błędy instalacji

**Posty:** 369 · przez **Mati92** 19 Sty 2007, 16:36

witam mm taki problem bo gdy próbuje zainstalować jakis program to albo staje w połowie albo jakiś błąd tak mam teraz np z NERO instaluje i na 50% zatrymuje się i dlatego daje loga

Logfile of HijackThis v1.99.1
Scan saved at 15:26:19, on 2007-01-19
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\PROGRAMY\AVAST\aswUpdSv.exe
D:\PROGRAMY\AVAST\ashServ.exe
C:\WINDOWS\System32\nvraidservice.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
D:\PROGRAMY\AVAST\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
D:\PROGRAMY\AutoConnect\AutoConnect.exe
D:\PROGRAMY\AVAST\ashMaiSv.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
D:\PROGRAMY\AVAST\ashWebSv.exe
D:\PROGRAMY\OPERA\Opera.exe
C:\WINDOWS\system32\wuauclt.exe
D:\PROGRAMY\Stefan\Stefan.exe
D:\PROGRAMY\Winamp\winamp.exe
C:\DOCUME~1\Chrypek\USTAWI~1\Temp\Rar$EX00.656\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\PROGRAMY\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRAMY\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {E7E9F57E-2947-40B1-9BBF-0896D19C092F} - C:\DOCUME~1\Chrypek\USTAWI~1\Temp\~DP6.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [avast!] D:\PROGRAMY\AVAST\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AutoConnect] D:\PROGRAMY\AutoConnect\AutoConnect.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download all links using BitComet - res://D:\PROGRAMY\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://D:\PROGRAMY\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://D:\PROGRAMY\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3370C877-CA04-474F-9498-C28A9410F520}: NameServer = 194.204.152.34 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{3370C877-CA04-474F-9498-C28A9410F520}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\PROGRAMY\AVAST\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\PROGRAMY\AVAST\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\PROGRAMY\AVAST\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\PROGRAMY\AVAST\ashWebSv.exe" /service (file missing)

**Posty:** 1134 · przez **MISTEJK** 19 Sty 2007, 16:41

Wyłącz przywracanie systemu i wejdź w tryb awaryjny.
Najpierw usuwasz wpisy w Hijackthis, następnie pogrubione pliki ręcznie z dysku:

O2 - BHO: (no name) - {E7E9F57E-2947-40B1-9BBF-0896D19C092F} - C:\DOCUME~1\Chrypek\USTAWI~1\Temp\~DP6.dll

Użyj WWDC :
http://www.firewallleaktester.com/wwdc.htm
Zmień opcje z disable na enable. Uruchom ponownie komputer.
Tak powinny wyglądać porty (NetBIOS może być żółty) :
http://www.firewallleaktester.com/images_site/wwdc.jpg

Wklej nowe logi z Hijackthis + Silent Runners

**Posty:** 369 · przez **Mati92** 19 Sty 2007, 19:57

Wyłącz przywracanie systemu

Jak to się wyłancza??

i mam jeszcze pytanko jeśli jest jeden wpis to dlaczego piszesz że

Najpierw usuwasz wpisy w Hijackthis, następnie pogrubione pliki ręcznie z dysku

jak jest tylko jeden wpis z pogrubionym to chyba jasne że trzeba usunąć tylko ręcznie ten wpis ale ja się nie znam i prosze nie brać tego zazłe.

PS: Jestem teraz nie w domu i nie mam jak zamieścić logi po operacji a gdy wróce dzisiaj do domu może się uda zamiścić. W mojej miejscowości jest bardzo zła pogoda i nie mam prądu ale obiecuje że jak tylko dostane prąd to zapodam logi. Więc za opóźnienia prosze się nie wsciekać.
pozdro

**Posty:** 1850 · przez **Tomaszu** 19 Sty 2007, 20:00

Mati92 napisał(a):Jak to się wyłancza??

1) Prawoklik na Moj Komputer, z menu kontekstowego wybierz Wlasciwosci
2) Przejdź na zakladke Przywracanie systemu
3) I zaznacz tam pozycje:
Wylacz Przywracane systemu na wszystkich dyskach
4) Kliknij Zastosuj
5) Uruchom ponownie komputer

**Posty:** 369 · przez **Mati92** 19 Sty 2007, 21:53

oto log z hijacka:

Logfile of HijackThis v1.99.1
Scan saved at 20:43:57, on 2007-01-19
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\PROGRAMY\AVAST\aswUpdSv.exe
C:\WINDOWS\System32\nvraidservice.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
D:\PROGRAMY\AVAST\ashServ.exe
D:\PROGRAMY\AVAST\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
D:\PROGRAMY\AutoConnect\AutoConnect.exe
D:\PROGRAMY\Gadu-Gadu\gg.exe
D:\PROGRAMY\Alcohol 120\StarWind\StarWindService.exe
D:\PROGRAMY\AVAST\ashMaiSv.exe
D:\PROGRAMY\AVAST\ashWebSv.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
D:\PROGRAMY\OPERA\Opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Chrypek\USTAWI~1\Temp\Rar$EX00.484\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\PROGRAMY\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRAMY\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {E7E9F57E-2947-40B1-9BBF-0896D19C092F} - C:\DOCUME~1\Chrypek\USTAWI~1\Temp\~DP6.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [avast!] D:\PROGRAMY\AVAST\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AutoConnect] D:\PROGRAMY\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\PROGRAMY\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download all links using BitComet - res://D:\PROGRAMY\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://D:\PROGRAMY\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://D:\PROGRAMY\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3370C877-CA04-474F-9498-C28A9410F520}: NameServer = 194.204.152.34 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{3370C877-CA04-474F-9498-C28A9410F520}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\PROGRAMY\AVAST\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\PROGRAMY\AVAST\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\PROGRAMY\AVAST\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\PROGRAMY\AVAST\ashWebSv.exe" /service (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\PROGRAMY\Alcohol 120\StarWind\StarWindService.exe

a to z silenta:

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"AutoConnect" = "D:\PROGRAMY\AutoConnect\AutoConnect.exe" ["http://autoconnect.prv.pl"]
"Gadu-Gadu" = ""D:\PROGRAMY\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NVRaidService" = "C:\WINDOWS\System32\nvraidservice.exe" ["NVIDIA Corporation"]
"AtiPTA" = "atiptaxx.exe" ["ATI Technologies, Inc."]
"SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
"avast!" = "D:\PROGRAMY\AVAST\ashDisp.exe" [null data]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"
-> {HKLM...CLSID} = "BitComet Helper"
\InProcServer32\(Default) = "D:\PROGRAMY\BitComet\tools\BitCometBHO.dll" ["BitComet"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\PROGRAMY\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{E7E9F57E-2947-40B1-9BBF-0896D19C092F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\DOCUME~1\Chrypek\USTAWI~1\Temp\~DP6.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\PROGRAMY\AVAST\ashShell.dll" ["ALWIL Software"]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\PROGRAMY\AVAST\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\PROGRAMY\AVAST\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Chrypek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]

Startup items in "Chrypek" & "All Users" startup folders:
---------------------------------------------------------

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 16
%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06

Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\(Default) = "Volet Wanadoo"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]

HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\(Default) = "ToolBand Class"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]

HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\(Default) = "Volet Wanadoo"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]

Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)
-> {HKLM...CLSID} = "Search Class"
\InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
avast! Antivirus, avast! Antivirus, ""D:\PROGRAMY\AVAST\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""D:\PROGRAMY\AVAST\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""D:\PROGRAMY\AVAST\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""D:\PROGRAMY\AVAST\ashWebSv.exe" /service" ["ALWIL Software"]
StarWind iSCSI Service, StarWindService, "D:\PROGRAMY\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]

----------
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 33 seconds, including 1 second for message boxes)

**Posty:** 1134 · przez **MISTEJK** 19 Sty 2007, 22:28

Pobierz i uruchom narzędzie : The Avenger
Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz:

Files to delete:

C:\DOCUME~1\Chrypek\USTAWI~1\Temp\~DP6.dll

Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK.
Po restarcie w HijackThis usuwasz wpis/wpisy:

O2 - BHO: (no name) - {E7E9F57E-2947-40B1-9BBF-0896D19C092F} - C:\DOCUME~1\Chrypek\USTAWI~1\Temp\~DP6.dll

Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt + log z HijackThis + log z Silent Runners.

błędy instalacji

błędy instalacji

Kto jest na forum