Prosze o sprawdzenie loga dzieki

30.05.06, 15:09
Logfile of HijackThis v1.99.1
Scan saved at 15:05:02, on 2006-05-30
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dcomcfg.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat
4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Anti Trojan Elite\TJEnder.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin\Pulpit\hijackthis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} -
C:\WINDOWS\system32\hp100.tmp
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"
-lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program
Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program
Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat
4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program
Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpywareQuake.com] C:\Program
Files\SpywareQuake.com\Spyware-Quake.exe /h
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan
Elite\TJEnder.exe :NO
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash
/minimized
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Wyslij SMS'a - {215940F1-E7E0-4801-BEE3-44D045534106} -
C:\Program Files\Common Files\moje.js
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
- acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{4816D503-DD17-48AA-80AF-45A0F1F6E943}:
NameServer = 194.204.152.34,194.204.159.1
O17 -
HKLM\System\CS1\Services\Tcpip\..\{4816D503-DD17-48AA-80AF-45A0F1F6E943}:
NameServer = 194.204.152.34,194.204.159.1
O17 -
HKLM\System\CS2\Services\Tcpip\..\{4816D503-DD17-48AA-80AF-45A0F1F6E943}:
NameServer = 194.204.152.34,194.204.159.1
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common
Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common
Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner -
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    • grzechuuu2 Re: Prosze o sprawdzenie loga dzieki 30.05.06, 15:14
      W pasku w prawym rogu miga ikonka wirus aletr i wyskakuje komunikat ze komputer
      zainfekowany...probowalem skanowac on-line i znajdywal jakies trojany ale nie
      moge ich usunac dzieki i prosze o spr. powyzszego loga dzieki
    • wiewia1 Re: Prosze o sprawdzenie loga dzieki 30.05.06, 15:20
      O4 - HKLM\..\Run: [SpywareQuake.com] C:\Program
      Files\SpywareQuake.com\Spyware-Quake.exe /h

      Ponieważ masz ten wpis dam ci link do gotowego usuwania tego syfu. forum.twojastrefapc.pl/index.php?showtopic=214. Przejdz do SpywareQuake i koniecznie użyj narzedzia SmitFraudFix. Utowrzy ono log plik .txt wklej go na forum po usuwaniu
      • grzechuuu2 Re: Prosze o sprawdzenie loga dzieki 30.05.06, 15:40
        Zrobilem wszystko prosze o kontrolne sprawdzenie

        Logfile of HijackThis v1.99.1
        Scan saved at 15:39:14, on 2006-05-30
        Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\dcomcfg.exe
        C:\Program Files\D-Tools\daemon.exe
        C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
        C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat
        4.0\webapps\Toolbox\StatusClient\StatusClient.exe
        C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Tlen.pl\tlen.exe
        C:\Program Files\Skype\Phone\Skype.exe
        C:\Program Files\eMule\emule.exe
        C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
        C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
        C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\Documents and Settings\Admin\Pulpit\hijackthis\hijackthis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
        C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
        Files\Java\jre1.5.0_06\bin\ssv.dll
        O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} -
        C:\WINDOWS\system32\hp100.tmp
        O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"
        -lang 1033
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
        -atboottime
        O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [StatusClient] C:\Program
        Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat
        4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
        O4 - HKLM\..\Run: [TomcatStartup] C:\Program
        Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
        Files\Java\jre1.5.0_06\bin\jusched.exe
        O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
        O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan
        Elite\TJEnder.exe :NO
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
        O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash
        /minimized
        O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
        Office\Office\OSA9.EXE
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
        C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console -
        {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
        Files\Java\jre1.5.0_06\bin\ssv.dll
        O9 - Extra button: Wyslij SMS'a - {215940F1-E7E0-4801-BEE3-44D045534106} -
        C:\Program Files\Common Files\moje.js
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
        C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger -
        {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
        O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
        acs.pandasoftware.com/activescan/as5free/asinst.cab
        O17 - HKLM\System\CCS\Services\Tcpip\..\{4816D503-DD17-48AA-80AF-45A0F1F6E943}:
        NameServer = 194.204.152.34,194.204.159.1
        O17 - HKLM\System\CS1\Services\Tcpip\..\{4816D503-DD17-48AA-80AF-45A0F1F6E943}:
        NameServer = 194.204.152.34,194.204.159.1
        O17 - HKLM\System\CS2\Services\Tcpip\..\{4816D503-DD17-48AA-80AF-45A0F1F6E943}:
        NameServer = 194.204.152.34,194.204.159.1
        O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
        O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common
        Files\Adobe Systems Shared\Service\Adobelmsvc.exe
        O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common
        Files\Autodesk Shared\Service\AdskScSrv.exe
        O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner -
        C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

        • wiewia1 Re: Prosze o sprawdzenie loga dzieki 30.05.06, 15:47
          O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} -
          C:\WINDOWS\system32\hp100.tmp
          no dalej siedzi czy uzyłes narżedzia o którym ci pisałem . Miałeś dać log od niego z kasowania. Narzedzie trzeba użyć najlepiej w trybie awaryjnym.
          Przydał by sie też log z silent runners forum.twojastrefapc.pl/index.php?showtopic=61. Wklej go również na forum razem z logiem SmitFraudFix
          • grzechuuu2 Re: Prosze o sprawdzenie loga dzieki 30.05.06, 16:00
            ten log jest z kasowania
            SmitFraudFix v2.51

            Scan done at 15:56:11,02, 2006-05-30
            Run from C:\Documents and Settings\Admin\Pulpit\SmitfraudFix\SmitfraudFix
            OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT
            Fix ran in normal mode

            »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
            !!!Attention, following keys are not inevitably infected!!!

            SrchSTS.exe by S!Ri
            Search SharedTaskScheduler's .dll

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
            "{0c7416f0-dd23-420f-97f5-aae352ea2bf1}"="glochid"

            [HKEY_CLASSES_ROOT\CLSID\{0c7416f0-dd23-420f-97f5-aae352ea2bf1}\InProcServer32]
            @="C:\WINDOWS\system32\wfkduei.dll"

            [HKEY_CURRENT_USER\Software\Classes\CLSID\{0c7416f0-dd23-420f-97f5-aae352ea2bf1}\InProcServer32]
            @="C:\WINDOWS\system32\wfkduei.dll"


            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
            "{e5b1e382-817e-4b74-8a96-ec78751e6acf}"="incatenate"

            [HKEY_CLASSES_ROOT\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
            @="C:\WINDOWS\system32\imfdfcj.dll"

            [HKEY_CURRENT_USER\Software\Classes\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
            @="C:\WINDOWS\system32\imfdfcj.dll"


            »»»»»»»»»»»»»»»»»»»»»»»» Killing process


            »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

            Problem while deleting C:\WINDOWS\system32\dcomcfg.exe
            Problem while deleting C:\WINDOWS\system32\hp???.tmp
            Problem while deleting C:\WINDOWS\system32\hp????.tmp
            Problem while deleting C:\WINDOWS\system32\ld????.tmp
            C:\WINDOWS\system32\ot.ico Deleted
            Problem while deleting C:\WINDOWS\system32\regperf.exe
            C:\WINDOWS\system32\simpole.tlb Deleted
            Problem while deleting C:\WINDOWS\system32\stdole3.tlb
            C:\WINDOWS\system32\ts.ico Deleted
            Problem while deleting C:\WINDOWS\system32\1024
            C:\DOCUME~1\Admin\Pulpit\SpywareQuake.com.lnk Deleted
            C:\DOCUME~1\Admin\Ulubione\Antivirus Test Online.url Deleted
            C:\DOCUME~1\Admin\MENUST~1\SpywareQuake.com 2.1.lnk Deleted
            C:\DOCUME~1\Admin\MENUST~1\Programy\SpywareQuake.com Deleted
            C:\Program Files\MalwareWipe\ Deleted
            C:\Program Files\PestTrap\ Deleted
            C:\Program Files\SpywareQuake.com\ Deleted

            »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

            GenericRenosFix by S!Ri

            C:\WINDOWS\system32\wfkduei.dll -> Missing File

            C:\WINDOWS\system32\imfdfcj.dll -> Hoax.Win32.Renos.gen
            C:\WINDOWS\system32\imfdfcj.dll -> Deleted


            »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


            »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

            Registry Cleaning done.

            »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
            !!!Attention, following keys are not inevitably infected!!!

            SrchSTS.exe by S!Ri
            Search SharedTaskScheduler's .dll


            »»»»»»»»»»»»»»»»»»»»»»»» Reboot

            C:\WINDOWS\system32\dcomcfg.exe Deleted
            C:\WINDOWS\system32\hp???.tmp Deleted
            C:\WINDOWS\system32\ld????.tmp Deleted
            C:\WINDOWS\system32\stdole3.tlb Deleted

            »»»»»»»»»»»»»»»»»»»»»»»» End

          • grzechuuu2 Re: Prosze o sprawdzenie loga dzieki 30.05.06, 16:09
            A tu log z silen runners

            "Silent Runners.vbs", revision 45, www.silentrunners.org/
            Operating System: Windows XP SP2
            Output limited to non-default values, except where indicated by "{++}"


            Startup items buried in registry:
            ---------------------------------

            HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
            "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
            "Komunikator" = "C:\Program Files\Tlen.pl\tlen.exe" [null data]
            "Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized"
            ["Skype Technologies S.A."]
            "eMuleAutoStart" = "C:\Program Files\eMule\emule.exe -AutoStart"
            ["www.emule-project.net"]

            HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
            "DAEMON Tools-1033" = ""C:\Program Files\D-Tools\daemon.exe" -lang 1033"
            ["DAEMON'S HOME"]
            "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple
            Computer, Inc."]
            "RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe""
            ["Cyberlink Corp."]
            "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
            "(Default)" = (empty string)
            "StatusClient" = "C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat
            4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto" ["Hewlett-Packard"]
            "TomcatStartup" = "C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe"
            ["Hewlett-Packard"]
            "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun
            Microsystems, Inc."]
            "KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS]
            "Anti Trojan Elite" = "C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO" [file
            not found]

            HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
            {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
            -> {HKLM...CLSID} = "AcroIEHlprObj Class"
            \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat
            6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
            {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
            -> {HKLM...CLSID} = "SSVHelper Class"
            \InProcServer32\(Default) = "C:\Program
            Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

            HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
            "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania
            wyświetlania"
            -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
            \InProcServer32\(Default) = "deskpan.dll" [file not found]
            "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
            -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
            \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll"
            ["Hilgraeve, Inc."]
            "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
            -> {HKLM...CLSID} = "Portable Media Devices"
            \InProcServer32\(Default) =
            "C:\WINDOWS\system32\Audiodev.dll" [MS]
            "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
            -> {HKLM...CLSID} = "Portable Media Devices Menu"
            \InProcServer32\(Default) =
            "C:\WINDOWS\system32\Audiodev.dll" [MS]
            "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
            -> {HKLM...CLSID} = "WinRAR"
            \InProcServer32\(Default) = "C:\Program
            Files\WinRAR\rarext.dll" [null data]
            "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
            -> {HKLM...CLSID} = "Shell Search Band"
            \InProcServer32\(Default) =
            "C:\WINDOWS\system32\browseui.dll" [MS]
            "{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Uniwersalne urządzenia Plug and Play"
            -> {HKLM...CLSID} = "Uniwersalne urządzenia Plug and Play"
            \InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]
            "{6DEA92E9-8682-4b6a-97DE-354772FE5727}" = "Autodesk DWF Preview"
            -> {HKLM...CLSID} = "ACDWFTHMBPRXY"
            \InProcServer32\(Default) = "C:\Program Files\Common
            Files\Autodesk Shared\AcDwfThmbPrxy16.dll" ["Autodesk"]

            HKLM\System\CurrentControlSet\Control\Session Manager\
            INFECTION WARNING! "BootExecute" = "autocheck autochk * stera aswBoot.exe
            /M:1b14e379c7" [file not found], [MS], [file not found], [file not found], [file
            not found], [file not found]

            HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
            INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [file not found]

            HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
            WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
            -> {HKLM...CLSID} = "WinRAR"
            \InProcServer32\(Default) = "C:\Program
            Files\WinRAR\rarext.dll" [null data]

            HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
            WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
            -> {HKLM...CLSID} = "WinRAR"
            \InProcServer32\(Default) = "C:\Program
            Files\WinRAR\rarext.dll" [null data]

            HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
            WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
            -> {HKLM...CLSID} = "WinRAR"
            \InProcServer32\(Default) = "C:\Program
            Files\WinRAR\rarext.dll" [null data]


            Active Desktop and Wallpaper:
            -----------------------------

            Active Desktop is disabled at this entry:
            HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


            Enabled Screen Saver:
            ---------------------

            HKCU\Control Panel\Desktop\
            "SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]
            • wiewia1 Re: Prosze o sprawdzenie loga dzieki 30.05.06, 21:46
              No log z silenta nie jest pełny muisisz poczekać aż skonczy pojawi się komunikat done. Ale Ok nie widać Syfu. Popraw tylko ten wpis

              HKLM\System\CurrentControlSet\Control\Session Manager\
              INFECTION WARNING! "BootExecute" = "autocheck autochk * stera aswBoot.exe
              /M:1b14e379c7" [file not found], [MS], [file not found], [file not found], [fil
              e not found], [file not found]

              Start >>> Uruchom >>> regedit i przejdz do klucza HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager . Tam kliknij dwa razy na wartość BootExecute i z okienka usunąć wszystko z wyjątkiem autocheck autochk *.

              W hijackthis wykasuj ten wpis o błędzie
              KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"

              Czy problem zniknął czy jest jeszcze coś??
    • grzechuuu2 Re: Prosze o sprawdzenie loga dzieki 30.05.06, 22:50
      Tego pliku BootExecute w kluczu nie mam nie wiem dlaczego a blad
      KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" usunalem!
      Narazie problem znikną takze wielkie dzieki za pomoc pozdrawiam
Pełna wersja