Problem z wirusami
#1
Mam problem z avirą.
Wykrywa ona wirusy ale ich nie usuwa.
Co mam zrobić?
Odpowiedz
#2
Wklej log na forum, zobaczymy co siedzi.
Odpowiedz
#3
bigmagic napisał(a):Wykrywa ona wirusy ale ich nie usuwa.

Jeśli premium - Overwrite and Delete, jesli normal wtedy dzialasz w trybie awaryjnym Wink


ale dla pewnosci
Seth napisał(a):Wklej log na forum, zobaczymy co siedzi.
Odpowiedz
#4
mój log:


AntiVir PersonalEdition Classic
Report file date: 3 września 200618:05

Scanning for 493800 virus strains and unwanted programs.

Licensed to:AntiVir PersonalEdition Classic
Serial number:0000149996-WURGE-0001
Platform: Windows XP
Windows versionSadDodatek Service Pack 2)[5.1.2600]
Username: User
Computer nameGrinOM

Version informations:
AVSCAN.EXE : 7.0.0.42557096 2006-08-23 21:22:11
AVSCAN.DLL : 7.0.0.42532882006-08-23 21:22:11
LUKE.DLL : 7.0.0.42118824 2006-08-23 21:22:11
LUKERES.DLL: 7.0.0.42256402006-08-23 21:22:11
ANTIVIR0.VDF : 6.35.0.173712642006-08-23 21:22:11
ANTIVIR1.VDF : 6.35.1.12212707842006-08-23 21:22:11
ANTIVIR2.VDF : 6.35.1.175144896 2006-08-23 21:22:11
ANTIVIR3.VDF : 6.35.1.178112642006-08-23 21:22:11
AVEWIN32.DLL : 7.1.1.1118273282006-08-23 21:22:11
AVPREF.DLL : 7.0.0.1 491922006-08-23 21:22:11
AVREP.DLL: 6.35.1.124774184 2006-08-23 21:22:11
AVRPBASE.DLL : 7.0.0.0 21627282006-08-23 21:22:11
AVPACK32.DLL : 7.1.0.1 335912 2006-08-23 21:22:11
AVREG.DLL: 6.31.0.90 276882006-08-23 21:22:11
NETNT.DLL: 6.32.0.06696 2006-08-23 21:22:11
NETNW.DLL: 6.32.0.09768 2006-08-23 21:22:11
RCIMAGE.DLL: 7.0.0.7116425362006-08-23 21:22:12
RCTEXT.DLL : 7.0.0.75778642006-08-23 21:22:12

Configuration settings for the scan:
Jobname: ''%s''.................: Local Hard Disks
Configuration file............: CTonguerogram FilesAntiVir PersonalEdition Classicalldiscs.avp
Boot sectors..................: C,D
Scan memory...................: 1
Process scan..................: 1
Scan all files................: 1
Scan archives.................: 1
Recursion depth...............: 20
Smart extensions..............: 1
Skipped archive types.........: 1000,1001,1002,1003,1004,
Macro heuristic...............: 1
File heuristic................: 2
Primary action................: 8
Secondary action..............: 0

Start of the scan: 3 września 200618:05


The scan over running processes will be started
30 Processes was scanned

Start scanning boot sectors:

Boot sector ''C:''
[NOTE] No virus was found!
Boot sector ''D:''
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( 10 files ).


Starting the file scan:

C:pagefile.sys
[WARNING]The file could not be opened!
CGrinocuments and SettingsLocalServiceNTUSER.DAT
[WARNING]The file could not be opened!
CGrinocuments and SettingsLocalServicentuser.dat.LOG
[WARNING]The file could not be opened!
CGrinocuments and SettingsLocalServiceUstawienia lokalneDane aplikacjiMicrosoftWindowsUsrClass.dat
[WARNING]The file could not be opened!
CGrinocuments and SettingsLocalServiceUstawienia lokalneDane aplikacjiMicrosoftWindowsUsrClass.dat.LOG
[WARNING]The file could not be opened!
CGrinocuments and SettingsNetworkServiceNTUSER.DAT
[WARNING]The file could not be opened!
CGrinocuments and SettingsNetworkServicentuser.dat.LOG
[WARNING]The file could not be opened!
CGrinocuments and SettingsNetworkServiceUstawienia lokalneDane aplikacjiMicrosoftWindowsUsrClass.dat
[WARNING]The file could not be opened!
CGrinocuments and SettingsNetworkServiceUstawienia lokalneDane aplikacjiMicrosoftWindowsUsrClass.dat.LOG
[WARNING]The file could not be opened!
CGrinocuments and SettingsUserNTUSER.DAT
[WARNING]The file could not be opened!
CGrinocuments and SettingsUserntuser.dat.LOG
[WARNING]The file could not be opened!
CGrinocuments and SettingsUserDane aplikacjiMozillaFirefoxProfilesl1wfbnbk.defaultparent.lock
[WARNING]The file could not be opened!
CGrinocuments and SettingsUserDane aplikacjiThunderbirdProfilest8595b7j.defaultmaillocal foldersinbox
[0]Archive type: Netscape/Mozilla Mailbox
--> Mailbox_[From: "eFoxPay CO" <[email protected]>] [Subject: new vacancies] 758.mim
[1]Archive type: MIME
--> file0.html
[DETECTION]Enthält Signatur der Phish-Datei/Email PHISH/aFoxFraud
--> Mailbox_[From: "Fifth Third Bank" <customerssupport_28756313.c] [Subject: Urgent Security Notice] 870.mim
[DETECTION]Enthält Signatur der Phish-Datei/Email PHISH/53Bkfraud.O
[1]Archive type: MIME
--> file0.mim
[DETECTION]Enthält Signatur der Phish-Datei/Email PHISH/53Bkfraud.O
[2]Archive type: MIME
--> file1.html
[DETECTION]Enthält Signatur der Phish-Datei/Email PHISH/53Bkfraud.G
[WARNING]The file was ignored!
CGrinocuments and SettingsUserDane aplikacjiThunderbirdProfilest8595b7j.defaultmaillocal folderstrash
[0]Archive type: Netscape/Mozilla Mailbox
--> Mailbox_[From: "eFoxPay CO" <[email protected]>] [Subject: new vacancies] 308.mim
[1]Archive type: MIME
--> file0.html
[DETECTION]Enthält Signatur der Phish-Datei/Email PHISH/aFoxFraud
--> Mailbox_[From: "Fifth Third Bank" <customerssupport_28756313.c] [Subject: Urgent Security Notice] 408.mim
[DETECTION]Enthält Signatur der Phish-Datei/Email PHISH/53Bkfraud.O
[1]Archive type: MIME
--> file0.mim
[DETECTION]Enthält Signatur der Phish-Datei/Email PHISH/53Bkfraud.O
[2]Archive type: MIME
--> file1.html
[DETECTION]Enthält Signatur der Phish-Datei/Email PHISH/53Bkfraud.G
[WARNING]The file was ignored!
CGrinocuments and SettingsUserUstawienia lokalneDane aplikacjiMicrosoftWindowsUsrClass.dat
[WARNING]The file could not be opened!
CGrinocuments and SettingsUserUstawienia lokalneDane aplikacjiMicrosoftWindowsUsrClass.dat.LOG
[WARNING]The file could not be opened!
C:WINDOWSsystem32CatRoot2edb.log
[WARNING]The file could not be opened!
C:WINDOWSsystem32CatRoot2tmp.edb
[WARNING]The file could not be opened!
C:WINDOWSsystem32configdefault
[WARNING]The file could not be opened!
C:WINDOWSsystem32configdefault.LOG
[WARNING]The file could not be opened!
C:WINDOWSsystem32configSAM
[WARNING]The file could not be opened!
C:WINDOWSsystem32configSAM.LOG
[WARNING]The file could not be opened!
C:WINDOWSsystem32configSECURITY
[WARNING]The file could not be opened!
C:WINDOWSsystem32configSECURITY.LOG
[WARNING]The file could not be opened!
C:WINDOWSsystem32configsoftware
[WARNING]The file could not be opened!
C:WINDOWSsystem32configsoftware.LOG
[WARNING]The file could not be opened!
C:WINDOWSsystem32configsystem
[WARNING]The file could not be opened!
C:WINDOWSsystem32configsystem.LOG
[WARNING]The file could not be opened!
C:WINDOWSsystem32driversatapi.sys
[WARNING]The file could not be opened!
C:WINDOWSTempZLT03a5b.TMP
[WARNING]The file could not be opened!
C:WINDOWSTempZLT049c8.TMP
[WARNING]The file could not be opened!
D:WpeProPermEdit.exe
[DETECTION]File has been compressed with an unusual runtime compression tool (PCK/MEW). Please verify the origin of the file
[INFO] The file was moved to ''456d0639.qua''!
D:WpeProWPE by elektro255.exe
[DETECTION]File has been compressed with an unusual runtime compression tool (PCK/MEW). Please verify the origin of the file
[INFO] The file was moved to ''45400624.qua''!


End of the scan: 3 września 200618:41
Used time: 36:13 min

The scan has been done completely.

5207 Scanning directories
196624 Files were scanned
10 viruses and/or unwanted programs was found
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
4501 Archives were scanned
31 Warnings
1 Notes
Odpowiedz
#5
wklej dodatkowo dwa logi z tego tematu:

hijack this oraz silent runners

[Aby zobaczyć linki, zarejestruj się tutaj]

Odpowiedz
#6
hijack this
Kod:
Logfile of HijackThis v1.99.1
Scan saved at 19:39:51, on 2006-09-03
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:WINDOWSSYSTEM32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAntiVir PersonalEdition Classicsched.exe
C:Program FilesAntiVir PersonalEdition Classicavguard.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesThomsonSpeedTouch USBDragdiag.exe
C:Program FilesZone LabsZoneAlarmzlclient.exe
C:Program FilesJavajre1.5.0_06binjusched.exe
C:Program FilesAntiVir PersonalEdition Classicavgnt.exe
C:Program FilesGadu-Gadugg.exe
C:Program FilesUlead SystemsUlead Photo Express 4.0 SECalCheck.exe
C:PROGRA~1MOZILL~1FIREFOX.EXE
D:HijackThis.exe
C:WINDOWSSystem32WScript.exe
C:WINDOWSSystem32WScript.exe
C:WINDOWSSystem32WScript.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.onet.pl/
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_06binssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:Program FilesCanonEasy-WebPrintToolband.dll
O4 - HKLM..Run: [SpeedTouch USB Diagnostics] "C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon
O4 - HKLM..Run: [Zone Labs Client] "C:Program FilesZone LabsZoneAlarmzlclient.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0_06binjusched.exe
O4 - HKLM..Run: [avgnt] "C:Program FilesAntiVir PersonalEdition Classicavgnt.exe" /min
O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:Program FilesUlead SystemsUlead Photo Express 4.0 SECalCheck.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O17 - HKLMSystemCCSServicesTcpip..{0E1D641B-4B38-40E8-90C5-0F94150388AA}: NameServer = 213.241.79.37 195.114.181.130
O17 - HKLMSystemCCSServicesTcpip..{7558D2AC-9EAA-40CE-802A-068D4749A489}: NameServer = 164.204.152.34,194.204.159.1
O17 - HKLMSystemCS1ServicesTcpip..{0E1D641B-4B38-40E8-90C5-0F94150388AA}: NameServer = 213.241.79.37 195.114.181.130
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:Program FilesAntiVir PersonalEdition Classicsched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:Program FilesAntiVir PersonalEdition Classicavguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:Program FilesCommon FilesMacromedia SharedServiceMacromedia Licensing.exe
O23 - Service: Zapora systemu Windows/Udostępnianie połączenia internetowego (SharedAccess) - Unknown owner - C:WINDOWSsystem32svchost.exe
O23 - Service: Wykrywanie sprzętu powłoki (ShellHWDetection) - Unknown owner - C:WINDOWSSystem32svchost.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:WINDOWSsystem32ZoneLabsvsmon.exe

silent runners
Kod:
"Silent Runners.vbs", revision 47, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun {++}
"Gadu-Gadu" = ""C:Program FilesGadu-Gadugg.exe" /tray" ["Gadu-Gadu Sp. z oo"]

HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun {++}
"SpeedTouch USB Diagnostics" = ""C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
"Zone Labs Client" = ""C:Program FilesZone LabsZoneAlarmzlclient.exe"" ["Zone Labs, LLC"]
"SunJavaUpdateSched" = "C:Program FilesJavajre1.5.0_06binjusched.exe" ["Sun Microsystems, Inc."]
"avgnt" = ""C:Program FilesAntiVir PersonalEdition Classicavgnt.exe" /min" ["Avira GmbH"]

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
InProcServer32(Default) = "C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx" [empty string]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
InProcServer32(Default) = "C:Program FilesJavajre1.5.0_06binssv.dll" ["Sun Microsystems, Inc."]

HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
InProcServer32(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
InProcServer32(Default) = "C:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."]
Odpowiedz
#7
lod silent runners jest urwany,prosze poczekac do konca ,dostaniesz komunikat


dodatkowo ustal ktore to sa twoje DNS`y:

Cytat: O17 - HKLMSystemCCSServicesTcpip..{0E1D641B-4B38-40E8-90C5-0F94150388AA}: NameServer = 213.241.79.37 195.114.181.130
O17 - HKLMSystemCCSServicesTcpip..{7558D2AC-9EAA-40CE-802A-068D4749A489}: NameServer = 164.204.152.34,194.204.159.1
Odpowiedz
#8
był komunikat przy silent runners a co do dns to niewiem o co chodzi.
Zawsze używałem antywirusów a nie skanerów.
Odpowiedz
#9
log z silent runners musi zakonczyc sie +++++ przeskanuj i wklej raz jeszcze Smile
Odpowiedz
#10
Kod:
"Silent Runners.vbs", revision 47, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun {++}
"Gadu-Gadu" = ""C:Program FilesGadu-Gadugg.exe" /tray" ["Gadu-Gadu Sp. z oo"]

HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun {++}
"SpeedTouch USB Diagnostics" = ""C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
"Zone Labs Client" = ""C:Program FilesZone LabsZoneAlarmzlclient.exe"" ["Zone Labs, LLC"]
"SunJavaUpdateSched" = "C:Program FilesJavajre1.5.0_06binjusched.exe" ["Sun Microsystems, Inc."]
"avgnt" = ""C:Program FilesAntiVir PersonalEdition Classicavgnt.exe" /min" ["Avira GmbH"]

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
InProcServer32(Default) = "C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx" [empty string]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
InProcServer32(Default) = "C:Program FilesJavajre1.5.0_06binssv.dll" ["Sun Microsystems, Inc."]

HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
InProcServer32(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
InProcServer32(Default) = "C:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
InProcServer32(Default) = "C:PROGRA~1ALCOHO~1ALCOHO~1AXShlEx.dll" ["Alcohol Soft Development Team"]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
InProcServer32(Default) = "C:WINDOWSsystem32browseui.dll" [MS]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
InProcServer32(Default) = "C:Program FilesAntiVir PersonalEdition Classicshlext.dll" ["H+BEDV Datentechnik GmbH"]

HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify
INFECTION WARNING! AtiExtEventDLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLMSoftwareClasses*shellexContextMenuHandlers
Shell Extension for Malware scanning(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
InProcServer32(Default) = "C:Program FilesAntiVir PersonalEdition Classicshlext.dll" ["H+BEDV Datentechnik GmbH"]

HKLMSoftwareClassesFoldershellexContextMenuHandlers
Shell Extension for Malware scanning(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
InProcServer32(Default) = "C:Program FilesAntiVir PersonalEdition Classicshlext.dll" ["H+BEDV Datentechnik GmbH"]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState

HKCUControl PanelDesktop
"Wallpaper" = "C:Documents and SettingsUserDane aplikacjiIrfanViewIrfanView_Wallpaper.bmp"


Startup items in "User" & "All Users" startup folders:
------------------------------------------------------

C:Documents and SettingsAll UsersMenu StartProgramyAutostart
"Ulead Photo Express 4.0 SE Calendar Checker " -> shortcut to: "C:Program FilesUlead SystemsUlead Photo Express 4.0 SECalCheck.exe" ["Ulead Systems, Inc."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Entries {++}
000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]
000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]

Transport Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Entries {++}
0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%system32rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLMSoftwareMicrosoftInternet ExplorerToolbar
"{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint"
-> {HKLM...CLSID} = "Easy-WebPrint"
InProcServer32(Default) = "C:Program FilesCanonEasy-WebPrintToolband.dll" [null data]

Extensions (Tools menu items, main toolbar menu buttons)

HKLMSoftwareMicrosoftInternet ExplorerExtensions
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
InProcServer32(Default) = "C:Program FilesJavajre1.5.0_06binssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
InProcServer32(Default) = "C:Program FilesJavajre1.5.0_06binnpjpi150_06.dll" ["Sun Microsystems, Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:Program FilesMessengermsmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AntiVir PersonalEdition Classic Guard, AntiVirService, "C:Program FilesAntiVir PersonalEdition Classicavguard.exe" ["AVIRA GmbH"]
AntiVir PersonalEdition Classic Scheduler, AntiVirScheduler, "C:Program FilesAntiVir PersonalEdition Classicsched.exe" ["Avira GmbH"]
Ati HotKey Poller, Ati HotKey Poller, "C:WINDOWSsystem32Ati2evxx.exe" ["ATI Technologies Inc."]
TrueVector Internet Monitor, vsmon, "C:WINDOWSsystem32ZoneLabsvsmon.exe -service" ["Zone Labs, LLC"]


Print Monitors:
---------------

HKLMSystemCurrentControlSetControlPrintMonitors
Canon BJ Language Monitor PIXMA iP1000Driver = "CNMLM6e.DLL" ["CANON INC."]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 21 seconds, including 4 seconds for message boxes)

o to chodzi?
Odpowiedz
#11
Logi masz czyste jeden i drugi...


Dla pewnosci jeszcze ,czy mozesz przeskanowac system :

[Aby zobaczyć linki, zarejestruj się tutaj]

i wkleic wynik na forum,bo wychodzi na to ze avirka daje ci błedne komunikaty,wstepnie Smile
Odpowiedz
#12
Kasperski nic niewykrył
O co chodzi z tą avirą?
Ale mimo tego i tak coś musiało być bo mi ładnie kompa przymulało tyle tylko, że niewiem dlaczego przeszło samo.
Odpowiedz
#13
avira>>AntiVir

A jesli przeszło samo ,to bardzo się cieszęSmile
Odpowiedz


Skocz do:


Użytkownicy przeglądający ten wątek: 1 gości