Same wyłączanie się programów

**biały 18** · 31.Jan.2008 18:37

witam.
ma problem gdyz moj komp od ostatnich dni strasznie wolno chodzi zawiesza sie itp. itd. .przeskanowalem go kasperskim avastem nodem 32 spyware terminatorem ad awarem i wieloma innymi podobnymi ale nic ciekawego nie znalyzly a to co bylo to wyleczylem albo usunalem. Na dodatek ostatnio rozne programy same mi sie wylaczaja a w szczegolnosci gry.mam tu log z hjt i mam nadzieje ze to cos da

jesli jakies inne sugestie prosze o szybka odpowiedz

Logfile of HijackThis v1.99.1
Scan saved at 18:15:16, on 2008-01-31
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Documents and Settings\x\Pulpit\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {998D6A04-CDE1-4245-BA9C-9A7B64E8AE92} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZRYYYYYYYYPL
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.04\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Ň×Č¤ąşÎď - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra 'Tools' menuitem: Ň×Č¤ąşÎď - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

**Filon by A-men** · 31.Jan.2008 19:31

Odinstaluj BearShare i przeskanuj kompa programem SpyBot Search & Destroy.
BearShare to jedno wielkie G.

**biały 18** · 31.Jan.2008 19:40

juz go dawno odinstalowalem i wywalilem wszystko za pomoca spy bota

ale to juz dawno temu temu a problem narodzil sie 3 dni temu

**Filon by A-men** · 31.Jan.2008 20:37

Ale wpisy odwołujące się do składników BS pozostały, poza tym wyłącz na chwilę Skype skasuj plik SkypePM.exe (powinien być w którymś z podkatalogów katalogu głównego Skype) i po restarcie użyj tego - http://cybertrash.pl/images/tata/Smi...tFraudFix.html zalecam użycie w trybie awaryjnym.

Pozbądź się też odkurzacza, u jednego z moich klientów usunął kilkanaście systemowych DLL-ek.

To też wygląda podejrzanie:

O9 - Extra button: Ň×Č¤ąşÎď - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra 'Tools' menuitem: Ň×Č¤ąşÎď - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)

**lee99** · 31.Jan.2008 20:54

http://forum.skype.com/lofiversion/i...hp/t68533.html

to odnośnie procesu SkypePM.exe

EDIT:

http://www.gmer.net/index.php?lang=pl

ciekawy darmowy program polecam "rzucić okiem" hehe

**Filon by A-men** · 31.Jan.2008 21:04

Mniej więcej, po użyciu fixa, użyj komendu defrag c: -b (xp pro), wyłącz prefetching (w rejestrze wszystkie klucze EnablePrefetcher powinny mieć wartość = 0) i po restarcie skasuj zawartość katalogu c:\windows\prefetch.

Zainstaluj najnowszego DirectX-a - odkurzacz lubi wycinać jego pliki.

**lee99** · 31.Jan.2008 21:06

A ja tak z innej beczki polecam jeszcze ten program

http://www.silentrunners.org/

Jest to skrypt który sprawdza wpisy w systemie oraz więcej danych niż HijackThis

PS- jest już od dawna wersja HijackThis 2.0.2

EDIT:

po co tak od razu wszystko instalować niech sprawdzi czy jest oka wszystko czy nie

czyli na pasek Start -> uruchom -> dxdiag

**Filon by A-men** · 31.Jan.2008 21:22

Jak chcesz, część DLL-ek system sobie przywróci ale ...
na stare wersje

**biały 18** · 31.Jan.2008 21:32

oki ale te wszystkie aplikacje odnosnie skypea to bez kitu potrzebne

skype chyba az tyle zamieszania nie robi bo mam go od dawna i bylo wszystko git zaraz dorzuca loga z silent runners i tak apropo zfiksowac te 2 logi co podkresliles

**Filon by A-men** · 31.Jan.2008 21:42

SkypePM jest Tobie zupełnie niepotrzebny, a wiem z autopsji ile potrafi krwi napsuć.

Tak sfiksuj, i tak piki są błędne/uszkodzone/nieistniejące (file missing).

**biały 18** · 31.Jan.2008 21:47

direct x juz mam wrzucam loga z silent runners

"Silent Runners.vbs", revision 55, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]
"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]
"PCSuiteTrayApplication" = "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray" ["Nokia"]
"DataLayer" = "C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" ["Nokia Mobile Phones Ltd."]
"Sony Ericsson PC Suite" = ""C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions" [null data]
"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Unbind"
-> {HKLM...CLSID} = "Microsoft Office Binder Unbind"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\1045\UNBIND.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{40950107-FEA6-4d53-A65F-B2DCBA57DD58}" = "Nokia Phone Browser"
-> {HKLM...CLSID} = "Nokia Phone Browser"
\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
"{FBFE7864-D495-41f0-B7DC-4BB601CC295E}" = "Contact View"
-> {HKLM...CLSID} = "Contact View"
\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\ContactView.dll" ["Nokia"]
"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}" = "Message View"
-> {HKLM...CLSID} = "Message View"
\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{03DAACC5-10BA-4E3E-9D54-2A569F6B4B87}" = "Sony Ericsson File Manager"
-> {HKLM...CLSID} = "Sony Ericsson File Manager"
\InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile2\File Manager\FM.dll" ["Popwire AB"]
"{738D66C6-0149-4D40-84E4-A7BB2D0CE949}" = "Sony Ericsson File Manager"
-> {HKLM...CLSID} = "Sony Ericsson File Manager"
\InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile2\File Manager\FM.dll" ["Popwire AB"]
"{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension"
-> {HKLM...CLSID} = "TuneUp Theme Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\uxtuneup.dll" ["TuneUp Software GmbH"]
"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension"
-> {HKCU...CLSID} = "TuneUp Shredder Shell Context Menu Extension"
\InProcServer32\(Default) = ""C:\Program Files\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandler s\
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMen uHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHa ndlers\
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawien ia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]

Startup items in "x" & "All Users" startup folders:
---------------------------------------------------

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"BlueSoleil" -> shortcut to: "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" ["IVT Corporation"]
"HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
"Picture Package Menu" -> shortcut to: "C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe" ["Sony Corporation"]
"Picture Package VCD Maker" -> shortcut to: "C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe -h" ["Sony Corporation."]

Enabled Scheduled Tasks:
------------------------

"1-Click Maintenance" -> launches: "C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 28
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 27
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.5.0_10"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_10"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll" ["Sun Microsystems, Inc."]

{DE60714F-AC17-427E-861A-FD60CBDF119A}\
"ButtonText" = "Ň×Č¤ąşÎď"
"MenuText" = "Ň×Č¤ąşÎď"
"Exec" = "http://click2.ad4all.net/url2/urlmanage/url.asp?id=1" [file not found]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Miscellaneous IE Hijack Points
------------------------------

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
<<H>> "TuneUp" = "file://C|/Documents and Settings/All Users/Dane aplikacji/TuneUp Software/Common/base.css" [file not found]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

BlueSoleil Hid Service, BlueSoleil Hid Service, "C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe" [null data]
NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
StarWind iSCSI Service, StarWindService, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]
TuneUp Design Expansion, UxTuneUp, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]}
TuneUp WinStyler Theme Service, TUWinStylerThemeSvc, ""C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe"" ["TuneUp Software GmbH"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monito rs\
LIDIL Language Monitor\Driver = "hpzll3xu.dll" ["Hewlett-Packard Company"]

---------- (launch time: 2008-01-31 21:39:21)
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 79 seconds, including 9 seconds for message boxes)

a co z tamtymi logami usunac

**Filon by A-men** · 31.Jan.2008 22:02

Logi możesz spokojnie usuwać.

**biały 18** · 31.Jan.2008 22:04

aaaa i jeszce jedno mam loga ze smitfrauda:

SmitFraudFix v2.277

Scan done at 22:02:35,06, 2008-01-31
Run from C:\Documents and Settings\x\Pulpit\THE BEST OF BARTEK\SmitfraudFix
OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»&# 187;»»»»»»»&#18 7;»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

»»»»»»»»&# 187;»»»»»»»&#18 7;»»»»»»» hosts

hosts file corrupted !

127.0.0.1 legal-at-spybot.info
127.0.0.1 www.legal-at-spybot.info

»»»»»»»»&# 187;»»»»»»»&#18 7;»»»»»»» C:\

»»»»»»»»&# 187;»»»»»»»&#18 7;»»»»»»» C:\WINDOWS

»»»»»»»»&# 187;»»»»»»»&#18 7;»»»»»»» C:\WINDOWS\system

»»»»»»»»&# 187;»»»»»»»&#18 7;»»»»»»» C:\WINDOWS\Web

»»»»»»»»&# 187;»»»»»»»&#18 7;»»»»»»» C:\WINDOWS\system32

»»»»»»»»&# 187;»»»»»»»&#18 7;»»»»»»» C:\Documents and Settings\x

»»»»»»»»&# 187;»»»»»»»&#18 7;»»»»»»» C:\Documents and Settings\x\Application Data

»»»»»»»»&# 187;»»»»»»»&#18 7;»»»»»»» Start Menu

»»»»»»»»&# 187;»»»»»»»&#18 7;»»»»»»» C:\DOCUME~1\x\Ulubione

»»»»»»»»&# 187;»»»»»»»&#18 7;»»»»»»» Desktop

»»»»»»»»&# 187;»»»»»»»&#18 7;»»»»»»» C:\Program Files

C:\Program Files\secure32.html FOUND !

»»»»»»»»&# 187;»»»»»»»&#18 7;»»»»»»» Corrupted keys

»»»»»»»»&# 187;»»»»»»»&#18 7;»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Moja bieľĄca strona g�˘wna"

»»»»»»»»&# 187;»»»»»»»&#18 7;»»»»»»» IEDFix

!Attention, following keys are not inevitably infected

!

IEDFix.exe by S!Ri

»»»»»»»»&# 187;»»»»»»»&#18 7;»»»»»»» Sharedtaskscheduler

!Attention, following keys are not inevitably infected

!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»&# 187;»»»»»»»&#18 7;»»»»»»» AppInit_DLLs

!Attention, following keys are not inevitably infected

!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

»»»»»»»»&# 187;»»»»»»»&#18 7;»»»»»»» Winlogon.System

!Attention, following keys are not inevitably infected

!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»&# 187;»»»»»»»&#18 7;»»»»»»» Rustock

»»»»»»»»&# 187;»»»»»»»&#18 7;»»»»»»» DNS

Description: NVIDIA nForce Networking Controller - Sterownik miniport Harmonogramu pakietów
DNS Server Search Order: 79.175.192.2
DNS Server Search Order: 79.175.192.3

Description: NVIDIA nForce Networking Controller - Sterownik miniport Harmonogramu pakietów
DNS Server Search Order: 192.168.254.190
DNS Server Search Order: 217.97.214.3

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2B6E6D1B-EF09-4416-8429-977D8938792E}: DhcpNameServer=79.175.192.2 79.175.192.3
HKLM\SYSTEM\CCS\Services\Tcpip\..\{EF878E71-8E03-45CD-9A11-9345AB2232C1}: DhcpNameServer=192.168.254.190 217.97.214.3
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2B6E6D1B-EF09-4416-8429-977D8938792E}: DhcpNameServer=79.175.192.2 79.175.192.3
HKLM\SYSTEM\CS1\Services\Tcpip\..\{EF878E71-8E03-45CD-9A11-9345AB2232C1}: DhcpNameServer=192.168.254.190 217.97.214.3
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2B6E6D1B-EF09-4416-8429-977D8938792E}: DhcpNameServer=79.175.192.2 79.175.192.3
HKLM\SYSTEM\CS3\Services\Tcpip\..\{EF878E71-8E03-45CD-9A11-9345AB2232C1}: DhcpNameServer=192.168.254.190 217.97.214.3
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=79.175.192.2 79.175.192.3
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=79.175.192.2 79.175.192.3
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=79.175.192.2 79.175.192.3

»»»»»»»»&# 187;»»»»»»»&#18 7;»»»»»»» Scanning for wininet.dll infection

»»»»»»»»&# 187;»»»»»»»&#18 7;»»»»»»» End

prosze o przetlumaczenie mi tego loga bo nie wiem co ja mam z nim zrobic bo ztego co sie doczytalem to mam zainfekowane pliki

a wiec co tam z tymi logami bo te z hjt co mi powiedziales to juz zfixowalem co dalej

**Filon by A-men** · 01.Feb.2008 10:15

»»»»»»»»&# 187;»»»»»»»&#18 7;»»»»»»» C:\Program Files

C:\Program Files\secure32.html FOUND !

»»»»»»»»&# 187;»»»»»»»&#18 7;»»»»»»» Corrupted keys

»»»»»»»»&# 187;»»»»»»»&#18 7;»»»»»»» IEDFix
!Attention, following keys are not inevitably infected!

IEDFix.exe by S!Ri

»»»»»»»»&# 187;»»»»»»»&#18 7;»»»»»»» Sharedtaskscheduler
!Attention, following keys are not inevitably infected!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»&# 187;»»»»»»»&#18 7;»»»»»»» AppInit_DLLs
!Attention, following keys are not inevitably infected!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

»»»»»»»»&# 187;»»»»»»»&#18 7;»»»»»»» Winlogon.System
!Attention, following keys are not inevitably infected!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

Te klucze trzeba zafiksować, secure32.html to jest ewidentnie trojan vide - TUTAJ

**biały 18** · 01.Feb.2008 20:36

zafiksowalem te klucze i nic wywalilem tego trojana i nic wlaczam gre i sama mi sie wylaczyla ale juz ja przeszedlem wiec zdeinstalowalem i jak narazie nic ale czy to moze byc jeszce jakas inna przyczyna

**Filon by A-men** · 01.Feb.2008 20:42

Masz chłopie samozaparcie, ja już dawno skopiowałbym dane i ustawienia, a system postawił na nowo dla spokojności sumienia.

**biały 18** · 03.Feb.2008 15:03

no fajnie ze bede system stawial na nowo jak mi nawet firewall nie dziala to jezszce mam reinstalowac system musi byc inne wyjscie

moze jakies inne sugestie

**Filon by A-men** · 03.Feb.2008 16:04

Szkoda nafty, Twój zapał jest budujący jednak od dawien dawna wiadome jest, że świeżo postawiony (prawidłowo) system pracuje stabilniej/wydajniej niż taki, w którym nawet Firewall nie działa.
Jeśli się obawiasz to do czasu zainstalowania antywirusa odłącz kabel sieciowy - wirusy wbrew powszechnej opinii nie są wiatropylne i w większości wypadków potrzebują do zainfekowania działającego (niezabezpieczonego) połączenia internetowego lub zarażonego nośnika włożonego przed instalacją ochrony AV.

**biały 18** · 03.Feb.2008 22:00

nono ale nie ma to jak miec piracki system i jeszcze nie miec do niego plyty instalacyjnej

ale tak serio to moglbys mi jeszce w tej sprawie cos poradzic

**Filon by A-men** · 03.Feb.2008 23:05

Oczywiście - format c: po skopiowaniu ustawień i ważnych danych, na pirata nic nie poradzę - najlepsze rozwiązania kupić oryginał, a jak niet kasy to Linux.

**biały 18** · 04.Feb.2008 22:23

musi byc inne wyjscie

nigdy format walka do konca

a tak pozatym to dzieki za pomoc i moglbys mi jeszce pomoc z nagrywaniem gier na ps2 bo zamieszczone tu artykuly nie daja mi odpowiedzi na moje "problemy"(bez skojarzen prosze

)

**Filon by A-men** · 05.Feb.2008 11:08

moglbys mi jeszce pomoc z nagrywaniem gier na ps2

Sorry, tym w ogóle się nie interesuję.

Walka do końca być Ok, pod warunkiem, że są szanse na wygraną.

**biały 18** · 05.Feb.2008 19:31

aha to dzieki za pomoc narazie

Temat: Same wyłączanie się programów

LinkBack

Narzędzia wątku

Przeszukaj temat

Typ wyświetlania

Same wyłączanie się programów

Informacje o wątku

Users Browsing this Thread

Podobne wątki

Problem Z Instalacja Kopiowanych Programow

Tagi dla tego tematu

Uprawnienia