adam9870
(adam9870)
28 Grudzień 2006 19:19
#2
Użyj narzędzia SmitFraudFix (opcja 2). Potem sprawdź co będzie z tego co wskazałem poniżej i usuń: (wszystko oczywiście robisz w trybie awaryjnym z wyłączonym przywracaniem systemu)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) F2 - REG:system.ini: UserInit=userinit.exe O4 - HKLM…\Run: [AutoSys] D:\WINDOWS\system32\autosys.exe O4 - HKCU…\Run: [ADS] C:\Windows\ADS.exe O4 - HKCU…\Run: [ttool] D:\WINDOWS\9129837.exe O4 - HKCU…\Run: [checkers] D:\WINDOWS\checkers5.exe O20 - AppInit_DLLs: iniwin32.dll
Pliki zaznaczone kasujesz ręcznie z dysku natomiast wpisy w HijackThis.
Po wykonaniu pokaż nowy log z hjt, SilentRunners oraz c:\rapport.txt
wiesio52
(Wiesio52)
28 Grudzień 2006 19:24
#3
Ściągnąłem ten program ,a le który plik mam uruchomić?
adam9870
(adam9870)
28 Grudzień 2006 19:27
#4
Masz uruchomić plik SmitFraudFix.cmd. W poście, do którego link podałem masz instrukcję - poczytaj.
Monczkin
(Monczkin)
28 Grudzień 2006 19:31
#5
wiesio52 proszę nazwać temat konkretnie.
wiesio52
(Wiesio52)
29 Grudzień 2006 18:15
#6
Proszę, daje loga z Silent Runners:
“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Komunikator” = “D:\programy\Tlen.pl\tlen.exe” [“o2.pl Sp. z o.o.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Cmaudio” = “RunDll32 cmicnfg.cpl,CMICtrlWnd” [MS] “NvCplDaemon” = “RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “avast!” = “D:\programy\ALWILS~1\Avast4\ashDisp.exe” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “D:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “D:\WINDOWS\system32\Audiodev.dll” [MS] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “D:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” -> {HKLM…CLSID} = “RealOne Player Context Menu Class” \InProcServer32(Default) = “D:\programy\Real Alternative\rpshell.dll” [“RealNetworks, Inc.”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “D:\WINDOWS\system32\NVCPL.DLL” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “D:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}” = “OpenOffice.org Column Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““D:\programy\OpenOffice.ux.pl 2.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{087B3AE3-E237-4467-B8DB-5A38AB959AC9}” = “OpenOffice.org Infotip Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““D:\programy\OpenOffice.ux.pl 2.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{63542C48-9552-494A-84F7-73AA6A7C99C1}” = “OpenOffice.org Property Sheet Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““D:\programy\OpenOffice.ux.pl 2.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{3B092F0C-7696-40E3-A80F-68D74DA84210}” = “OpenOffice.org Thumbnail Viewer” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““D:\programy\OpenOffice.ux.pl 2.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{FEB7DAE0-E111-11D0-BFD7-444553540000}” = “ICEOWS” -> {HKLM…CLSID} = “Folder Iceows” \InProcServer32(Default) = “D:\WINDOWS\system32\ShellExt\IceGUI.dll” [“Raphaël MOUNIER”] “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” = “UnlockerShellExtension” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “D:\programy\Unlocker\UnlockerCOM.dll” [null data] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “D:\programy\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> “{9EF34FF2-3396-4527-9D27-04C8C1C67806}” = “Microsoft AntiSpyware Service Hook” -> {HKLM…CLSID} = “Microsoft.AntiSpyware.ShellExecuteHook.1” \InProcServer32(Default) = “D:\programy\Microsoft AntiSpyware\shellextension.dll” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}(Default) = “OpenOffice.org Column Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““D:\programy\OpenOffice.ux.pl 2.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “D:\programy\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] ICEOWS(Default) = “{FEB7DAE0-E111-11D0-BFD7-444553540000}” -> {HKLM…CLSID} = “Folder Iceows” \InProcServer32(Default) = “D:\WINDOWS\system32\ShellExt\IceGUI.dll” [“Raphaël MOUNIER”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ICEOWS(Default) = “{FEB7DAE0-E111-11D0-BFD7-444553540000}” -> {HKLM…CLSID} = “Folder Iceows” \InProcServer32(Default) = “D:\WINDOWS\system32\ShellExt\IceGUI.dll” [“Raphaël MOUNIER”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “D:\programy\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] UnlockerShellExtension(Default) = “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “D:\programy\Unlocker\UnlockerCOM.dll” [null data] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ UnlockerShellExtension(Default) = “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “D:\programy\Unlocker\UnlockerCOM.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “D:\Documents and Settings\Łukasz\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Startup items in “Łukasz” & “All Users” startup folders: -------------------------------------------------------- D:\Documents and Settings\Łukasz\Menu Start\Programy\Autostart <> “HideBUS.exe” [null data] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 18 %SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}” -> {HKLM…CLSID} = “Java Plug-in 1.5.0_01” \InProcServer32(Default) = “D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll” [“Sun Microsystems, Inc.”] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “D:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Apache2, Apache2, ““D:\Program Files\Apache Group\Apache2\bin\Apache.exe” -k runservice” [“Apache Software Foundation”] avast! Antivirus, avast! Antivirus, ““D:\programy\Alwil Software\Avast4\ashServ.exe”” [null data] avast! iAVS4 Control Service, aswUpdSv, ““D:\programy\Alwil Software\Avast4\aswUpdSv.exe”” [null data] avast! Mail Scanner, avast! Mail Scanner, ““D:\programy\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““D:\programy\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] NVIDIA Display Driver Service, NVSvc, “D:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] Virtual CD v5 Security service, VC5SecS, ““D:\Program Files\HHVcdV5Sys\VC5SecS.exe”” [“H+H Software GmbH”] Windows User Mode Driver Framework, UMWdf, “D:\WINDOWS\system32\wdfmgr.exe” [MS] Keyboard Driver Filters: ------------------------ HKLM\System\CurrentControlSet\Control\Class{4D36E96B-E325-11CE-BFC1-08002BE10318}\ “UpperFilters” = <> “klengine” [null data] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzsnt09\Driver = “hpzsnt09.dll” [“HP”] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 192 seconds, including 9 seconds for message boxes)
A tu z Hijacka:
Logfile of HijackThis v1.99.1 Scan saved at 19:18:20, on 2006-12-29 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Apache Group\Apache2\bin\Apache.exe D:\programy\Alwil Software\Avast4\aswUpdSv.exe D:\programy\Alwil Software\Avast4\ashServ.exe D:\WINDOWS\system32\nvsvc32.exe D:\Program Files\HHVcdV5Sys\VC5SecS.exe D:\WINDOWS\system32\RunDll32.exe D:\programy\ALWILS~1\Avast4\ashDisp.exe D:\programy\Tlen.pl\tlen.exe D:\Program Files\Apache Group\Apache2\bin\Apache.exe D:\programy\Alwil Software\Avast4\ashMaiSv.exe D:\programy\Alwil Software\Avast4\ashWebSv.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\programy\xmplay33\xmplay.exe C:\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [avast!] D:\programy\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU…\Run: [Komunikator] D:\programy\Tlen.pl\tlen.exe O4 - Startup: HideBUS.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\programy\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Subskrybuj w domyślnym agregatorze - D:\Documents and Settings\Łukasz\Dane aplikacji\RssBandit\iecontext_subscribefeed.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip…{20EFFAE5-D60F-49F9-9993-7E6AD80BC358}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: Apache2 - Unknown owner - D:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\programy\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - D:\programy\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - D:\programy\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - D:\programy\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: PDEngine - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: Virtual CD v5 Security service (VC5SecS) - H+H Software GmbH - D:\Program Files\HHVcdV5Sys\VC5SecS.exe
Wykonałem wszystko to co napisałeś, niby wszystko było pięknie, aż tu nagle gram sobie w fife 07 i komputer sam się zrestartował. Sam już nie wiem co to, nie wiem czy dalej walczyć czy jednak zrobić formata
Bieniol
(Bbieniol)
29 Grudzień 2006 18:20
#7
W trybie awaryjnym z wyłączonym przywracaniem systemu usuwasz (wpisy Hijackiem, pliki/foldery na czerwono ręcznie z dysku):
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
Po zabiegach nowe logi
wiesio52
(Wiesio52)
29 Grudzień 2006 18:23
#8
A czy to może być przyczyna tego, że np. sam się zrestartował i laguje mi w niektórych grach? Bo wydaje mi się, że plik .html za wiele w komputerze nie zrobi… A swoją drogą ten plik już wyrzuciłem i go tam nie ma. :?
Bieniol
(Bbieniol)
29 Grudzień 2006 18:25
#9
Zrób to co napisałem wyżej, a następnie daj nowe logi
wiesio52
(Wiesio52)
29 Grudzień 2006 18:26
#10
No właśnie próbowałem już wczesniej, tak jak mi radził adam9870 , ale niestety te wpisy powróciły, nie wiem dlaczego.
Bieniol
(Bbieniol)
29 Grudzień 2006 18:29
#12
Uruchamiasz narzędzie KillBox , zaznaczasz Delete on reboot , w polu full path of file wklej ścieżkę:
c:\secure32.html
Klikasz X i restart kompa
Następnie usuwasz wpisy i wklejasz nowe logi
wiesio52
(Wiesio52)
29 Grudzień 2006 18:35
#13
Jak robię tak jak mi napisałeś, wyskakuje mi coś takiego:
adam9870
(adam9870)
29 Grudzień 2006 18:37
#14
Pliku może po prostu już nie ma ponieważ jeśli zastosowałeś SmitFraudFix jak radziłem to prawdopodobnie go usunął ponieważ już od dawna usuwa plik secure32.html.
Wklej nowe logi.
wiesio52
(Wiesio52)
29 Grudzień 2006 18:38
#15
Są u góry, nic innego nie robiłem
Bieniol
(Bbieniol)
29 Grudzień 2006 18:39
#16
Usuń te wpisy, które wskazałem i wygeneruj nowe logi
wiesio52
(Wiesio52)
29 Grudzień 2006 18:47
#19
“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Komunikator” = “D:\programy\Tlen.pl\tlen.exe” [“o2.pl Sp. z o.o.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Cmaudio” = “RunDll32 cmicnfg.cpl,CMICtrlWnd” [MS] “NvCplDaemon” = “RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “avast!” = “D:\programy\ALWILS~1\Avast4\ashDisp.exe” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “D:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “D:\WINDOWS\system32\Audiodev.dll” [MS] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “D:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” -> {HKLM…CLSID} = “RealOne Player Context Menu Class” \InProcServer32(Default) = “D:\programy\Real Alternative\rpshell.dll” [“RealNetworks, Inc.”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “D:\WINDOWS\system32\NVCPL.DLL” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “D:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}” = “OpenOffice.org Column Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““D:\programy\OpenOffice.ux.pl 2.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{087B3AE3-E237-4467-B8DB-5A38AB959AC9}” = “OpenOffice.org Infotip Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““D:\programy\OpenOffice.ux.pl 2.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{63542C48-9552-494A-84F7-73AA6A7C99C1}” = “OpenOffice.org Property Sheet Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““D:\programy\OpenOffice.ux.pl 2.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{3B092F0C-7696-40E3-A80F-68D74DA84210}” = “OpenOffice.org Thumbnail Viewer” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““D:\programy\OpenOffice.ux.pl 2.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{FEB7DAE0-E111-11D0-BFD7-444553540000}” = “ICEOWS” -> {HKLM…CLSID} = “Folder Iceows” \InProcServer32(Default) = “D:\WINDOWS\system32\ShellExt\IceGUI.dll” [“Raphaël MOUNIER”] “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” = “UnlockerShellExtension” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “D:\programy\Unlocker\UnlockerCOM.dll” [null data] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “D:\programy\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> “{9EF34FF2-3396-4527-9D27-04C8C1C67806}” = “Microsoft AntiSpyware Service Hook” -> {HKLM…CLSID} = “Microsoft.AntiSpyware.ShellExecuteHook.1” \InProcServer32(Default) = “D:\programy\Microsoft AntiSpyware\shellextension.dll” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}(Default) = “OpenOffice.org Column Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““D:\programy\OpenOffice.ux.pl 2.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “D:\programy\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] ICEOWS(Default) = “{FEB7DAE0-E111-11D0-BFD7-444553540000}” -> {HKLM…CLSID} = “Folder Iceows” \InProcServer32(Default) = “D:\WINDOWS\system32\ShellExt\IceGUI.dll” [“Raphaël MOUNIER”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ICEOWS(Default) = “{FEB7DAE0-E111-11D0-BFD7-444553540000}” -> {HKLM…CLSID} = “Folder Iceows” \InProcServer32(Default) = “D:\WINDOWS\system32\ShellExt\IceGUI.dll” [“Raphaël MOUNIER”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “D:\programy\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] UnlockerShellExtension(Default) = “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “D:\programy\Unlocker\UnlockerCOM.dll” [null data] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ UnlockerShellExtension(Default) = “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “D:\programy\Unlocker\UnlockerCOM.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “D:\Documents and Settings\Łukasz\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Startup items in “Łukasz” & “All Users” startup folders: -------------------------------------------------------- D:\Documents and Settings\Łukasz\Menu Start\Programy\Autostart <> “HideBUS.exe” [null data] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 18 %SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}” -> {HKLM…CLSID} = “Java Plug-in 1.5.0_01” \InProcServer32(Default) = “D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll” [“Sun Microsystems, Inc.”] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “D:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Apache2, Apache2, ““D:\Program Files\Apache Group\Apache2\bin\Apache.exe” -k runservice” [“Apache Software Foundation”] avast! Antivirus, avast! Antivirus, ““D:\programy\Alwil Software\Avast4\ashServ.exe”” [null data] avast! iAVS4 Control Service, aswUpdSv, ““D:\programy\Alwil Software\Avast4\aswUpdSv.exe”” [null data] avast! Mail Scanner, avast! Mail Scanner, ““D:\programy\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““D:\programy\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] NVIDIA Display Driver Service, NVSvc, “D:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] Virtual CD v5 Security service, VC5SecS, ““D:\Program Files\HHVcdV5Sys\VC5SecS.exe”” [“H+H Software GmbH”] Windows User Mode Driver Framework, UMWdf, “D:\WINDOWS\system32\wdfmgr.exe” [MS] Keyboard Driver Filters: ------------------------ HKLM\System\CurrentControlSet\Control\Class{4D36E96B-E325-11CE-BFC1-08002BE10318}\ “UpperFilters” = <> “klengine” [file not found] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzsnt09\Driver = “hpzsnt09.dll” [“HP”] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 112 seconds, including 6 seconds for message boxes)
I mam jeszcze pytanie, co mogło być przyczyną tego samoczynnego restartu?
adam9870
(adam9870)
29 Grudzień 2006 18:49
#20
Również czysto.
Możesz zajrzeć: Optymalizacja i odchudzanie Windowsa XP .
Reset mogło spowodować np. zawieszenie się. Jeśli jeszcze będą występować takie problemy to zrób BSOD’a.
http://forum.dobreprogramy.pl/viewtopic … 344#836344