"...Guard could not be started" moze w logu cos zn
#1
Witam! oto moj log:
Kod:
Logfile of HijackThis v1.99.1
Scan saved at 00:42:02, on 2006-01-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAntiVir PersonalEdition Classicsched.exe
C:Program FilesThomsonSpeedTouch USBDragdiag.exe
C:Program FilesCreativeSBAudigySurround MixerCTSysVol.exe
C:WINDOWSsystem32Rundll32.exe
C:Program FilesAntiVir PersonalEdition Classicavgnt.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Documents and SettingsAdministratorDesktopAVIRAFIXHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:Program FilesFlashGetjccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_06binssv.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:Program FilesFlashGetgetflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:Program FilesFlashGetfgiebar.dll
O4 - HKLM..Run: [SpeedTouch USB Diagnostics] "C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [CTSysVol] C:Program FilesCreativeSBAudigySurround MixerCTSysVol.exe /r
O4 - HKLM..Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
O4 - HKLM..Run: [avgnt] "C:Program FilesAntiVir PersonalEdition Classicavgnt.exe" /min
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [DAEMON Tools] "C:Program FilesDAEMON Toolsdaemon.exe" -lang 1033
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O8 - Extra context menu item: &Download All with FlashGet - C:Program FilesFlashGetjc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:Program FilesFlashGetjc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe
O9 - Extra ''Tools'' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra ''Tools'' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-611111193429} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
O17 - HKLMSystemCCSServicesTcpip..{AD60A651-6946-43DD-9C3F-6FEF6DA6FDDE}: NameServer = 194.204.152.34 217.98.63.164
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:Program FilesAntiVir PersonalEdition Classicsched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:Program FilesAntiVir PersonalEdition Classicavguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: FrontLine Drivers Auto Removal (v2) (sfrem02) - Protection Technology (StarForce) - C:WINDOWSsystem32sfrem02.exe
Odpowiedz
#2
Cytat: O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-611111193429} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {33331111-1131-1111-1111-611111193428} -

Zafixuj, daj loga z Silenta Smile
Odpowiedz
#3
Usunołem tamte wpisy, oto log z silent runners:
Kod:
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}
"ctfmon.exe" = "C:WINDOWSsystem32ctfmon.exe" [MS]
"DAEMON Tools" = ""C:Program FilesDAEMON Toolsdaemon.exe" -lang 1033" ["DT Soft Ltd."]

HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++}
"SpeedTouch USB Diagnostics" = ""C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
"NvCplDaemon" = "RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS]
"QuickTime Task" = ""C:Program FilesQuickTimeqttask.exe" -atboottime" ["Apple Computer, Inc."]
"CTSysVol" = "C:Program FilesCreativeSBAudigySurround MixerCTSysVol.exe /r" ["Creative Technology Ltd"]
"P17Helper" = "Rundll32 P17.dll,P17Helper" [MS]
"UpdReg" = "C:WINDOWSUpdReg.EXE" ["Creative Technology Ltd."]
"avgnt" = ""C:Program FilesAntiVir PersonalEdition Classicavgnt.exe" /min" ["Avira GmbH"]

HKLMSoftwareMicrosoftActive SetupInstalled Components
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}(Default) = "IE7 Uninstall Stub"
StubPath = "C:WINDOWSsystem32ieudinit.exe" [MS]

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}(Default) = (no title provided)
-> {HKLM...CLSID} = "Flashget Catch Url Class"
InProcServer32(Default) = "C:Program FilesFlashGetjccatch.dll" ["www.flashget.com"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
InProcServer32(Default) = "C:Program FilesJavajre1.5.0_06binssv.dll" ["Sun Microsystems, Inc."]
{F156768E-81EF-470C-9057-481BA8380DBA}(Default) = (no title provided)
-> {HKLM...CLSID} = "gFlash Class"
InProcServer32(Default) = "C:Program FilesFlashGetgetflash.dll" [empty string]

HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
InProcServer32(Default) = "C:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
InProcServer32(Default) = "C:Program FilesAntiVir PersonalEdition Classicshlext.dll" ["H+BEDV Datentechnik GmbH"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
InProcServer32(Default) = "C:WINDOWSsystem32nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
InProcServer32(Default) = "C:WINDOWSsystem32nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
InProcServer32(Default) = "C:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
InProcServer32(Default) = "C:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]

HKLMSoftwareMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
InProcServer32(Default) = "C:WINDOWSsystem32WPDShServiceObj.dll" [MS]

HKLMSoftwareClassesFoldershellexColumnHandlers
{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXPDFShell.dll" ["Adobe Systems, Inc."]

HKLMSoftwareClasses*shellexContextMenuHandlers
Shell Extension for Malware scanning(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
InProcServer32(Default) = "C:Program FilesAntiVir PersonalEdition Classicshlext.dll" ["H+BEDV Datentechnik GmbH"]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]

HKLMSoftwareClassesDirectoryshellexContextMenuHandlers
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]

HKLMSoftwareClassesFoldershellexContextMenuHandlers
Shell Extension for Malware scanning(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
InProcServer32(Default) = "C:Program FilesAntiVir PersonalEdition Classicshlext.dll" ["H+BEDV Datentechnik GmbH"]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer

"NoSharedDocuments" = (REG_DWORD) hex:0x00000001
{User Configuration|Administrative Templates|Windows Components|Windows Explorer|
Remove Shared Documents from My Computer}

HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState


Enabled Screen Saver:
---------------------

HKCUControl PanelDesktop
"SCRNSAVE.EXE" = "C:WINDOWSSystem32logon.scr" [MS]


Startup items in "Administrator" & "All Users" startup folders:
---------------------------------------------------------------

C:Documents and SettingsAll UsersStart MenuProgramsStartup
"Adobe Reader Speed Launch" -> shortcut to: "C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe" ["Adobe Systems Incorporated"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Entries {++}
000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]
000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]

Transport Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Entries {++}
0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%system32rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLMSoftwareMicrosoftInternet ExplorerToolbar
"{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet"
-> {HKLM...CLSID} = "FlashGet"
InProcServer32(Default) = "C:Program FilesFlashGetfgiebar.dll" ["Amaze Soft"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLMSoftwareMicrosoftInternet ExplorerExtensions
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
InProcServer32(Default) = "C:Program FilesJavajre1.5.0_06binssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
InProcServer32(Default) = "C:Program FilesJavajre1.5.0_06binnpjpi150_06.dll" ["Sun Microsystems, Inc."]

{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}
"ButtonText" = "FlashGet"
"MenuText" = "FlashGet"
"Exec" = "C:PROGRA~1FlashGetflashget.exe" ["FlashGet.com"]

{E2E2DD38-D088-4134-82B7-F2BA38496583}
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%Network Diagnosticxpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:Program FilesMessengermsmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AntiVir PersonalEdition Classic Scheduler, AntiVirScheduler, "C:Program FilesAntiVir PersonalEdition Classicsched.exe" ["Avira GmbH"]
NVIDIA Display Driver Service, NVSvc, "C:WINDOWSsystem32nvsvc32.exe" ["NVIDIA Corporation"]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 99 seconds.
---------- (total run time: 139 seconds)


Zaczynam wątpić w możliwośc reaktywacji "Guarda", znalazłem forum gdzie gość klnie ze wydał 65 euro na jakos tam rozbudowana wersje i nikt mu niumie nic poradzic - a reinstall windy odpada Sad


Z pomocą nadszedł pan Bill (!) zaktualizowałem windowsa i wszystko działaGrin
Odpowiedz
#4
It''s OK Smile
Odpowiedz


Skocz do:


Użytkownicy przeglądający ten wątek: 1 gości