Bezradny
(Wiceps)
7 Grudzień 2007 22:04
#1
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:00:26, on 2007-12-07 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\nvraidservice.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Valve\Steam\Steam.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\System32\wbem\unsecapp.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe C:\Program Files\BearShare Applications\BearShare\BearShare.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\cmd.exe C:\WINDOWS\System32\cmd.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe” O4 - HKLM…\Run: [WellPhone DirectSync - ScheduleSync] C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [LanguageShortcut] “C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [steam] “C:\Program Files\Valve\Steam\Steam.exe” -silent O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’) O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe – End of file - 5998 bytes
Ps. Czy mógłbyś mi powiedzieć do czego są wszystkie pliki? Co odinstalować by przyspieszyć pracę komputera?
Złączono Posta : 08.12.2007 (Sob) 12:59
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:50:10, on 2007-12-08 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\nvraidservice.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Valve\Steam\Steam.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\System32\wbem\unsecapp.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\eMule\emule.exe C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe C:\WINDOWS\System32\cmd.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Tibia\Tibia.exe C:\WINDOWS\System32\cmd.exe C:\WINDOWS\System32\cmd.exe C:\WINDOWS\System32\cmd.exe C:\WINDOWS\System32\cmd.exe C:\WINDOWS\system32\ftp.exe C:\WINDOWS\System32\cmd.exe C:\Program Files\Tibia\tibiaauto.exe C:\WINDOWS\System32\cmd.exe C:\WINDOWS\System32\cmd.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe” O4 - HKLM…\Run: [WellPhone DirectSync - ScheduleSync] C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [LanguageShortcut] “C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [steam] “C:\Program Files\Valve\Steam\Steam.exe” -silent O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’) O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe – End of file - 6028 bytes
Avast nie może usunąć 2 wirusów.
Gutek
(Gutek)
8 Grudzień 2007 16:16
#2
Bezradny
(Wiceps)
8 Grudzień 2007 18:26
#3
Nie udało mi się zrobić całej optymalizacji Windowsa , bo często zacinał się komputer. Restartowałem około 20 razy komputer…
Nie udało mi się zrobić skana ComboFixem bo był błąd i się zrestartował komputer…
Log Hijacthis
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:23:03, on 2007-12-08 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\nvraidservice.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\System\MSWVR32.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\unsecapp.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe” O4 - HKLM…\Run: [WellPhone DirectSync - ScheduleSync] C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [LanguageShortcut] “C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [combofix] “C:\WINDOWS\system32\cmd.exe” /c “cd /d C:\ComboFix\ & Combobatch.bat” O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’) O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing) O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Microsoft Windows Video Driver - Unknown owner - C:\Program Files\Common Files\System\MSWVR32.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe – End of file - 6068 bytes
Gutek
(Gutek)
8 Grudzień 2007 18:46
#4
Usuń linki z podpisu są niezgodne z regulaminem
Start >>> Uruchom >>> msconfig >>> w zakładce Uruchamianie wyłącz te wpisy.
Panel sterowania >>> Java Plug-in >>> Update >>> odptaszkuj Check for updates automatically
XP-Antispy odinstaluj messengera, zaznacz opcję w ustawieniach.
Bezradny
(Wiceps)
8 Grudzień 2007 18:56
#5
Zaraz to zrobie.
Jedno pytanie.
Nie działa mi nieraz crtl+alt+delete , msconfig ,cmd…
Muszę wtedy restartować komputer…
I jeszcze jedno. Jak odinstalować takie coś , kiedyś instalowałem botscren ,jak się włącza komputer to inny wygląd ale go nie ma. I muszę czekać 30sekund lub nacisnąć Enter…
Nie mogłem nacisnąć przycisku Włącz ponownie komputer tylko musiałem resetować naciskając przycisk.
Złączono Posta : 08.12.2007 (Sob) 20:05
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:05:07, on 2007-12-08 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\nvraidservice.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\System\MSWVR32.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\System32\wbem\unsecapp.exe C:\Program Files\xp-AntiSpy\xp-AntiSpy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’) O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing) O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Microsoft Windows Video Driver - Unknown owner - C:\Program Files\Common Files\System\MSWVR32.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe – End of file - 5445 bytes
Złączono Posta : 08.12.2007 (Sob) 20:06
Możesz mi powiedzieć co odinstalować zbędnego by poprawić w 100% system?
Złączono Posta : 08.12.2007 (Sob) 21:59
Co to jest?!
Gutek
(Gutek)
8 Grudzień 2007 21:16
#6
Użyj ATF-Cleaner i przeczyść TEMP
Odinstaluj Spyware Doctor
Optymalizacja XP: http://forum.dobreprogramy.pl/viewtopic.php?t=76580
Daj log z ComboFix
Bezradny
(Wiceps)
9 Grudzień 2007 13:29
#7
ComboFix szwankuje. Daje loga z innego
Deckard’s System Scanner v20071014.68 Run by Piotrek on 2007-12-09 14:08:36 Computer is in Normal Mode. -------------------------------------------------------------------------------- – System Restore -------------------------------------------------------------- Successfully created a Deckard’s System Scanner Restore Point. – Last 5 Restore Point(s) – 18: 2007-12-09 13:09:57 UTC - RP28 - Deckard’s System Scanner Restore Point 17: 2007-12-09 13:04:09 UTC - RP27 - ComboFix created restore point 16: 2007-12-08 18:19:08 UTC - RP26 - ComboFix created restore point 15: 2007-12-08 11:10:54 UTC - RP25 - Software Distribution Service 3.0 14: 2007-12-07 22:27:55 UTC - RP24 - Removed ActivePerl 5.8.8 Build 820 – First Restore Point – 1: 2007-11-10 13:46:59 UTC - RP11 - Installed Borland Delphi 7 Backed up registry hives. Performed disk cleanup. – HijackThis (run as Piotrek.exe) --------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:10, on 2007-12-09 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\System\MSWVR32.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\nvraidservice.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\System32\wbem\unsecapp.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Piotrek\Pulpit\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Piotrek.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’) O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Microsoft Windows Video Driver - Unknown owner - C:\Program Files\Common Files\System\MSWVR32.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe – End of file - 5436 bytes – HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups) ----------- backup-20070921-161655-616 O4 - HKLM…\Run: [tibia.exe] C:\Windows\system32\tibia.exe.exe backup-20070921-161655-699 O4 - HKLM…\Run: [gg.exe] C:\Windows\system32\gg.exe.exe – File Associations ----------------------------------------------------------- .cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL “%1”,%* .js - EdHTMLFile_2 - DefaultIcon - C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe,2 .js - EdHTMLFile_2 - shell\open\command - “C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe” “%1” – Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys R2 atksgt - c:\windows\system32\drivers\atksgt.sys R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys R2 Vcs (Vcs support) - c:\windows\system32\drivers\vcs.sys R3 catchme - c:\docume~1\piotrek\ustawi~1\temp\catchme.sys (file missing) R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys R3 SASENUM - c:\program files\superantispyware\sasenum.sys R3 SER120 (OTI Serial port driver) - c:\windows\system32\drivers\ser120.sys S3 GVCplDrv - c:\windows\system32\drivers\gvcpldrv.sys – Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Microsoft Windows Video Driver - “c:\program files\common files\system\mswvr32.exe” S2 Apache - “c:\program files\apache group\apache\apache.exe” --ntservice (file missing) – Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Kontroler Uniwersalnej magistrali szeregowej (USB) Device ID: PCI\VEN_10DE&DEV_005B&SUBSYS_50041458&REV_A3\3&2411E6FE&0&11 Manufacturer: Name: Kontroler Uniwersalnej magistrali szeregowej (USB) PNP Device ID: PCI\VEN_10DE&DEV_005B&SUBSYS_50041458&REV_A3\3&2411E6FE&0&11 Service: – Files created between 2007-11-09 and 2007-12-09 ----------------------------- 2007-12-09 11:43:06 720896 --a------ C:\WINDOWS\iun6002.exe 2007-12-09 11:43:06 0 d-------- C:\Program Files\TuneXP 2007-12-09 11:37:49 0 d-------- C:\Program Files\Microsoft Bootvis 2007-12-08 23:34:17 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-12-08 20:44:55 36573 --a------ C:\WINDOWS\System32\kk.exe 2007-12-08 20:04:20 0 d-------- C:\Program Files\xp-AntiSpy 2007-12-08 19:42:08 36573 --a------ C:\WINDOWS\System32\av.exe 2007-12-08 19:41:59 36573 --a------ C:\WINDOWS\System32\mg.exe 2007-12-08 18:53:54 25992 --a------ C:\WINDOWS\System32\pgdfgsvc.exe http://www.sysinternals.com ; Page File Defragmenter> 2007-12-08 17:59:12 0 d-------- C:\Program Files\Odkurzacz 2007-12-08 17:53:38 36573 --a------ C:\WINDOWS\System32\lk.exe 2007-12-08 17:53:31 36573 --a------ C:\WINDOWS\System32\bv.exe 2007-12-08 17:24:35 23 --ahs---- C:\WINDOWS\System32\ccddc1_r.dll 2007-12-08 17:24:31 0 d-------- C:\Program Files\jv16 PowerTools 2007 2007-12-08 17:17:55 36573 --a------ C:\WINDOWS\System32\hc.exe 2007-12-08 14:44:50 0 d-------- C:\Program Files\RegCleaner 2007-12-08 13:41:53 0 --a------ C:\WINDOWS\System32\kc.exe 2007-12-08 12:30:48 36573 --a------ C:\WINDOWS\System32\xc.exe 2007-12-07 22:53:16 0 d-------- C:\Program Files\BearShare Applications 2007-12-07 20:55:19 0 d-------- C:\Program Files\iMesh Applications 2007-12-06 16:03:46 0 d-------- C:\Program Files\Valve 2007-12-05 18:56:02 0 d-------- C:\Program Files\Eidos Interactive 2007-12-05 18:31:58 0 d-------- C:\Program Files\capcom 2007-12-05 18:16:56 0 d-------- C:\ATI 2007-12-05 18:02:55 0 d-------- C:\Program Files\Computer-Expert Group 2007-12-04 19:59:07 0 d-------- C:\Program Files\Deutsch Translator 2 2007-12-04 19:44:57 0 d-------- C:\Program Files\English Translator 3 2007-11-30 10:29:43 38 --a------ C:\WINDOWS\System32\net32gdilib.dll 2007-11-30 10:29:43 0 d-------- C:\Program Files\J River 2007-11-23 17:48:07 0 d-------- C:\Program Files\LANChat Pro 2007-11-22 16:46:06 32 --a------ C:\WINDOWS\hip 2007-11-21 20:08:40 47360 --a------ C:\WINDOWS\System32\drivers\pcouffin.sys 2007-11-10 21:40:30 0 d-------- C:\Program Files\HHD Software 2007-11-10 14:47:05 0 d-------- C:\Program Files\Borland 2007-11-10 14:23:39 0 d-------- C:\lazarus – Find3M Report --------------------------------------------------------------- 2007-12-09 14:04:44 0 --a------ C:\WINDOWS\nircmd.exe 2007-12-08 23:49:19 0 d-------- C:\Program Files\eMule 2007-12-08 23:36:48 0 d-------- C:\Program Files\SUPERAntiSpyware 2007-12-08 23:34:33 0 d-------- C:\Documents and Settings\Piotrek\Dane aplikacji\SUPERAntiSpyware.com 2007-12-08 23:34:17 0 d-------- C:\Program Files\Common Files 2007-12-08 22:24:25 0 d-------- C:\Program Files\Cell Phone Manager 2007-12-08 20:04:46 0 d-------- C:\Program Files\Messenger 2007-12-08 18:19:43 0 d-------- C:\Documents and Settings\Piotrek\Dane aplikacji\Grisoft 2007-12-08 10:56:24 0 d–h----- C:\Program Files\InstallShield Installation Information 2007-12-08 10:53:30 0 d-------- C:\Program Files\CyberLink 2007-12-08 10:23:24 0 d-------- C:\Documents and Settings\Piotrek\Dane aplikacji\Dev-Cpp 2007-12-08 10:09:48 0 d-------- C:\Documents and Settings\Piotrek\Dane aplikacji\SmartCom 2007-12-08 09:56:49 0 d-------- C:\Program Files\Winamp 2007-12-08 09:53:47 0 d-------- C:\Documents and Settings\Piotrek\Dane aplikacji\CyberLink 2007-12-07 23:16:12 0 d-------- C:\Documents and Settings\Piotrek\Dane aplikacji\Lavasoft 2007-12-07 14:50:20 0 d-------- C:\Program Files\Tibia 2007-11-30 10:29:21 0 d-------- C:\Documents and Settings\Piotrek\Dane aplikacji\J River 2007-11-25 13:45:42 10 --a------ C:\WINDOWS\popcinfo.dat 2007-11-24 08:35:57 458008 --a------ C:\WINDOWS\System32\perfh015.dat 2007-11-24 08:35:57 79392 --a------ C:\WINDOWS\System32\perfc015.dat 2007-11-21 20:08:46 0 d-------- C:\Documents and Settings\Piotrek\Dane aplikacji\Vso 2007-11-21 20:08:46 34 --a------ C:\Documents and Settings\Piotrek\Dane aplikacji\pcouffin.log 2007-11-21 20:08:41 47360 --a------ C:\Documents and Settings\Piotrek\Dane aplikacji\pcouffin.sys 2007-11-21 20:08:41 1144 --a------ C:\Documents and Settings\Piotrek\Dane aplikacji\pcouffin.inf 2007-11-21 20:08:41 7176 --a------ C:\Documents and Settings\Piotrek\Dane aplikacji\pcouffin.cat 2007-11-21 20:08:41 81920 --a------ C:\Documents and Settings\Piotrek\Dane aplikacji\ezpinst.exe 2007-11-13 18:36:12 0 d-------- C:\Documents and Settings\Piotrek\Dane aplikacji\Oxford 2007-11-10 14:47:19 0 d-------- C:\Program Files\Common Files\Borland Shared 2007-11-08 15:01:59 0 d-------- C:\Program Files\Gadu-Gadu 2007-11-04 16:45:34 0 d-------- C:\Documents and Settings\Piotrek\Dane aplikacji\Tibia 2007-11-04 16:20:21 0 d-------- C:\Program Files\Tibia8 2007-11-02 19:09:00 0 d-------- C:\Documents and Settings\Piotrek\Dane aplikacji\uTorrent 2007-11-02 19:08:56 0 d-------- C:\Program Files\totalcmd 2007-10-30 19:49:02 0 d-------- C:\Documents and Settings\Piotrek\Dane aplikacji\Sun 2007-10-24 07:12:36 0 d-------- C:\Program Files\Movie Maker 2007-10-20 20:59:03 4837 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd 2007-10-20 20:59:02 50943 --a------ C:\WINDOWS\BricoPackUninst.cmd 2007-10-15 16:14:52 0 d-------- C:\Program Files\Selteco 2007-10-13 17:09:05 0 d-------- C:\Program Files\SCAR 3.12 2007-09-29 22:16:09 32 --a------ C:\WINDOWS\go – Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SoundMan”=“SOUNDMAN.EXE” [2004-12-22 10:09 C:\WINDOWS\SOUNDMAN.EXE] “NVRaidService”=“C:\WINDOWS\System32\nvraidservice.exe” [2005-01-17 07:43] “NvCplDaemon”=“C:\WINDOWS\System32\NvCpl.dll” [2005-06-15 10:20] “NvMediaCenter”=“C:\WINDOWS\System32\NvMcTray.dll” [2005-06-15 10:20] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 14:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-07-09 08:39] “Odkurzacz-MCD”=“C:\Program Files\Odkurzacz\odk_mcd.exe” [2007-05-03 10:02] “SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” [2007-08-31 16:46] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26] HP Image Zone - szybkie uruchamianie.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\combofix] “C:\WINDOWS\system32\cmd.exe” /c “cd /d C:\ComboFix\ & Combobatch.bat” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] “C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] “C:\Program Files\Valve\Steam\Steam.exe” -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WellPhone DirectSync - ScheduleSync] C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE – Hosts ----------------------------------------------------------------------- 127.0.0.1 owntibia.com 127.0.0.1 vip.owntibia.com 127.0.0.1 87.98.239.19 127.0.0.1 lordoftibia.pl 127.0.0.1 http://www.lordoftibia.pl127.0.0.1 owntibia.com 127.0.0.1 vip.owntibia.com 127.0.0.1 87.98.239.19 – End of Deckard’s System Scanner: finished at 2007-12-09 14:11:01 ------------
Deckard’s System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- – System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) Architecture: X86; Language: Polish CPU 0: AMD Athlon 64 Processor 2800+ Percentage of Memory in Use: 58% Physical Memory (total/avail): 511.48 MiB / 211.84 MiB Pagefile Memory (total/avail): 1249.97 MiB / 913.13 MiB Virtual Memory (total/avail): 2047.88 MiB / 1949.48 MiB A: is Removable (Unformatted) C: is Fixed (NTFS) - 39.16 GiB total, 15.49 GiB free. D: is Fixed (NTFS) - 109.88 GiB total, 84.31 GiB free. E: is CDROM (CDFS) \.\PHYSICALDRIVE0 - ST3160023A - 149.05 GiB - 2 partitions \PARTITION0 (bootable) - Instalowalny system plików - 39.16 GiB - C: \PARTITION1 - Instalowalny system plików - 109.88 GiB - D: – Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. – Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Piotrek\Dane aplikacji CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=AA-ZKOXGIAUD155 ComSpec=C:\WINDOWS\system32\cmd.exe HOMEDRIVE=C: HOMEPATH=\ LOGONSERVER=\AA-ZKOXGIAUD155 NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Borland\Delphi7\Bin;C:\Program Files\Borland\Delphi7\Projects\Bpl;C:\Program Files\Common Files\Adobe\AGL PATHEXT=.COM ;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 10, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=040a ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Piotrek\USTAWI~1\Temp TMP=C:\DOCUME~1\Piotrek\USTAWI~1\Temp USERDOMAIN=AA-ZKOXGIAUD155 USERNAME=Piotrek USERPROFILE=C:\Documents and Settings\Piotrek windir=C:\WINDOWS – User Profiles --------------------------------------------------------------- K (admin) Piotrek (admin) Gość (new local, guest) – Add/Remove Programs --------------------------------------------------------- --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101} Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001} Advanced Privacy Supervisor v.2.0 --> “C:\Program Files\Computer-Expert Group\Advanced Privacy Supervisor\unins000.exe” Ahead Nero Burning ROM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL Alligator Flash Designer 7 PL (7.0.6.1) Trial --> C:\PROGRA~1\Selteco\ALLIGA~1\Setup.exe /remove Archiwizator WinRAR --> C:\Program Files\WinRAR\uninstall.exe Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe” -l0x15 avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe Battle.net --> C:\WINDOWS\bnetunin.exe Borland Delphi 7 --> MsiExec.exe /I{72263053-50D1-4598-9502-51ED64E54C51} Condition Zero --> “C:\PROGRA~1\Valve\Steam\steam.exe” steam://uninstall/80 Condition Zero Deleted Scenes --> “C:\PROGRA~1\Valve\Steam\steam.exe” steam://uninstall/100 Counter-Strike --> “C:\PROGRA~1\Valve\Steam\steam.exe” steam://uninstall/10 Counter-Strike --> MsiExec.exe /I{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A} CuteFTP 7 Home --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{59D98250-CFEB-4A0B-A737-FC7CADE27852}\Setup.exe” -l0x9 Day of Defeat --> “C:\PROGRA~1\Valve\Steam\steam.exe” steam://uninstall/30 Deathmatch Classic --> “C:\PROGRA~1\Valve\Steam\steam.exe” steam://uninstall/40 Deutsch Translator 2 --> C:\Program Files\Deutsch Translator 2\setup.exe -uninstall DVD Solution --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe” -uninstall EasyRecovery Professional Trial --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A45F4518-0DC7-474A-BBE1-F04CC2D6FD93} /l1033 eduROM - Lekcje demonstracyjne --> C:\WINDOWS\IsUn0415.exe -f"C:\Program Files\eduROM\eduROM Demo13.isu" eMule --> “C:\Program Files\eMule\Uninstall.exe” English Translator 3 --> C:\Program Files\English Translator 3\setup.exe -uninstall Gadu-Gadu 7.7 --> C:\Program Files\Gadu-Gadu\Setup.exe GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5} Gimnazjum klasa 2 - Chemia --> C:\WINDOWS\IsUn0415.exe -f"C:\Program Files\Gimnazjum klasa 2 - Chemia\Uninst.isu" -c"C:\Program Files\Gimnazjum klasa 2 - Chemia\UninstallProject.dll" Gimnazjum klasa 3 - Chemia --> C:\WINDOWS\IsUn0415.exe -f"C:\Program Files\Gimnazjum klasa 3 - Chemia\Uninst.isu" -c"C:\Program Files\Gimnazjum klasa 3 - Chemia\UninstallProject.dll" Gimnazjum_testy_2007 1.0 --> C:\Program Files\Gimnazjum_testy_2007\uninst.exe GTK+ 1.3.0-20030717 runtime environment --> C:\WINDOWS\unins000.exe HijackThis 2.0.2 --> “C:\Program Files\Trend Micro\HijackThis\HijackThis.exe” /uninstall HP Document Viewer 5.3 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat HP Extended Capabilities 5.3 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat HP Image Zone 5.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat HP PSC & OfficeJet 5.3.B --> “C:\Program Files\HP\Digital Imaging{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe” -datfile hposcr07.dat HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D} HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat Incadia --> C:\Program Files\Incadia\Uninstall.exe Inkscape 0.45.1 --> “C:\Program Files\Inkscape\uninst.exe” J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080} J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090} Java 2 Runtime Environment, SE v1.4.1_01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{1666FA7C-CB5F-11D6-A78C-00B0D079AF64}\setup.exe” Anytext Java Web Start --> “C:\Program Files\Java Web Start\uninst-javaws.exe” Język polski i matematyka. Uniwersalny leksykon szkolny --> C:\WINDOWS\IsUn0415.exe -f"C:\Program Files\PWN\POLMATE\Uninst.isu" jv16 PowerTools 2007 --> “C:\Program Files\jv16 PowerTools 2007\unins000.exe” Kids Pack --> c:\Program Files\Alawar\Kids Pack\uninstal.exe Kultura. Szkolna encyklopedia multimedialna --> C:\WINDOWS\IsUn0415.exe -f"C:\Program Files\PWN\KulturaSEM\Uninst.isu" LeechFTP --> C:\WINDOWS\eraser.exe KILL “C:\Program Files\LeechFTP\uninstall.uif” Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5 Microsoft Bootvis --> MsiExec.exe /I{0F9196C6-58B4-445B-B56E-B1200FECC151} Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110415-6000-11D3-8CFE-0150048383C9} Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe Nauki ścisłe. Szkolna encyklopedia multimedialna --> C:\WINDOWS\IsUn0415.exe -f"C:\Program Files\PWN\NaukiscisleSEM\Uninst.isu" NVIDIA Drivers --> C:\WINDOWS\System32\nvudisp.exe UninstallGUI Odkurzacz 10.9 Pro --> “C:\Program Files\Odkurzacz\unins000.exe” Onefog Ballines --> “C:\Program Files\Onefog\Ballines\unins000.exe” Oxford Wordpower Genie --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Oxford\WGE001OU\Uninst.isu" Pakiet poprawki systemu Windows XP [zobacz Q329115, aby uzyskać więcej informacji] --> C:\WINDOWS$NtUninstallQ329115$\spuninst\spuninst.exe PhotoNow! 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe” -uninstall Polski na 6+ DEMO --> “C:\Program Files\Edgard\Polski na 6+ DEMO\unins000.exe” Poprawka systemu Windows XP - KB823559 --> C:\WINDOWS$NtUninstallKB823559$\spuninst\spuninst.exe Poprawka systemu Windows XP - KB828741 --> C:\WINDOWS$NtUninstallKB828741$\spuninst\spuninst.exe Poprawka systemu Windows XP - KB833407 --> C:\WINDOWS$NtUninstallKB833407$\spuninst\spuninst.exe Poprawka systemu Windows XP - KB834707 --> C:\WINDOWS$NtUninstallKB834707-IE6-20040929.115007$\spuninst\spuninst.exe Poprawka systemu Windows XP - KB835732 --> C:\WINDOWS$NtUninstallKB835732$\spuninst\spuninst.exe Poprawka systemu Windows XP - KB842773 --> C:\WINDOWS$NtUninstallKB842773$\spuninst\spuninst.exe Power2Go 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe” -uninstall PowerDirector --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe” -uninstall PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe” -uninstall Python 2.4 --> MsiExec.exe /I{82D9302E-F209-4805-B548-52087047483A} QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log RAR Password Cracker (remove only) --> C:\Program Files\RAR Password Cracker\uninstall.exe Real Alternative 1.48 --> “C:\Program Files\Real Alternative\unins000.exe” Realtek AC’97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe” REMOVE Recover My Files --> “C:\Program Files\GetData\Recover My Files\unins000.exe” Republic: The Revolution --> MsiExec.exe /X{FEE97F95-1037-4064-B96A-F771BA1DB21C} Ricochet --> “C:\PROGRA~1\Valve\Steam\steam.exe” steam://uninstall/60 Słownik --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Słownik\DeIsL1.isu" -c"C:\Program Files\Słownik_ISREG32.DLL" SCAR Divi CDE 3.11 --> “C:\Program Files\SCAR 3.11\unins000.exe” SCAR Divi CDE 3.12c --> “C:\Program Files\SCAR 3.12\unins000.exe” Spybot - Search & Destroy --> “C:\Program Files\Spybot - Search & Destroy\unins000.exe” Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} SUPERAntiSpyware Professional --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} Szybka powtórka. Geografia --> C:\WINDOWS\IsUn0415.exe -f"C:\Program Files\PWN\SPGeografia\Uninst.isu" Tasker version 3.13 --> “C:\Program Files\Tasker\unins000.exe” Themexp.org File --> C:\PROGRA~1\themexp\THEMEX~1.ORG \UNWISE.EXE C:\PROGRA~1\themexp\THEMEX~1.ORG \INSTALL.LOG Tibia 7.6 --> “C:\Program Files\Tibia\unins000.exe” Tibia MULTI-ip changer --> C:\Program Files\Asprate\Tibia Multi IP Changer\UNinstaller.exe TibiCam NG 1.3 --> “C:\Program Files\TibiCam NG\unins000.exe” Total Commander (Remove or Repair) --> C:\Program Files\totalcmd\tcuninst.exe TuneXP 1.5 --> C:\WINDOWS\iun6002.exe “C:\Program Files\TuneXP\irunin.ini” Usb to Serial Driver 1.12.28 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{7F46E168-E0F4-45EA-81F5-80488334B609}\Setup.exe” -l0x9 WellPhone DirectSync --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{CFEC7E01-B73C-451D-A366-96978AFD233B}\setup.exe” UNINSTALL Wielka Powtórka - Język polski --> “C:\Program Files\Edgard Multimedia\Wielka Powtórka - Język polski\unins000.exe” Worms 4 Mayhem --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{45E7C481-3EF4-4FCB-AF0B-19F70D618F0C}\setup.exe” -l0x9 -removeonly xp-AntiSpy 3.96-6 --> C:\Program Files\xp-AntiSpy\Uninstall.exe Yet Another Free RayTracer for Windows 0.0.9 --> “C:\Program Files\YafRay\unins000.exe” – Application Event Log ------------------------------------------------------- Event Record #/Type7716 / Error Event Submitted/Written: 12/09/2007 02:10:50 PM Event ID/Source: 8 / crypt32 Event Description: Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt >, wystąpił błąd: 0x8ca Event Record #/Type7715 / Error Event Submitted/Written: 12/09/2007 02:10:46 PM Event ID/Source: 8 / crypt32 Event Description: Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt >, wystąpił błąd: 0x8ca Event Record #/Type7714 / Error Event Submitted/Written: 12/09/2007 02:10:45 PM Event ID/Source: 8 / crypt32 Event Description: Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt >, wystąpił błąd: 0x2ee7 Event Record #/Type7706 / Error Event Submitted/Written: 12/08/2007 09:59:00 PM Event ID/Source: 1000 / Application Error Event Description: Aplikacja powodująca błąd nvraidservice.exe, wersja 1.0.1.0, moduł powodujący błąd nvraidservice.exe, wersja 1.0.1.0, adres błędu 0x0000c683. Event Record #/Type7699 / Warning Event Submitted/Written: 12/08/2007 08:19:36 PM Event ID/Source: 1524 / Userenv Event Description: System Windows nie może zwolnić pliku rejestru klas - plik jest ciągle używany przez inną aplikację lub usługę. Plik zostanie zwolniony, gdy nie będzie używany. – Security Event Log ---------------------------------------------------------- No Errors/Warnings found. – System Event Log ------------------------------------------------------------ Event Record #/Type2666 / Error Event Submitted/Written: 12/09/2007 02:09:56 PM Event ID/Source: 7 / Disk Event Description: W urządzeniu \Device\Harddisk0\D wystąpił zły blok. Event Record #/Type2665 / Error Event Submitted/Written: 12/09/2007 02:09:52 PM Event ID/Source: 7 / Disk Event Description: W urządzeniu \Device\Harddisk0\D wystąpił zły blok. Event Record #/Type2664 / Error Event Submitted/Written: 12/09/2007 02:09:48 PM Event ID/Source: 7 / Disk Event Description: W urządzeniu \Device\Harddisk0\D wystąpił zły blok. Event Record #/Type2663 / Error Event Submitted/Written: 12/09/2007 02:09:44 PM Event ID/Source: 7 / Disk Event Description: W urządzeniu \Device\Harddisk0\D wystąpił zły blok. Event Record #/Type2662 / Error Event Submitted/Written: 12/09/2007 02:09:40 PM Event ID/Source: 7 / Disk Event Description: W urządzeniu \Device\Harddisk0\D wystąpił zły blok. – End of Deckard’s System Scanner: finished at 2007-12-09 14:11:01 ------------
Co się stąło?! Wszystkie pliki mają w nazwach rozszerzenia!! Np. plik exe ma nazwa.exe! Wszystkie pliki tak się zrobiły… zdjęcia mają nazwa.jpg
PS. Jak się dostać do tego folderu?! Kiedyś miałem tamtego użytkownika ,ale komputer się popsuł troche.
Złączono Posta : 09.12.2007 (Nie) 15:00
Znów
Avast nie może usunąć 2 wirusów.
Brałem tymi programami z optymalizacji windowsa
Gutek
(Gutek)
9 Grudzień 2007 15:36
#8
Wklej do Notatnika:
>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )
– podobnie jak na tym obrazku –>
(jeśli pojawi się pytanie " 1 or 2 " - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: * * Qoobox**.
Po tym nowy log z Combo