): [strings]: START_PAGE_URL=“http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ” [strings]: MS_START_PAGE_URL=“http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ” Missing lines (compared with English-language version): [strings]: 2 lines ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 32 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 23 seconds. ---------- (total run time: 85 seconds)
Bieniol
(Bbieniol)
10 Wrzesień 2006 20:54
#2
Logi są czyste
Odpal checkdiska, czyli:
Start --> uruchom --> cmd i wpisz: chkdsk c: /f /r