mam problem przy włanczaniu

15.07.2010

21:12

[3]

ŁuQciu5253 [ Konsul ]

Kup sobie słownik to ci pomożemy

SysOp [ Generaďż˝ ]

"Włączam" noobie, zapamiętaj sobie chociaż to, bo już nie wspomnę o reszcie.

xardas441 [ Chor��y ]

ojeju co za problem ludzie

xardas441 [ Chor��y ]

tak jak w temacie mam problem przy uruchomieniu i tak uruchamiam kompa i wszystko jest ok aż do puki wpisuje hasło i nagle jest ten dzwienk uruchomienia i jakieś 2 sekundy potem dzwienk błędu i błąd wyświetla się po 10 sekunda od dzwienku i w tym blendzie pisze w nagłówku c:\progra~1\‹61996~1\setup.exe ze tego pliku nie wykrywa czy coś takiego pomocy ok poprawiłem pomożecie plizz

Rezor [ NIN ]

Prawdopodobnie masz przysłowiowego "syfa" na kompie.
Przeskanuj komputer antywirusem, a najlepiej jakims "antytrojanem".

Albo..
Sciągnij to:
odpal i nacisnij scan and save.
Po przeskanowaniu kopiujesz zawartosc notatnika i wklejasz tu na forum lub bezpośrednio na strone
Następnie dajesz "Analizuj", po chwili masz wynik: czerwony znaczek idzie do kasacji.

16.07.2010

17:17

[8]

xardas441 [ Chor��y ]

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - ‹18DF081C-E8AD-4283-A596-FA578C2EBDC3› - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEPluginBHO - ‹F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D› - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (file missing)
O3 - Toolbar: DAEMON Tools Toolbar - ‹32099AAC-C132-4136-9E9A-4E364A424E17› - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ChomikBox] "C:\Program Files\ChomikBox\ChomikBox.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu 10] "C:\Program Files\Gadu-Gadu 10\gg.exe"
O4 - HKCU\..\Run: [IPLA!] C:\Program Files\ipla\ipla.exe /autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [psysnew] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
O4 - HKCU\..\Run: [Tpp3] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\gpp3g.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - ‹e2e2dd38-d088-4134-82b7-f2ba38496583› - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - ‹e2e2dd38-d088-4134-82b7-f2ba38496583› - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - ‹FB5F1910-F110-11d2-BB9E-00C04F795683› - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - ‹FB5F1910-F110-11d2-BB9E-00C04F795683› - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - ‹438755C2-A8BA-11D1-B96B-00A0C90312E1› - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - ‹8C7461EF-2B13-11d2-BE35-3078302C2030› - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Marvell RAID Event Agent (Marvell RAID) - Unknown owner - C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
O23 - Service: MRU Web Service (MRUWebService) - Apache Software Foundation - C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 5660 bytes



pomożecie a i jeszcze jak klikam alt + ctrl + delete to mi dziwny proces się wswietla o nazwie svchost.exe i tych procesów jest 7

xardas441 [ Chor��y ]

a i to jest link to obrazu tych procesuw a obrazek nazywa się pomocy

mirencjum [ operator kursora ]

Ten svchost.exe jest potrzebny, tak ma być. Ale w logu hijack masz dwa czerwone krzyżyki, No to jeszcze raz zrób to w/g instrukcji:

Ściągnij program z tej strony:



Uruchom i wybierz opcję"scan and save". Zapisze się log, który wklej w okienko na tej stronie:



i naciśnij analiza. Wartości które będą miały X, zaznacz w tym programiku który Ci wygenerował ten log i naciśnij Fix.

xardas441 [ Chor��y ]

HijackThis.de Security
Direct download
To the authors homepage




HijackThis log file analysis
HijackThis opens you a possibility to find and fix nasty entries on your computer easier.
Therefore it will scan special parts in the registry and on your harddisk and compare them with the default settings. If there is some abnormality detected on your computer HijackThis will save them into a logfile. In order to find out what entries are nasty and what are installed by the user, you need some background information.
A logfile is not so easy to analyze. Even for an advanced computer user. With the help of this automatic analyzer you are able to get some additional support. Just paste your complete logfile into the textbox at the bottom of this page.
Due to a few misunderstandings, I just want to make it clear that this site provides only an online analysis, and not HijackThis the program.
Service & Support
HijackThis.de Supportforum Deutsch | English
Forospyware.com (Spanish) www.forospyware.com
Malwarecrypt.com www.malwarecrypt.com
Computerhilfen www.computerhilfen.com

Did you know...?
..., that you can also use the MD5-Hash function of HijackThis in order to get a better analyzing result?

Log file
You can paste a logfile in this textbox

or you can choose a logfile from your computer




Show the visitors ratings


Help us to keep this free service online! Please give us a small donation via PayPal.



A newer version of service pack is available. Service packs increase the safety of your system. Visit Microsoft's windowsupdate site to download the newest version of the service pack.

We couldn't detect any active process of a firewall on your system. Possible reasons:
(1.) You are using the windows firewall or a hardware firewall.
(2.) You are using a firewall of an unknown vendor.
(3.) You are using a firewall, but for unknown reasons it is disabled
(4.) You don't use any firewall at all.
We recommend you to use a firewall. Download and install one or activate windows xp´s own one. In case you got questions or you want us to add the firewall you use to our database, contact us at our forum.
Actions
Entry
Kind
Visitor's assessment
Information

Logfile of Trend Micro HijackThis v2.0.4


This should be the newest version.

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)



MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)


This should be the newest version.

Boot mode: Normal


Very safe
This entry was classified from our visitors as good.

C:\WINDOWS\System32\smss.exe


Very safe

This entry was classified from our visitors as good.

C:\WINDOWS\system32\winlogon.exe


Very safe

This entry was classified from our visitors as good.

C:\WINDOWS\system32\services.exe


Safe

This entry was classified from our visitors as good.

C:\WINDOWS\system32\lsass.exe


Very safe

This entry was classified from our visitors as good.

C:\WINDOWS\system32\nvsvc32.exe


Very safe
Not dangerous, but unnecessary.
This entry was classified from our visitors as good.

C:\WINDOWS\system32\svchost.exe


Safe

This entry was classified from our visitors as good.

C:\WINDOWS\System32\svchost.exe


Very safe

This entry was classified from our visitors as good.

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe


Very safe

Avast Antivirus

C:\WINDOWS\system32\spoolsv.exe


Safe

This entry was classified from our visitors as good.

C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe



Apache webserver

C:\WINDOWS\system32\UAService7.exe


Safe

This entry was classified from our visitors as good.

C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe



Apache webserver

C:\WINDOWS\Explorer.EXE


Very safe

This entry was classified from our visitors as good.

C:\WINDOWS\RTHDCPL.EXE


Very safe

This entry was classified from our visitors as good.

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe


Safe (4.7 / 5.00)

C:\WINDOWS\system32\ctfmon.exe


Very safe

This entry was classified from our visitors as good.

C:\Program Files\Gadu-Gadu 10\gg.exe


Safe

Possibly nasty! According to our database this process runs normally in c:\.*gadu-gadu\! Check if you know this process and arrange a viruscheck where required. GaduGadu communicator

C:\Program Files\Messenger\msmsgs.exe


Safe

This entry was classified from our visitors as good.

C:\Program Files\DAEMON Tools Lite\DTLite.exe


Very safe
Safe (4.27 / 5.00)

C:\Program Files\ChomikBox\ChomikBox.exe


Neutral
This is a unknown process.

C:\Documents and Settings\kaliban\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe


Safe (3.73 / 5.00)

C:\Documents and Settings\kaliban\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe


Safe (3.73 / 5.00)

C:\Documents and Settings\kaliban\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe


Safe (3.73 / 5.00)

C:\Documents and Settings\kaliban\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe


Safe (3.73 / 5.00)

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe


Very safe
Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups! Tool, mit dem sie dieses Logfile erzeugt haben. Das Programm sollte so angelegt sein ! C:\Programme\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza


Safe
This entry was classified from our visitors as good.

O2 - BHO: AcroIEHelperStub - ‹18DF081C-E8AD-4283-A596-FA578C2EBDC3› - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll


Safe
Unknown application. This entry was classified from our visitors as good.

O2 - BHO: IEPluginBHO - ‹F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D› - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (file missing)


Neutral (3.16 / 5.00)

O3 - Toolbar: DAEMON Tools Toolbar - ‹32099AAC-C132-4136-9E9A-4E364A424E17› - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll


Safe
Safe (3.65 / 5.00)

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet


Safe
This entry was classified from our visitors as good.

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit


Safe
This entry was classified from our visitors as good.

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup


Safe
This entry was classified from our visitors as good.

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE


Safe
This entry was classified from our visitors as good.

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE


Safe
This entry was classified from our visitors as good.

O4 - HKLM\..\Run: [ChomikBox] "C:\Program Files\ChomikBox\ChomikBox.exe" /startup


Very safe
Unknown application.

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"


Safe
Not dangerous, but unnecessary. This entry was classified from our visitors as good.

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"


Safe
Safe (4 / 5.00)

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui


Very safe
Safe (4.28 / 5.00)

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe


Very safe
This entry was classified from our visitors as good.

O4 - HKCU\..\Run: [Gadu-Gadu 10] "C:\Program Files\Gadu-Gadu 10\gg.exe"


Very safe
Not dangerous, but unnecessary. Polish language Instant Messaging client

O4 - HKCU\..\Run: [IPLA!] C:\Program Files\ipla\ipla.exe /autorun


Very safe
Safe (4.11 / 5.00)

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background


Safe
This entry was classified from our visitors as good.

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun


Safe
Safe (4.21 / 5.00)

O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent


Safe
Safe (3.83 / 5.00)

O4 - HKCU\..\Run: [psysnew] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe


Nasty (1.64 / 5.00)

O4 - HKCU\..\Run: [Tpp3] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\gpp3g.exe


Nasty (2.98 / 5.00)

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')


Safe
Office related

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')


Safe
Office related

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')


Safe
This entry was classified from our visitors as good.

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')


Safe
This entry was classified from our visitors as good.

O9 - Extra button: (no name) - ‹e2e2dd38-d088-4134-82b7-f2ba38496583› - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


Safe
This entry was classified from our visitors as good.

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - ‹e2e2dd38-d088-4134-82b7-f2ba38496583› - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


Safe
This entry was classified from our visitors as good.

O9 - Extra button: Messenger - ‹FB5F1910-F110-11d2-BB9E-00C04F795683› - C:\Program Files\Messenger\msmsgs.exe


Safe
This entry was classified from our visitors as good.

O9 - Extra 'Tools' menuitem: Windows Messenger - ‹FB5F1910-F110-11d2-BB9E-00C04F795683› - C:\Program Files\Messenger\msmsgs.exe


Safe
This entry was classified from our visitors as good.

O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - ‹438755C2-A8BA-11D1-B96B-00A0C90312E1› - C:\WINDOWS\system32\browseui.dll


Safe (3.88 / 5.00)

O22 - SharedTaskScheduler: Demon buforu kategorii składników - ‹8C7461EF-2B13-11d2-BE35-3078302C2030› - C:\WINDOWS\system32\browseui.dll


Safe
Safe (3.88 / 5.00)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe


Neutral
This service (AvastSvc.exe) was identified as a good one.

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe


Very safe
This service (AvastSvc.exe) was identified as a good one.

O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe


Very safe
This service (AvastSvc.exe) was identified as a good one.

O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe


Very safe
Safe (3.82 / 5.00)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe


Safe
This service (IDriverT.exe) was identified as a good one.

O23 - Service: Marvell RAID Event Agent (Marvell RAID) - Unknown owner - C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe


Very safe
Safe (4.25 / 5.00)

O23 - Service: MRU Web Service (MRUWebService) - Apache Software Foundation - C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe


This service (Apache.exe) was identified as a good one.

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


Very safe
This service (nvsvc32.exe) was identified as a good one.

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe


Safe
This service (UAService7.exe) was identified as a good one. This entry was classified from our visitors as good.

xardas441 [ Chor��y ]

i teraz tak jest czy dobrze???

mirencjum [ operator kursora ]

To ty masz usunąć. Przecież napisane jest abyś ten log wkleił w okienko na podanej stronie. Tak wygląda Twój po analizie --->

Wyżej dałem Ci link z instrukcją. Tam masz te zdjęcie z kratkami przy procesach. Zaznaczasz ptaszek przy nazwach gdzie masz czerwone krzyżyki i niżej masz przycisk fix.

xardas441 [ Chor��y ]

dzinki

K4ramba [ Chor��y ]

Dzięki też napisać nie umiesz ? Tylko dzienki i jeszcze niedokładnie ...

17.07.2010

08:27

[16]

xardas441 [ Chor��y ]

sorka za szybko pisałem zgubiłem e

Lukas172_Nomad_ [ Still Alive ]

Za wiele z twoich postów nie zrozumiałem jednak mogę wywnioskować ,że masz jakiegoś trojana,wirusa.

Polecam program Malwarebytes' Anti-Malware powinien wykryć te trojany ->

EDIT.Widzę ,że problem już chyba rozwiązany

P.S. "Dzinki" nawet z "E" w jakimkolwiek miejscu byłoby źle napisane pisze się dzięki.