co mam robic?

IP: *.pro.lama.net.pl 07.12.05, 21:56
gdy wlaczam komp zatrzymuje mi sie na ekranie"trwa uruchamianie systemu
windows' i sie nie uruchamia :(
    • Gość: k Re: co mam robic? IP: *.warszawa.sdi.tpnet.pl 07.12.05, 22:09
      a co sie dzieje w trybie awaryjnym?
      • Gość: p Re: co mam robic? IP: *.pro.lama.net.pl 07.12.05, 22:17
        a tego nie sprawdzalam...sprawdze i napisze
      • Gość: p Re: co mam robic? IP: *.pro.lama.net.pl 07.12.05, 22:32
        w trybie awaryjnym sie wlacza,ale antywirus,arcavir,nie chce dzialac...i nie
        wiem co mam robic w tym trybie awaryjnym...:(
        • Gość: k Re: co mam robic? IP: *.warszawa.sdi.tpnet.pl 07.12.05, 22:38
          Sciagnij i uzyj hijackthis, a log wklej na forum to zobaczymy co tam jest
          napsute.
          Sprobuj tez przeskanowac tym:
          www.free-av.com/
          download.ewido.net/ewido-setup.exe <- zrob update przed skanowaniem, po
          przeskanowaniu odinstaluj.
          • Gość: p Re: co mam robic? IP: *.pro.lama.net.pl 07.12.05, 23:49
            Logfile of HijackThis v1.99.1
            Scan saved at 23:48:36, on 2005-12-07
            Platform: Windows XP (WinNT 5.01.2600)
            MSIE: Internet Explorer v6.00 (6.00.2600.0000)

            Running processes:
            D:\WINDOWS\System32\smss.exe
            D:\WINDOWS\system32\winlogon.exe
            D:\WINDOWS\system32\services.exe
            D:\WINDOWS\system32\lsass.exe
            D:\WINDOWS\system32\svchost.exe
            D:\WINDOWS\System32\svchost.exe
            D:\WINDOWS\system32\spoolsv.exe
            D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation\avpcc.exe
            D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation\avpm.exe
            D:\WINDOWS\System32\svchost.exe
            D:\WINDOWS\Mixer.exe
            D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
            D:\Program Files\Winamp\winampa.exe
            D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation\avpcc.exe
            D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
            D:\Program Files\WebRebates4\webrebates.exe
            D:\WINDOWS\System32\ctfmon.exe
            D:\Program Files\Messenger\msmsgs.exe
            C:\Program Files\Gadu-Gadu\gg.exe
            D:\WINDOWS\System32\aksha.exe
            D:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
            D:\Program Files\Sony Corporation\Picture Package\Picture Package
            Applications\Residence.exe
            C:\Program Files\Gadu-Gadu\gg.exe
            D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
            D:\Program Files\WebRebates4\w11150.exe
            D:\Program Files\Internet Explorer\IEXPLORE.EXE
            D:\WINDOWS\explorer.exe
            D:\Program Files\Internet Explorer\IEXPLORE.EXE
            D:\WINDOWS\System32\wuauclt.exe
            D:\Program Files\WinRAR\WinRAR.exe
            C:\Program Files\Gadu-Gadu\gg.exe
            D:\Program Files\WinRAR\WinRAR.exe
            D:\DOCUME~1\paulina\USTAWI~1\Temp\Rar$EX00.734\HijackThis.exe

            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
            195.95.218.172/index.php
            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
            www.onet.pl/
            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
            195.95.218.172/index.php
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
            D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
            O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - D:\PROGRA~1
            \SEARCH~1\SEARCH~2.DLL (file missing)
            O2 - BHO: Peer2Mail Toolbar Helper - {4FB971C4-99FB-480d-BA3F-55B8263010FB} -
            D:\Program Files\Peer2Mail Toolbar\v2.0.0.0\Peer2Mail_Toolbar.dll
            O2 - BHO: CInterfaceObj Object - {58F07DD3-924D-4141-BC74-299F523A95F1} -
            D:\WINDOWS\pxwma.dll
            O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
            d:\program files\google\googletoolbar3.dll
            O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-
            90002030B8EE} - D:\PROGRA~1\FlashFXP\IEFlash.dll
            O3 - Toolbar: Peer2Mail Toolbar - {43F2A7F9-06F6-48a5-B0DC-8530BF29CE66} -
            D:\Program Files\Peer2Mail Toolbar\v2.0.0.0\Peer2Mail_Toolbar.dll
            O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program
            files\google\googletoolbar3.dll
            O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
            D:\WINDOWS\System32\msdxm.ocx
            O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
            O4 - HKLM\..\Run: [Windows Update] D:\WINDOWS\System32\hvidufd.exe
            O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Program Files\Hewlett-
            Packard\HP Share-to-Web\hpgs2wnd.exe
            O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
            O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
            O4 - HKLM\..\Run: [salm] d:\temp\salm.exe
            O4 - HKLM\..\Run: [AVPCC] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus
            for Workstation\avpcc.exe" /wait
            O4 - HKLM\..\Run: [Media Access] D:\Program Files\Media Access\MediaAccK.exe
            O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04
            \bin\jusched.exe
            O4 - HKLM\..\Run: [SysMemory manager] d:\windows\system32\mdms.exe
            O4 - HKLM\..\Run: [PayTime] D:\WINDOWS\System32\paytime.exe
            O4 - HKLM\..\Run: [xidoj] D:\WINDOWS\xidoj.exe
            O4 - HKLM\..\Run: [d818fok9] D:\WINDOWS\System32\d818fok9.exe
            O4 - HKLM\..\Run: [webrebates] "D:\Program Files\WebRebates4\webrebates.exe"
            O4 - HKLM\..\Run: [Windows Security Service] aksha.exe
            O4 - HKLM\..\RunServices: [Windows Security Service] aksha.exe
            O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
            O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
            O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
            O4 - HKCU\..\Run: [Shell] "D:\Program Files\Common Files\Microsoft Shared\Web
            Folders\ibm00001.exe"
            O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
            O4 - HKCU\..\Run: [PayTime] D:\WINDOWS\System32\paytime.exe
            O4 - HKCU\..\Run: [SNInstall] D:\WINDOWS\tool2.exe
            O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
            O4 - HKCU\..\Run: [Windows Security Service] aksha.exe
            O4 - HKCU\..\RunServices: [Windows Security Service] aksha.exe
            O4 - Startup: Skrót do gg.lnk = C:\Program Files\Gadu-Gadu\gg.exe
            O4 - Global Startup: Media Card Companion Monitor.lnk = D:\Program
            Files\ArcSoft\Media Card Companion\MCC Monitor.exe
            O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft
            Office\Office\OSA9.EXE
            O4 - Global Startup: Picture Package Menu.lnk = ?
            O4 - Global Startup: Picture Package VCD Maker.lnk = ?
            O8 - Extra context menu item: &Google Search - res://d:\program
            files\google\GoogleToolbar3.dll/cmsearch.html
            O8 - Extra context menu item: &Translate English Word - res://d:\program
            files\google\GoogleToolbar3.dll/cmwordtrans.html
            O8 - Extra context menu item: Backward Links - res://d:\program
            files\google\GoogleToolbar3.dll/cmbacklinks.html
            O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program
            files\google\GoogleToolbar3.dll/cmcache.html
            O8 - Extra context menu item: Similar Pages - res://d:\program
            files\google\GoogleToolbar3.dll/cmsimilar.html
            O8 - Extra context menu item: Translate Page into English - res://d:\program
            files\google\GoogleToolbar3.dll/cmtrans.html
            O8 - Extra context menu item: Web Rebates. - file://D:\Program Files\WebRebates4
            \websrebates\webtrebates\toprC0.htm
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
            D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
            00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
            O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
            D:\WINDOWS\web\related.htm
            O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
            00aa003c157a} - D:\WINDOWS\web\related.htm
            O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-
            its:mhtml:file://c:\nosuxxx.mht!http://www.kazaalite.pl/stats/xaw.chm::/bridge-
            c18.cab
            O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
            static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c18.cab
            O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) -
            www.bph.pl/pi/components/SignActivX.cab
            O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) -
            bok.plusgsm.pl/rnt/rnl/java/RntX.cab
            O23 - Service: ArcaScan - ArcaBit - C:\Program Files\ArcaVir\Bin\ArcaScan.exe
            O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - D:\Program
            Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation\avpcc.exe" /service
            (file missing)
            O23 - Servic
            • Gość: k Re: co mam robic? IP: *.warszawa.sdi.tpnet.pl 08.12.05, 09:52
              no tak piracki system bez aktualizacji i tona syfu do tego uzywasz IE, moje
              gratulacje...

              Odinstaluj wszystkie antyvirusy i zostaw tylko jeden!
              Zmien przegladarke na Opere.
              Zamknij porty tym:
              www.firewallleaktester.com/tools/wwdc.exe
              Zakoncz procesy:
              D:\Program Files\WebRebates4\webrebates.exe
              D:\WINDOWS\System32\aksha.exe
              D:\Program Files\WebRebates4\w11150.exe

              W hijackthis usun:
              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
              195.95.218.172/index.php
              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
              195.95.218.172/index.php
              O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - D:\PROGRA~1
              \SEARCH~1\SEARCH~2.DLL (file missing)
              O2 - BHO: CInterfaceObj Object - {58F07DD3-924D-4141-BC74-299F523A95F1} -
              D:\WINDOWS\pxwma.dll <- usun plik
              O4 - HKLM\..\Run: [Windows Update] D:\WINDOWS\System32\hvidufd.exe <- usun plik
              O4 - HKLM\..\Run: [salm] d:\temp\salm.exe <- usun katalog temp
              O4 - HKLM\..\Run: [Media Access] D:\Program Files\Media Access\MediaAccK.exe <-
              odinstaluj i usun katalog Media Access
              O4 - HKLM\..\Run: [SysMemory manager] d:\windows\system32\mdms.exe <- opis
              usuwania tutaj:
              www.searchengines.pl/phpbb203/index.php?
              showtopic=12510&pid=188758&mode=threaded&show=&st=30&#entry188758

              O4 - HKLM\..\Run: [PayTime] D:\WINDOWS\System32\paytime.exe <- usun plik
              O4 - HKLM\..\Run: [xidoj] D:\WINDOWS\xidoj.exe <- usun plik
              O4 - HKLM\..\Run: [d818fok9] D:\WINDOWS\System32\d818fok9.exe <- usun plik
              O4 - HKLM\..\Run: [webrebates] "D:\Program Files\WebRebates4\webrebates.exe" <-
              odinstaluj i usun katalog WebRebates4
              O4 - HKLM\..\Run: [Windows Security Service] aksha.exe <- usun plik
              O4 - HKLM\..\RunServices: [Windows Security Service] aksha.exe
              O4 - HKCU\..\Run: [Shell] "D:\Program Files\Common Files\Microsoft Shared\Web
              Folders\ibm00001.exe" <- usun plik
              O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe <- usun plik
              O4 - HKCU\..\Run: [PayTime] D:\WINDOWS\System32\paytime.exe
              O4 - HKCU\..\Run: [SNInstall] D:\WINDOWS\tool2.exe <- usun plik
              O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe <-
              odinstaluj i usun katalog SpySheriff
              O4 - HKCU\..\Run: [Windows Security Service] aksha.exe
              O4 - HKCU\..\RunServices: [Windows Security Service] aksha.exe
              O8 - Extra context menu item: Web Rebates. - file://D:\Program Files\WebRebates4
              \websrebates\webtrebates\toprC0.htm
              O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-
              its:mhtml:file://c:\nosuxxx.mht!http://www.kazaalite.pl/stats/xaw.chm::/bridge-
              c18.cab
              O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
              static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c18.cab

              Naprawa tapety:
              www.searchengines.pl/phpbb203/index.php?showtopic=31936

              I skan ewido:
              download.ewido.net/ewido-setup.exe <- zrob update przed skanowaniem, po
              przeskanowaniu odinstaluj.

              Po wszystkim wklej nowy log.
Pełna wersja