Zamiast XP robi mi się 98 i net też nie działa - LOG


(arlid) #1

Prosiłbym o sprawdzenie mojego loga. Założyłem temat, ale dostałem PW automatyczną, że został usunięty także zakładam ten temat. Moim problemem jest to że XP przeobraża się w 98. Oto zdjątka ikon:

3147a149939803c3.jpg

Gdy opróżniam kosz pojawia się zawsze na końcu takie coś:

3ab7318a9f5e16dd.jpg

A pozatym net czasami mi nie działa - pojawia się komunikat " Nie można wyświetlić strony".


(Joan Sunshine) #2

Ze swojej strony mogę powiedzieć że log jest czysty.

To zafiksuj kosmetycznie w HJT jeśli soft już usunąłeś:

Przeczyść rejestr – użyj do tego jv16 PowerTools 2006 1.5.2.344.

Pozatym przejrzyj Optymalizacja XP.

Wejdź: Start > uruchom > msconfig i w zakładce „Uruchamianie” odznacz, niepotrzebne według Ciebie, programy w autostarcie. :slight_smile:


(arlid) #3

Tego folderu tam nie ma :?: :?: To czemu był w logu :?: :?:

Programy powyłączałem, jeszce przeczyszcze rejestr i optymalizację. a co oznacza:

Mógłbyś bardziej te HJT rozwinąć prosiłbym.


(Joan Sunshine) #4

Mogę oczywiście :slight_smile:

Myślałam że folderu może nie być, ponieważ HJT pokazał, że nie ma pliku, do którego wpisy się odnoszą - to niepotrzebna pozostałość po prostu.

Co do wpisów - w HJT zaznaczasz te, które podałam, i klikasz na dole "Fix checked".


(arlid) #5

Zrobiłem to co miałem zrobić, ale dla pewności dam loga jeszce raz :


(Joan Sunshine) #6

Masz zainstalowane te programy? Log jest czysty, ale jeśli ich nie masz to zatrzymamy usługi i wywalimy. :slight_smile:


(arlid) #7

I tak dalej zmieniajż mi sie te ikonki :frowning: :frowning: :frowning:


(Bbieniol) #8

Wrzuć jeszcze log z Silent Runners


(arlid) #9


(Bbieniol) #10

Klikasz prawym przyciskiem myszy na ten link -> http://securityresponse.symantec.com/av ... okExec.inf -> zapisz element docelowy jako -> zapisujesz -> klikasz na niego prawym przyciskiem myszy -> instaluj :slight_smile:

Daj nowy log z Silenta


(arlid) #11
"Silent Runners.vbs", revision 49, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe" ["Sun Microsystems, Inc."]

"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]

"DAEMON Tools" = ""C:\Programy\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]

"kis" = ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"" ["Kaspersky Lab"]

"(Default)" = "(empty string)" [file not found]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "AcroIEHlprObj Class"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]

{CC59E0F9-7E43-44FA-9FAA-8377850BF205}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "FDMIECookiesBHO Class"

                   \InProcServer32\(Default) = "C:\Program Files\Free Download Manager\iefdmcks.dll" [null data]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

  -> {HKLM...CLSID} = "Portable Media Devices Menu"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

  -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "C:\Programy\Avast!\ashShell.dll" ["ALWIL Software"]

"{2F5AC606-70CF-461C-BFE1-734234536262}" = "WindowBlinds CPL Extension"

  -> {HKLM...CLSID} = "DisplayCplExt Class"

                   \InProcServer32\(Default) = "C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbui.dll" ["Stardock.Net, Inc"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{280CFDE1-1354-4431-92F3-03073BA593FB}" = "TotalConverter Context Menu Shell Extension"

  -> {HKLM...CLSID} = "TotalConverter Context Menu Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\JoyceAudioConverter\axTotalConverter.dll" [empty string]

"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension"

  -> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"

                   \InProcServer32\(Default) = ""C:\Programy\TuneUp Utilies 2006\sdshelex.dll"" ["TuneUp Software GmbH"]

"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Ochrona WWW"

  -> {HKLM...CLSID} = "Ochrona WWW"

                   \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll" ["Kaspersky Lab"]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\

<> "AppInit_DLLs" = "wbsys.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll" [file not found]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

<> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]

<> WBSrv\DLLName = "C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll" ["Stardock Corporation"]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

  -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "C:\Programy\Avast!\ashShell.dll" ["ALWIL Software"]

Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll" ["Kaspersky Lab"]

TotalConverter\(Default) = "{280CFDE1-1354-4431-92F3-03073BA593FB}"

  -> {HKLM...CLSID} = "TotalConverter Context Menu Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\JoyceAudioConverter\axTotalConverter.dll" [empty string]

TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"

  -> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"

                   \InProcServer32\(Default) = ""C:\Programy\TuneUp Utilies 2006\sdshelex.dll"" ["TuneUp Software GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"

  -> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"

                   \InProcServer32\(Default) = ""C:\Programy\TuneUp Utilies 2006\sdshelex.dll"" ["TuneUp Software GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

  -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "C:\Programy\Avast!\ashShell.dll" ["ALWIL Software"]

Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll" ["Kaspersky Lab"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



Default executables:

--------------------


HKCU\Software\Classes\batfile\


HKCU\Software\Classes\cmdfile\


<> HKLM\Software\Classes\scrfile\shell\open\command\(Default) = ""%1" %*" [file not found]



Group Policies {policy setting}:

--------------------------------


Note: detected settings may not have any effect.


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Devices: Allow undock without having to log on}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]



Enabled Scheduled Tasks:

------------------------


"1-Click Maintenance" -> launches: "C:\Programy\TuneUp Utilies 2006\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Explorer Bars


HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\


HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Ochrona WWW"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll" ["Kaspersky Lab"]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}"

  -> {HKCU...CLSID} = "Java Plug-in"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]

  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_07"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll" ["Sun Microsystems, Inc."]


{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\

"ButtonText" = "Ochrona WWW"


{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]



Miscellaneous IE Hijack Points

------------------------------


HKLM\Software\Microsoft\Internet Explorer\AboutURLs\

<> "TuneUp" = "file://C|/Documents and Settings/All Users/Dane aplikacji/TuneUp Software/Common/base.css" [file not found]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]

avast! Antivirus, avast! Antivirus, ""C:\Programy\Avast!\ashServ.exe"" [null data]

avast! iAVS4 Control Service, aswUpdSv, ""C:\Programy\Avast!\aswUpdSv.exe"" [null data]

avast! Mail Scanner, avast! Mail Scanner, ""C:\Programy\Avast!\ashMaiSv.exe" /service" ["ALWIL Software"]

avast! Web Scanner, avast! Web Scanner, ""C:\Programy\Avast!\ashWebSv.exe" /service" ["ALWIL Software"]

Kaspersky Internet Security 6.0, AVP, ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r" ["Kaspersky Lab"]

MySQL, MySQL, "c:\eZpublish\mysql\bin\mysqld-nt.exe MySQL" [null data]

PDFCreatorMessages, PDFCreatorMessages, "C:\WINDOWS\system32\PDFCreatorMessages.exe" ["Global Graphics Software Ltd."]

TuneUp WinStyler Theme Service, TUWinStylerThemeSvc, ""C:\Programy\TuneUp Utilies 2006\WinStylerThemeSvc.exe"" ["TuneUp Software GmbH"]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

Jaws PDF Creator Port\Driver = "C:\WINDOWS\system32\PDFCreator.DLL" ["Global Graphics Software Ltd."]



----------

<>: Suspicious data at a malware launch point.

<>: Suspicious data at a browser hijack point.


+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 229 seconds.

---------- (total run time: 338 seconds)

(Bbieniol) #12

Jest OK :slight_smile:


(arlid) #13

W logach tak a w ikonkach nie.. Czemu ja hehe. Macie może jeszcze jakieś pomysły??