Forum Newcastle, Newcastle, polacy Newcastle, Sunderland, Darlington, Middlesbrough, Consett, Gateshead

od kilku dni mi wyskakuje ostrzezenie :

"A program can't display a massage on your desktop"

nie wiem co jest grane i czego tam brak,Jak to naprawic?wie ktos?

musisz podac chlopie wiecej szczegolow

taki blad w systemie windows moga powodowac rozne programy. napisz jakie masz oprogramowanie - czesto taki blad powoduja sterowniki HP albo program PDFCreator, albo jakis inny korzystajacy ze scriptow windows.

sprawdz tez komputer programem ''hijackthis'' - moze masz jakiegos szkodnika.

podaj wiecej szczegolow a pomoge.

pozdrawiam

Mam Windows Vista (niestety).oto calosc komunikatu:

Show mi the message-jak na to klikam to wszystko znika a caly ekran robi sie jasno niebieski.Wyskakuje ze nie moze mi pokazac komunikatu i ze cos jest niekompatybilne z Windows.

Message title:Windows Script Host
Program Path: C:\Windows\System32\ wscript.exe
This problem happens because of partial incompatibiliti with Windows

Skanowalem Panda(pelna wersja),nic nie wykrylo.jutro sprobuje tym co poleciles.Dzieki

Masz infekcje z pendrive.
Jest to robak skryptowy posługujący się plikami VBS.

1. Pobierz ComboFix

2. Wklej do notatnika:

KOD
File::
C:\`.vbs

Folder::
C:\Deckard

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"explorer"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be82d8f6-28bf-11dd-bbeb-0060b343e591}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cbff5d46-25c3-11dd-bbe3-0060b343e591}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0bbedad-7572-11dc-b9f0-0060b343e591}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb0070b6-d7ca-11dc-bb0c-0060b343e591}]

Plik >>> zapisz pod nazwą CFScript.txt a nastepnie przeciągnij go i upuść na ikonę ComboFixa w taki sposób:
Obrazek

3. Dajesz log z ComboFix.

Potem powiem co dalej

[ Dodano: Sro 26 Lis, 2008 15:59 ]
Jak nie wiesz jak dodac log z Combo przeczytaj to http://peb.pl/logi-do-sprawdzenia/10056 ... -opis.html

http://www.searchengines.pl/lofiversion ... 94761.html

Powazna sprawa jak widze.pomysle jeszcze co z tym zrobic.Od prawie roku nie mialem instalowanego na nowo systemu wiec moze czas zrobic porzadek.dzieki za info.

Pomysle co z tym zrobie ::aplauz

Ludzie chca pomoc a ty format, pamietaj, format to ostatecznosc. Ja nie robie po 3 lata i komp smiga. Zrob tak jak napisalem

Niektorzy radza zeby robic format co dwa-trzy miesiace...
Ale ok zrobie tak.dopiero sie ucze wiec wole byc ostrozny.dam znak jak poszlo.dzieki

Trombel napisał(a):Niektorzy radza zeby robic format co dwa-trzy miesiace...
Ale ok zrobie tak.dopiero sie ucze wiec wole byc ostrozny.dam znak jak poszlo.dzieki

wszystko zalezy od osoby - kto jak system uzywa. Niektorym przydaloby sie robic formata co tydzien

a niektorym 5 lat starcza

tak jak z kazda rzecza - wystarczy odpowiednio o nia dbac. System operacyjny to zywy organizm, potrzebuje czasami swiezych witamin (latki), odrobne oddechu (defrag dysku), odrobaczanie (wiadomo

) zrzucenie zbednych kilogramow( odinstalowanie zbednych aplikacji)

Bardzo dobra odpowiedz

no wlasnie zalezy jak kto sie zna,ja slabo:( ComboFix wygenerowal mi loga.co dalej?

masz wszystko napisane w 1 poscie zrob jak jest tam napisane

ok zrobione.cos musz zrobic z tym logiem? uzylem po tym tez Flash Desinfector.Kompik dziala ok,dziwne komunikaty zniknely.

wklej tutaj loga bo mzoe to nie wszystko

Kod: Zaznacz cały: ComboFix 08-11-27.03 - Tomasz 2008-11-28 19:19:03.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.174 [GMT 0:00] Running from: c:\users\Tomasz\Desktop\ComboFix.exe Command switches used :: c:\users\Tomasz\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-28 ))))))))))))))))))))))))))))))) . 2008-11-28 17:43 . 2008-11-28 17:43 <DIR> d-------- c:\program files\Trend Micro 2008-11-27 12:46 . 2008-11-27 12:46 0 --a------ c:\windows\System32\Ä_Ä_ 2008-11-27 10:27 . 2008-11-27 10:27 161,762,335 --a------ c:\windows\MEMORY.DMP 2008-11-26 21:54 . 2008-10-21 05:25 1,645,568 --a------ c:\windows\System32\connect.dll 2008-11-26 21:08 . 2008-11-26 21:08 0 --a------ c:\windows\System32\ÄTÄT 2008-11-26 20:46 . 2008-10-22 03:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll 2008-11-26 20:45 . 2008-08-28 03:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll 2008-11-26 20:45 . 2008-08-28 03:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll 2008-11-26 20:45 . 2008-08-28 03:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll 2008-11-26 16:52 . 2008-11-26 16:52 0 --a------ c:\windows\System32\ÄVÄV 2008-11-23 15:32 . 2008-11-23 15:32 0 --a------ c:\windows\System32\Ä(Ä( 2008-11-20 21:09 . 2008-01-02 16:33 172,032 --a------ c:\windows\System32\igfxres.dll 2008-11-20 11:36 . 2008-11-20 11:37 <DIR> d-------- c:\users\Tomasz\{02b40ffc-2c62-4a06-8e05-d10f405e77e9} 2008-11-19 17:27 . 2008-11-19 17:28 <DIR> d-------- c:\program files\LimeWire 2008-11-14 15:07 . 2008-11-14 15:07 0 --a------ c:\windows\System32\ÄOÄO 2008-11-12 16:57 . 2008-09-10 03:40 1,334,272 --a------ c:\windows\System32\msxml6.dll 2008-11-12 16:56 . 2008-08-27 01:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys 2008-11-12 16:51 . 2008-09-05 05:14 1,191,936 --a------ c:\windows\System32\msxml3.dll 2008-11-11 18:48 . 2008-11-11 18:48 0 --a------ c:\windows\System32\Ä$Ä$ 2008-11-07 15:49 . 2008-10-16 21:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll 2008-11-07 15:49 . 2008-10-16 20:56 1,524,736 --a------ c:\windows\System32\wucltux.dll 2008-11-07 15:49 . 2008-10-16 21:09 51,224 --a------ c:\windows\System32\wuauclt.exe 2008-11-07 15:49 . 2008-10-16 21:09 43,544 --a------ c:\windows\System32\wups2.dll 2008-11-07 15:48 . 2008-10-16 21:12 561,688 --a------ c:\windows\System32\wuapi.dll 2008-11-07 15:48 . 2008-10-16 20:55 83,456 --a------ c:\windows\System32\wudriver.dll 2008-11-07 15:48 . 2008-10-16 21:08 34,328 --a------ c:\windows\System32\wups.dll 2008-11-07 15:47 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll 2008-11-07 15:47 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe 2008-11-06 17:29 . 2008-11-07 16:19 921,624 --a------ C:\img2-001.raw 2008-11-06 16:59 . 2008-11-06 17:01 <DIR> d-------- c:\program files\Microsoft LifeCam 2008-11-06 09:24 . 2008-11-20 21:08 16,068 --a------ c:\windows\System32\results.xml 2008-11-05 20:34 . 2008-11-05 20:34 <DIR> d-------- c:\windows\System32\Lang 2008-11-05 20:34 . 2008-02-16 10:26 920,088 --a------ c:\windows\System32\igxpun.exe 2008-11-05 14:48 . 2008-11-05 21:56 510 --a------ c:\windows\WORDPAD.INI 2008-11-05 13:52 . 2008-11-05 13:52 0 --a------ c:\windows\System32\ÄzÄz 2008-11-05 08:30 . 2008-11-05 08:30 0 --a------ c:\windows\System32\Ä=Ä= 2008-11-03 17:52 . 2008-11-03 17:52 0 --a------ c:\windows\System32\Ä6Ä6 2008-11-03 09:10 . 2008-11-03 09:10 0 --a------ c:\windows\System32\Ä8Ä8 2008-11-02 14:00 . 2008-11-02 14:00 0 --a------ c:\windows\System32\Ä#Ä# 2008-11-01 20:45 . 2004-02-05 21:53 389,120 --a------ c:\windows\System32\actskn43.ocx 2008-11-01 20:45 . 2004-01-08 02:43 253,952 --a------ c:\windows\System32\histogram.ocx 2008-11-01 20:45 . 2004-01-09 11:54 188,416 --a------ c:\windows\System32\actsplash.ocx 2008-11-01 20:45 . 2000-07-15 00:00 118,784 --a------ c:\windows\System32\MSSTDFMT.DLL 2008-11-01 20:45 . 2000-07-15 06:00 101,888 --a------ c:\windows\System32\VB6STKIT.DLL 2008-10-29 18:17 . 2008-08-05 09:49 428,544 --a------ c:\windows\System32\EncDec.dll 2008-10-29 18:17 . 2008-08-05 09:48 217,088 --a------ c:\windows\System32\psisrndr.ax 2008-10-29 18:17 . 2008-08-05 09:48 177,664 --a------ c:\windows\System32\mpg2splt.ax 2008-10-29 18:17 . 2008-08-05 09:48 80,896 --a------ c:\windows\System32\MSNP.ax 2008-10-29 18:16 . 2008-08-05 09:49 293,376 --a------ c:\windows\System32\psisdecd.dll 2008-10-29 16:37 . 2008-08-12 03:39 443,392 --a------ c:\windows\System32\win32spl.dll 2008-10-29 16:37 . 2008-09-18 04:56 147,456 --a------ c:\windows\System32\Faultrep.dll 2008-10-29 16:37 . 2008-09-18 04:56 125,952 --a------ c:\windows\System32\wersvc.dll 2008-10-28 15:23 . 2008-10-28 15:23 0 --a------ c:\windows\System32\ÄIÄI . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-28 19:15 1,244 ----a-w c:\windows\system32\drivers\APPFLTR.CFG.bck 2008-11-28 19:15 1,244 ----a-w c:\windows\system32\drivers\APPFLTR.CFG 2008-11-28 18:46 256,032 ----a-w c:\windows\system32\drivers\APPFCONT.DAT.bck 2008-11-28 18:46 256,032 ----a-w c:\windows\system32\drivers\APPFCONT.DAT 2008-11-27 20:27 --------- d-----w c:\users\Tomasz\AppData\Roaming\Skype 2008-11-27 20:26 --------- d-----w c:\users\Tomasz\AppData\Roaming\skypePM 2008-11-27 13:12 --------- d-----w c:\users\Tomasz\AppData\Roaming\LimeWire 2008-11-22 19:20 --------- d-----w c:\program files\Common Files\Adobe 2008-10-17 07:23 --------- d-----w c:\program files\Windows Mail 2008-10-09 22:34 2,560 ----a-w c:\windows\_MSRSTRT.EXE 2008-10-08 21:33 --------- d-----w c:\program files\AOL 9.0 VR 2008-10-07 11:32 --------- d-----w c:\programdata\HPSSUPPLY 2008-09-30 17:50 --------- d-----w c:\program files\Skype 2008-09-30 17:49 --------- d-----w c:\programdata\Skype 2008-09-30 17:49 --------- d-----w c:\program files\Common Files\Skype 2008-09-04 09:12 174 --sha-w c:\program files\desktop.ini 2007-11-28 17:53 32 ----a-w c:\users\All Users\ezsid.dat 2007-11-28 17:53 32 ----a-w c:\programdata\ezsid.dat 2008-08-05 10:54 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-08-05 10:54 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-08-05 10:54 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-11-28_18.09.56.53 ))))))))))))))))))))))))))))))))))))))))) . - 2008-11-28 17:30:50 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-11-28 18:48:43 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-11-28 17:30:50 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-11-28 18:48:43 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-11-28 17:30:50 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-11-28 18:48:43 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-18 171448] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-28 857648] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-10-09 77824] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920] "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-09-21 184320] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-09 1862144] "HostManager"="c:\program files\Common Files\AOL\1191968599\ee\AOLSoftware.exe" [2006-11-14 50736] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "APVXDWIN"="c:\program files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" [2007-07-19 455984] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912] "VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-16 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-16 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-16 133656] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "SigmatelSysTrayApp"="sttray.exe" [2007-03-06 c:\windows\sttray.exe] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-10-09 50688] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-10-09 45056] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] 2007-02-15 19:02 50736 c:\windows\System32\avldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3504846565-2921440528-1118049048-1000] "EnableNotifications"=dword:00000001 "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{59D2C6EF-84E2-446A-ADD1-A726E9583F10}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent "{B227B677-9621-49EB-AC68-AB075A669DDD}"= c:\program files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema "{8FC95AAE-2855-4C09-BBA8-08849AF440C5}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program "{A5A18A79-5B43-48F6-AB20-C99FC9A8A7E1}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine "{FD0E3F62-1E21-4AFB-9782-9E4064A9232B}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server "{4D566484-C06B-4573-924A-6F4E7FD906B5}"= UDP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialler "{DC034218-B847-4A5D-BC8C-A471EE3C337F}"= TCP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialler "{6D811071-62E5-4922-B7B9-E9576D8D1B9D}"= UDP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Services "{A9D10C32-4542-43C2-BE8B-32104853094A}"= TCP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Services "{FB64352C-3942-4A4E-85E7-F2CC0DE5812E}"= UDP:c:\program files\AOL 9.0 VR\waol.exe:AOL "{F781062D-690E-4A57-A234-569B5FB00E29}"= TCP:c:\program files\AOL 9.0 VR\waol.exe:AOL "{DED1E519-2372-48EE-A6A0-4C802BA9116B}"= UDP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed "{A7023FF6-7C03-4772-BAFC-D2EBEEB49222}"= TCP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed "{FF628431-E870-479C-AAD8-04AB3FC053FE}"= UDP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader "{5507E42F-2407-405F-8CD9-D86ABAA516B8}"= TCP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader "{07A75988-4F89-4D5B-920E-C76D84B3B15B}"= UDP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information "{ED2414C6-038C-454C-A225-B3E1DE0B7F93}"= TCP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information "TCP Query User{535FB303-4A4B-40E8-84C9-A366E3C90B18}c:\\program files\\gadu-gadu\\gg.exe"= UDP:c:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program glówny "UDP Query User{CF8A103E-E2DD-41EB-BC7E-839DC3ECA86E}c:\\program files\\gadu-gadu\\gg.exe"= TCP:c:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program glówny "TCP Query User{90547FE4-E129-4FF5-BD64-18E6CC6A95F9}c:\\program files\\nero\\nero 7\\nero showtime\\showtime.exe"= UDP:c:\program files\nero\nero 7\nero showtime\showtime.exe:Nero ShowTime "UDP Query User{526C889F-086C-45FE-8AD3-69ABADC8ADF8}c:\\program files\\nero\\nero 7\\nero showtime\\showtime.exe"= TCP:c:\program files\nero\nero 7\nero showtime\showtime.exe:Nero ShowTime "{CA171ACC-BF33-4EF0-8AFA-24B879FE02AA}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb "{BCD26D36-CB11-47B0-8223-C9B541FD0AE4}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb "{CFFEB6BC-7A31-486D-A22E-F0A4211A6503}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray "{94CC1115-0F18-4A1B-930B-BD40063722F5}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray "{ACA17D86-9DFF-477E-9B94-98A21E42DDF9}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR "{60EC444E-C9A6-42A9-AB3F-2D2CF47D1B08}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR "{2390DDAB-0063-49E5-B174-C9EF2CFF73E4}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "{25252A19-05D3-4E4C-A84A-AA814343EEE1}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "{4A40DCB0-F748-4272-A7AA-F3AAD9009FDF}"= UDP:c:\program files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe:VoipDiscount "{4193ACFC-DE14-4325-ACA3-523A41EFE45F}"= TCP:c:\program files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe:VoipDiscount "TCP Query User{59558FE5-4AB6-4346-A147-499C710216CB}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus "UDP Query User{59F75769-AC74-4CFE-B2A0-4CA1BE48012D}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus "TCP Query User{BF6CCA41-C443-4159-BF97-80F7FF6F6ADA}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare "UDP Query User{D7A53BF4-3C5E-4C44-89C6-7A6320A4ED56}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare "TCP Query User{B0E643E1-F5E9-463D-A80D-7D84DB95360C}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows "UDP Query User{8118DEDB-43A6-4C9C-B1E4-43AF6FE11A22}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows "TCP Query User{19BBF1C0-BB28-4A69-B71F-5E9AC2340E17}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{21270902-EEC8-4A6A-8B6D-396F24D03B1B}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{EF246996-C7AB-45C1-8E42-000F43B63738}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows "UDP Query User{C9358BBA-3101-4310-91E8-C582A4B30028}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows "TCP Query User{C2A9867D-7DF3-47A3-A293-151533AE934F}c:\\program files\\gadu-gadu\\gg.exe"= UDP:c:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program glówny "UDP Query User{77E89DEB-52C4-4706-825E-FC5121ADCA4F}c:\\program files\\gadu-gadu\\gg.exe"= TCP:c:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program glówny "{2F6F8F84-09B3-47F9-A683-E1F900B25BC4}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe "{BED3B46E-4A77-4D13-9DF0-2AEF4553652F}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe "{AF8237A3-B3D0-40B8-A831-D71B032B2B5A}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe "{63C9B7EE-27A3-4B49-BDF1-FC5E639B7990}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe "{34847805-AB67-4C84-82FA-8580381755BF}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe "{44928851-D4BD-4826-B375-8D242F56734F}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe "{2F78D131-CCE2-4ABE-8369-D0862AA20E20}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe "{D31281F0-4B2D-4625-8C24-B4A7C4B1B093}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe "{2D55D1C1-1A07-4409-BC85-28F7225852D9}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe "{3AEAF983-B6A5-4C8A-8490-06336701C9BF}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe "{810924DD-1AD3-4512-9E2F-16AB8E8FAA2D}"= c:\program files\Skype\Phone\Skype.exe:Skype "{E8F5E5C3-D79E-4FF7-9C2B-00D2D7E44B32}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{10AEFB5C-D6F9-4ACC-B413-B3252CBA6E1A}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{7B1F0C6B-B5DC-4468-9B60-019B3B4A1E10}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe "{0AE4951E-ED33-4CED-A75C-D6B9A3B6EA6F}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe "{0A8A9B5F-19F4-4057-8779-D71E0796E66A}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe "{E0F38AD8-9020-41FD-A3E5-EF451A81410B}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-07-19 28544] R1 APPFLT;App Filter Plugin;\??\c:\windows\system32\Drivers\APPFLT.SYS [2008-07-19 71736] R1 DSAFLT;DSA Filter Plugin;\??\c:\windows\system32\Drivers\DSAFLT.SYS [2008-07-19 51256] R1 FNETMON;NetMon Filter Plugin;\??\c:\windows\system32\Drivers\fnetmon.SYS [2008-07-19 22072] R1 IDSFLT;Ids Filter Plugin;\??\c:\windows\system32\Drivers\IDSFLT.SYS [2008-07-19 191672] R1 NETFLTDI;Panda Net Driver [TDI Layer];\??\c:\windows\system32\Drivers\NETFLTDI.SYS [2008-07-19 15:03:58 132920] R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2008-07-19 38456] R1 SMSFLT;SMS Filter Plugin;\??\c:\windows\system32\Drivers\SMSFLT.SYS [2008-07-19 37304] R1 WNMFLT;Wifi Monitor Filter Plugin;\??\c:\windows\system32\Drivers\WNMFLT.SYS [2008-07-19 30648] R2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm8660.sys [2008-07-19 46904] R2 ComFiltr;Panda Anti-Dialer;\??\c:\windows\system32\DRIVERS\COMFiltr.sys [2008-07-19 13880] R2 cpoint;Panda CPoint Driver;c:\windows\system32\Drivers\cpoint.sys [2008-07-19 24760] R2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\DRIVERS\PavProc.sys [2008-07-19 178872] R2 PskSvcRetail;Panda PSK service;"c:\program files\Panda Security\Panda Antivirus + Firewall 2008\PskSvc.exe" [2008-07-19 27696] R3 NETIMFLT;PANDA NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\netimflt.sys [2008-07-19 142128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26c8faab-9c90-11dd-8e07-001c2394e578}] \shell\AutoRun\command - G:\LaunchU3.exe -a *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-28 19:24:00 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-11-28 19:26:22 ComboFix-quarantined-files.txt 2008-11-28 19:26:14 Pre-Run: 27,109,060,608 bytes free Post-Run: 26,969,677,824 bytes free 249 --- E O F --- 2008-11-27 09:00:25

Forum Newcastle, Newcastle, polacy Newcastle, Sunderland, Darlington, Middlesbrough, Consett, Gateshead

Windows script host-problem

Windows script host-problem