system wariuje??

INSTALKI.pl - programy, gry, sterowniki

Tematyka związana z produktami firmy Microsoft.
Wyślij odpowiedź
 
hermaan
  • hermaan
  • Posty: 6
  • Dołączenie: 17 Sie 2005, 23:22
  • Miejscowość: wielkopolska

system wariuje??

05 Wrz 2006, 20:02

Witam!
Cos sie dziwnego ostatnio stało z moim systemem(win XP pro).
gdy go zamykam wyskakuje mi okno ze explorer.exe nie odpowiada, ale go zamyka. Gdy go uruchamiam czasami b.długo ładuje sie system ale to nie jest reguła bo jak mu odwali to załaduje sie błyskawicznie..Gdy podłącze cos przez usb np pen drive'a nie moge go odłączyc poprzez bezpieczne usuwanie sprzetu bo komunikuje ze jest uzywany.
Kots moze mi podpowiedzieć co z tym zrobic??
Z góry dzieki
Acha i jeszcze jedno pytanie w innym kompie gdy wchodze w jakis z dysków automatycznie otwiera sie na wyszukiwanie a nie pokazuje zawartosci..jak to przestawic??

Jeszcze raz z góry Dzieki!
 
niunka
  • niunka
  • Posty: 2410
  • Dołączenie: 08 Maj 2005, 15:21
  • Miejscowość: Kempten

05 Wrz 2006, 20:04

Wklej logo z HijackThis
 
hermaan
  • hermaan
  • Posty: 6
  • Dołączenie: 17 Sie 2005, 23:22
  • Miejscowość: wielkopolska

05 Wrz 2006, 21:02

oto i on
Logfile of HijackThis v1.99.1
Scan saved at 20:58:58, on 2006-09-05
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesMKSBinNetMonSV.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:Program FilesMKSBinmksmonsv.exe
C:WINDOWSSystem32snmp.exe
C:Program FilesMKSBinABregmon.exe
C:Program FilesMKSBinmks_menu.exe
C:Program FilesMKSBinmks_scan.exe
C:WINDOWSsystem32ctfmon.exe
C:Documents and SettingsjaPulpitHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {BB5A0D08-9B59-EFAB-B206-601D89A7FE01} - init32.dll (file missing)
O1 - Hosts: localhost 127.0.0.1
O1 - Hosts: 80.190.241.30 home.edonkey.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_06inssv.dll
O4 - HKLM..Run: [ABREGMON] C:Program FilesMKSBinABregmon.exe
O4 - HKLM..Run: [MKS_MENU] C:Program FilesMKSBinmks_menu.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 - Extra context menu item: Pobierz z &BitSpirit - C:Program FilesBitSpiritsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06inssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06inssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O17 - HKLMSystemCCSServicesTcpip..{222DAFB5-EC80-4D47-884B-6A63B65C897E}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLMSystemCS1ServicesTcpip..{222DAFB5-EC80-4D47-884B-6A63B65C897E}: NameServer = 69.50.176.158,85.255.112.8
O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - C:Program FilesMKSBinNetMonSV.exe
O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:Program FilesMKSinMkSUpdateInt.exe
O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:Program FilesMKSBinmksmonsv.exe
O23 - Service: MkS_Scan - Unknown owner - C:Program FilesMKSBinmks_scan.exe
 
pp3088
  • pp3088
  • Posty: 999
  • Dołączenie: 11 Sie 2006, 23:59
  • Miejscowość: Szczecin

05 Wrz 2006, 22:46

Witam. Log wygląda na sprawnego, oprócz tego
R3 - URLSearchHook: (no name) - {BB5A0D08-9B59-EFAB-B206-601D89A7FE01} - init32.dll (file missing)

Zdixuj i usuń plik init32.dll w trybie awaryjnym - F8 podczas starty systemu.

2. Zrób loga z Silent Runners. Ściągasz go na kompa, uruchamiasz i dajesz no i czekasz na komunikat done. Wklejasz zawartośc na forum :)

http://www.silentrunners.org/Silent%20Runners.vbs

3.Ściągnij to i zrób scan

http://www.instalki.pl/programy/downloa ... yware.html

4.Wklej logi z Hijacka i Silenta ;P
 
hermaan
  • hermaan
  • Posty: 6
  • Dołączenie: 17 Sie 2005, 23:22
  • Miejscowość: wielkopolska

06 Wrz 2006, 21:14

ewido nic konkretnego nie znalazlo(pare ciasteczek w mozilli)
a oto logi
Logfile of HijackThis v1.99.1
Scan saved at 21:09:09, on 2006-09-06
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesMKSBinNetMonSV.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:Program FilesMKSBinmksmonsv.exe
C:WINDOWSSystem32snmp.exe
C:Program FilesMKSBinmks_scan.exe
C:WINDOWSExplorer.EXE
C:Program FilesMKSBinABregmon.exe
C:Program FilesMKSBinmks_menu.exe
C:WINDOWSsystem32ctfmon.exe
C:ewido anti-spyware 4.0guard.exe
C:ewido anti-spyware 4.0ewido.exe
C:Documents and SettingsjaPulpitHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O1 - Hosts: localhost 127.0.0.1
O1 - Hosts: 80.190.241.30 home.edonkey.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_06inssv.dll
O4 - HKLM..Run: [ABREGMON] C:Program FilesMKSBinABregmon.exe
O4 - HKLM..Run: [MKS_MENU] C:Program FilesMKSBinmks_menu.exe
O4 - HKLM..Run: [!ewido] "C:ewido anti-spyware 4.0ewido.exe" /minimized
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 - Extra context menu item: Pobierz z &BitSpirit - C:Program FilesBitSpiritsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06inssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06inssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O17 - HKLMSystemCCSServicesTcpip..{222DAFB5-EC80-4D47-884B-6A63B65C897E}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLMSystemCS1ServicesTcpip..{222DAFB5-EC80-4D47-884B-6A63B65C897E}: NameServer = 69.50.176.158,85.255.112.8
O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - C:Program FilesMKSBinNetMonSV.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:ewido anti-spyware 4.0guard.exe
O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:Program FilesMKSinMkSUpdateInt.exe
O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:Program FilesMKSBinmksmonsv.exe
O23 - Service: MkS_Scan - Unknown owner - C:Program FilesMKSBinmks_scan.exe

i z silent runners

"Silent Runners.vbs", revision 47, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun {++}
"ctfmon.exe" = "C:WINDOWSsystem32ctfmon.exe" [MS]

HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun {++}
"ABREGMON" = "C:Program FilesMKSBinABregmon.exe" ["ArcaBit"]
"MKS_MENU" = "C:Program FilesMKSBinmks_menu.exe" ["MKS Sp. z o.o."]
"!ewido" = ""C:ewido anti-spyware 4.0ewido.exe" /minimized" ["Anti-Malware Development a.s."]

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
InProcServer32(Default) = "C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
InProcServer32(Default) = "C:Program FilesJavajre1.5.0_06inssv.dll" ["Sun Microsystems, Inc."]

HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
InProcServer32(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
InProcServer32(Default) = "C:WINDOWSSystem32hticons.dll" ["Hilgraeve, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
InProcServer32(Default) = "C:Program FilesMicrosoft OfficeOffice10OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:Program FilesMicrosoft OfficeOffice10msohev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRAR arext.dll" [null data]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
InProcServer32(Default) = "C:WINDOWSsystem32rowseui.dll" [MS]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
InProcServer32(Default) = "C:WINDOWSsystem32Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
InProcServer32(Default) = "C:WINDOWSsystem32Audiodev.dll" [MS]

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
InProcServer32(Default) = "C:ewido anti-spyware 4.0shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon
INFECTION WARNING! "System" = "cspuu.exe" [file not found]

HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify
INFECTION WARNING! AtiExtEventDLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLMSoftwareClasses*shellexContextMenuHandlers
ewido anti-spyware(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
InProcServer32(Default) = "C:ewido anti-spyware 4.0context.dll" ["Anti-Malware Development a.s."]
MkS_Vir(Default) = "{CC4245C0-D511-11D0-8918-444553540000}"
-> {HKLM...CLSID} = "MkS_Vir Shell Extension"
InProcServer32(Default) = "C:Program FilesMKSBinMkSShell.dll" [null data]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRAR arext.dll" [null data]

HKLMSoftwareClassesDirectoryshellexContextMenuHandlers
ewido anti-spyware(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
InProcServer32(Default) = "C:ewido anti-spyware 4.0context.dll" ["Anti-Malware Development a.s."]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRAR arext.dll" [null data]

HKLMSoftwareClassesFoldershellexContextMenuHandlers
MkS_Vir(Default) = "{CC4245C0-D511-11D0-8918-444553540000}"
-> {HKLM...CLSID} = "MkS_Vir Shell Extension"
InProcServer32(Default) = "C:Program FilesMKSBinMkSShell.dll" [null data]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRAR arext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState

HKCUControl PanelDesktop
"Wallpaper" = "C:Documents and SettingsjaUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCUControl PanelDesktop
"SCRNSAVE.EXE" = "C:WINDOWSSystem32logon.scr" [MS]


Enabled Scheduled Tasks:
------------------------

"mks_vir - Zadanie 0" -> WARNING -- The file "mks_vir - Zadanie 0.job" is corrupt! (no executable)
"Spybot - Search & Destroy - Scheduled Task" -> launches: "C:Program FilesSpybot - Search & DestroySpybotSD.exe /AUTOCHECK" ["Safer Networking Limited"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Entries {++}
000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]
000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]

Transport Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Entries {++}
0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%system32 svpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLMSoftwareMicrosoftInternet ExplorerExtensions
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
InProcServer32(Default) = "C:Program FilesJavajre1.5.0_06inssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
InProcServer32(Default) = "C:Program FilesJavajre1.5.0_06in
pjpi150_06.dll" ["Sun Microsystems, Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:Program FilesMessengermsmsgs.exe" [MS]


HOSTS file
----------

C:WINDOWSSystem32driversetcHOSTS

maps: 2 domain names to IP addresses,
2 of the IP addresses are *not* localhost!


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

ArcaBit NetMonitor, ABNetMon, "C:Program FilesMKSBinNetMonSV.exe" ["ArcaBit sp. z o.o."]
ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:ewido anti-spyware 4.0guard.exe" ["Anti-Malware Development a.s."]
Machine Debug Manager, MDM, ""C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe"" [MS]
MkS_Scan, MkS_Scan, "C:Program FilesMKSBinmks_scan.exe" [empty string]
MkS_Vir Monitor, MksVirMonSvc, "C:Program FilesMKSBinmksmonsv.exe" [empty string]
Windows User Mode Driver Framework, UMWdf, "C:WINDOWSsystem32wdfmgr.exe" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 59 seconds, including 18 seconds for message boxes)
 
LucaS
  • LucaS
  • Posty: 2820
  • Dołączenie: 11 Maj 2006, 21:45

06 Wrz 2006, 21:24

wklej w tagach

[code][/code]
 
pp3088
  • pp3088
  • Posty: 999
  • Dołączenie: 11 Sie 2006, 23:59
  • Miejscowość: Szczecin

06 Wrz 2006, 21:26

HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon
INFECTION WARNING! "System" = "cspuu.exe" [file not found]


Startujesz do awaryjnego start>>uruchom>>msconfig>>zakładka boot.ini>> zanacz safebot>>restart komputera

Wyszukujesz plik cspuu.exe i go usuwasz.

Wyszkujesz plik : mks_vir - Zadanie 0.job i usuwasz.

[a href="Ściągnij to"]http://www.searchengines.pl/phpbb203/pliki/picasso/downloads/killtrusted.zip[/a]

Ściagnij to i powiedz jakie masz tu pliki po lewej. Narazie nic nie usuwaj!!!

http://www.cexx.org/lspfix.htm

Pozdrawiam
Wyślij odpowiedź
Switch to full style

Powered by phpBB © phpBB Group.

phpBB Mobile / SEO by Artodia.

Strona główna