Witajcie! Mam bardzo duzo smiecia na kompie, ale juz wole nie robic nic na wlasna reke. Wiem ze jest tam vt100, ale kij z nim, juz sie do niego przyzwyczailem…prosilbym tylko, zeby jakos doprowadzic tego kompa do uzywalnosci, bo pisze tego posta resztka sil po pol godzinnych mekach z przegladarkach
oto logi:
silent:
"Silent Runners.vbs", revision 46, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "D:\WINDOWS\System32\ctfmon.exe" [file not found]
"Atss" = ""D:\DOCUME~1\PAWE~1\MOJEDO~1\ECURIT~1\chkntfs.exe" -vt yazr" [null data]
"kkqw" = "D:\PROGRA~1\COMMON~1\kkqw\kkqwm.exe" [empty string]
"Evipxm" = "D:\Program Files\Common Files\W*nSxS\w*nword.exe" (unwritable string) [null data]
"Microsoft DNT Service" = "c:\windows\system32\msdntsrv.exe" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"VT100 Emulator" = "D:\WINDOWS\System32\VT100.EXE" [null data]
"Windows Network Firewall" = "D:\WINDOWS\System32\firewall.exe" [file not found]
"NvCplDaemon" = "RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS]
"Microsoft DNT Service" = "c:\windows\system32\msdntsrv.exe" [MS]
"WinDLL (csmss.exe)" = "rundll32.exe D:\WINDOWS\System32\csmss.exe,start" [MS]
"defender" = "c:\\dfndrc_2.exe" ["."]
"keyboard" = "c:\\kybrdc_2.exe" ["."]
"newname" = "c:\\nwnmb_2.exe" ["mudes"]
"utasvc" = "rundll32.exe D:\WINDOWS\System32\utasvc.dll,start" [MS]
"Microsoft (R) Windows Update Manager Tool" = "D:\WINDOWS\update\updmangr.exe" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\WINDOWS\System32\mllii.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "D:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "D:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "D:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "D:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "D:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{28FB393A-2A9B-4B70-BC8E-8133F4EB2D69}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\WINDOWS\system32\myutb.dll" [file not found]
"{4D2E3E6F-2C79-4D46-B6DE-03DA2036AAD1}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\WINDOWS\system32\apl.dll" [file not found]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "c:\Program Files\WinRAR\rarext.dll" [null data]
"{7B0CF7F8-897A-41BB-A9F9-464CB1C81A45}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\WINDOWS\system32\whnsta.dll" [file not found]
"{4D6C8563-B154-4969-87AB-C8A470141BB8}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\WINDOWS\system32\dfdskmgr.dll" [file not found]
"{D4CA4B08-FE72-44A5-A104-987C1C28F978}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\WINDOWS\system32\mkjint40.dll" [null data]
"{294F9489-5226-4D51-A296-AAF4F3D41567}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\WINDOWS\system32\mvtvgs.dll" [null data]
"{6DFE875C-68D0-4CA2-98B7-4A2ACA409856}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\WINDOWS\system32\dsmasf.dll" [null data]
"{4808758C-4AAE-482C-A84B-0029AD46F7E2}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\WINDOWS\system32\ufrvpa.dll" [null data]
"{A984F9B5-E0CC-49C7-90EF-E1801C09B2B9}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\WINDOWS\system32\mucsubs.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}" = "*\" (unwritable string)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\WINDOWS\System32\mllii.dll" [null data]
HKLM\System\CurrentControlSet\Control\Session Manager\
INFECTION WARNING! "BootExecute" = "autocheck autochk * aswBoot.exe /M:456c33ed" [file not found], [MS], [file not found], [file not found], [file not found]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! App Management\DLLName = "D:\WINDOWS\system32\fp2403fqe.dll" [null data]
INFECTION WARNING! mllii\DLLName = "mllii.dll" [null data]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "c:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "c:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "c:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "D:\Documents and Settings\Paweł\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
All Non-Disabled Services (Display Name, Service Name, Path {Service DLL}):
---------------------------------------------------------------------------
Command Service, cmdService, "D:\WINDOWS\eHh4dnZ2\command.exe" [null data]
Karta wydajności WMI, WmiApSrv, "D:\WINDOWS\System32\wbem\wmiapsrv.exe" [MS]
NVIDIA Display Driver Service, NVSvc, "D:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Usługa administracyjna Menedżera dysków logicznych, dmadmin, "D:\WINDOWS\System32\dmadmin.exe /com" ["Microsoft Corp., Veritas Software"]
Windows Update Manager Tool, UpdateManagerTool, "D:\WINDOWS\update\updmangr.exe /updatemgr" [null data]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 60 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 32 seconds.
---------- (total run time: 345 seconds)
a to hijack:
Logfile of HijackThis v1.99.1
Scan saved at 22:53:19, on 2006-06-29
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Documents and Settings\Paweł\Pulpit\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - D:\WINDOWS\System32\mllii.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [VT100 Emulator] D:\WINDOWS\System32\VT100.EXE
O4 - HKLM\..\Run: [Windows Network Firewall] D:\WINDOWS\System32\firewall.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Microsoft DNT Service] c:\windows\system32\msdntsrv.exe
O4 - HKLM\..\Run: [WinDLL (csmss.exe)] rundll32.exe D:\WINDOWS\System32\csmss.exe,start
O4 - HKLM\..\Run: [defender] c:\\dfndrc_2.exe
O4 - HKLM\..\Run: [keyboard] c:\\kybrdc_2.exe
O4 - HKLM\..\Run: [newname] c:\\nwnmb_2.exe
O4 - HKLM\..\Run: [utasvc] rundll32.exe D:\WINDOWS\System32\utasvc.dll,start
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Manager Tool] D:\WINDOWS\update\updmangr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Atss] "D:\DOCUME~1\PAWE~1\MOJEDO~1\ECURIT~1\chkntfs.exe" -vt yazr
O4 - HKCU\..\Run: [kkqw] D:\PROGRA~1\COMMON~1\kkqw\kkqwm.exe
O4 - HKCU\..\Run: [Evipxm] D:\Program Files\Common Files\W?nSxS\w?nword.exe
O4 - HKCU\..\Run: [Microsoft DNT Service] c:\windows\system32\msdntsrv.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4BDBDF5-3C92-40D9-8926-27509C687941}: NameServer = 217.30.129.149,217.30.137.200
O20 - Winlogon Notify: App Management - D:\WINDOWS\system32\fp2403fqe.dll
O20 - Winlogon Notify: mllii - D:\WINDOWS\SYSTEM32\mllii.dll
O23 - Service: Command Service (cmdService) - Unknown owner - D:\WINDOWS\eHh4dnZ2\command.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Windows Update Manager Tool (UpdateManagerTool) - Unknown owner - D:\WINDOWS\update\updmangr.exe
Z góry dziekuje za pomoc, chociaz wiem ze sytuacja jest beznadziejna
pozdrawiam!
P.S. Dodam jeszcze, ze niemam jak zrobic formata(zepsuty cdrom), a poza tym i tak to by chyba nie wiele dalo, biorac pod uwage ze obydwa moje dyski sa zarazone, ale ja sie tam nie znam…