Jak usunać wirusa w NOD 32?

Pablo25 · 29 Grudzień 2006 08:14

jak usunąć wirusy w nod 32??Jestem jego posiadaczem pierwszy raz :mrgreen:

DziQQQQ · 29 Grudzień 2006 08:33

http://www.wilderssecurity.com/showthread.php?t=37509

Tu masz konfigurację NOD32. Jak godnie z tym zrobisz to sam ci będzie usuwał wirusy

adam9870 · 29 Grudzień 2006 08:33

A gdzie dokładnie został wykryty ??

Jeśli odwiedziłeś jakąś zainfekowaną stronę to śmieci może nie być, a w komunikacie NOD’a który wyskoczy kliknij Rozłącz lub Kopiuj do kwarantanny. Zaś jeśli śmieć został wykryty jako jeden z plików znajdujących się na dysku to kliknij przycisk Usuń.

Proszę wkleić na Forum zestaw logów (do tego tematu)

http://forum.dobreprogramy.pl/viewtopic.php?t=36654

Pablo25 · 29 Grudzień 2006 09:22

oto log:

Logfile of HijackThis v1.99.1 Scan saved at 10:23:18, on 2006-12-29 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\BearShare\BearShare.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Moj komputer\Pulpit\Ściągania BearShare\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O1 - Hosts: 62.75.224.159 http://www.bns1.net O1 - Hosts: 62.75.224.159 http://www.bns2.net O1 - Hosts: 62.75.224.159 http://www.bns3.net O1 - Hosts: 62.75.224.159 http://www.bns4.net O1 - Hosts: 62.75.224.159 http://www.bns5.net O1 - Hosts: 62.75.224.159 http://www.bns6.net O1 - Hosts: 62.75.224.159 http://www.bns7.net O1 - Hosts: 62.75.224.159 http://www.bns8.net O1 - Hosts: 62.75.224.159 http://www.cms1.net O1 - Hosts: 62.75.224.159 http://www.cms2.net O1 - Hosts: 62.75.224.159 http://www.cms3.net O1 - Hosts: 62.75.224.159 http://www.cms4.net O1 - Hosts: 62.75.224.159 http://www.cms5.net O1 - Hosts: 62.75.224.159 http://www.cms6.net O1 - Hosts: 62.75.224.159 http://www.cms7.net O1 - Hosts: 62.75.224.159 http://www.cms8.net O1 - Hosts: 62.75.224.159 http://www.rg1.com O1 - Hosts: 62.75.224.159 http://www.rg2.com O1 - Hosts: 62.75.224.159 http://www.rg3.com O1 - Hosts: 62.75.224.159 http://www.rg4.com O1 - Hosts: 62.75.224.159 http://www.rg5.com O1 - Hosts: 62.75.224.159 http://www.rg6.com O1 - Hosts: 62.75.224.159 http://www.rg7.com O1 - Hosts: 62.75.224.159 http://www.rg8.com O1 - Hosts: 62.75.224.159 http://www.cjt1.net O1 - Hosts: 62.75.224.159 http://www.rgs1.net O1 - Hosts: 62.75.224.159 http://www.rgs2.net O1 - Hosts: 62.75.224.159 http://www.bns1.net O1 - Hosts: 62.75.224.159 http://www.bns2.net O1 - Hosts: 62.75.224.159 http://www.cms1.net O1 - Hosts: 62.75.224.159 http://www.cms2.net O1 - Hosts: 62.75.224.159 bns1.net O1 - Hosts: 62.75.224.159 bns2.net O1 - Hosts: 62.75.224.159 bns3.net O1 - Hosts: 62.75.224.159 bns4.net O1 - Hosts: 62.75.224.159 bns5.net O1 - Hosts: 62.75.224.159 bns6.net O1 - Hosts: 62.75.224.159 bns7.net O1 - Hosts: 62.75.224.159 bns8.net O1 - Hosts: 62.75.224.159 cms1.net O1 - Hosts: 62.75.224.159 cms2.net O1 - Hosts: 62.75.224.159 cms3.net O1 - Hosts: 62.75.224.159 cms4.net O1 - Hosts: 62.75.224.159 cms5.net O1 - Hosts: 62.75.224.159 cms6.net O1 - Hosts: 62.75.224.159 cms7.net O1 - Hosts: 62.75.224.159 cms8.net O1 - Hosts: 62.75.224.159 rg1.com O1 - Hosts: 62.75.224.159 rg2.com O1 - Hosts: 62.75.224.159 rg3.com O1 - Hosts: 62.75.224.159 rg4.com O1 - Hosts: 62.75.224.159 rg5.com O1 - Hosts: 62.75.224.159 rg6.com O1 - Hosts: 62.75.224.159 rg7.com O1 - Hosts: 62.75.224.159 rg8.com O1 - Hosts: 62.75.224.159 cjt1.net O1 - Hosts: 62.75.224.159 rgs1.net O1 - Hosts: 62.75.224.159 rgs2.net O1 - Hosts: 62.75.224.159 bns1.net O1 - Hosts: 62.75.224.159 bns2.net O1 - Hosts: 62.75.224.159 cms1.net O1 - Hosts: 62.75.224.159 cms2.net O1 - Hosts: 62.75.224.159 j800banners.cjt1.net O1 - Hosts: 62.75.224.159 jadlogix.cjt1.net O1 - Hosts: 62.75.224.159 jadtegrity.cjt1.net O1 - Hosts: 62.75.224.159 jaimmedia.cjt1.net O1 - Hosts: 62.75.224.159 javatar.cjt1.net O1 - Hosts: 62.75.224.159 jbeet.cjt1.net O1 - Hosts: 62.75.224.159 jbigpops.cjt1.net O1 - Hosts: 62.75.224.159 jbouncetek.cjt1.net O1 - Hosts: 62.75.224.159 jbravenet.cjt1.net O1 - Hosts: 62.75.224.159 jcdcover.cjt1.net O1 - Hosts: 62.75.224.159 jclickspring.cjt1.net O1 - Hosts: 62.75.224.159 jcollegehumor.cjt1.net O1 - Hosts: 62.75.224.159 jdownloadacc.cjt1.net O1 - Hosts: 62.75.224.159 jedonkey.cjt1.net O1 - Hosts: 62.75.224.159 jeuniverse.cjt1.net O1 - Hosts: 62.75.224.159 jhot.cjt1.net O1 - Hosts: 62.75.224.159 jicmedia.cjt1.net O1 - Hosts: 62.75.224.159 jicq.cjt1.net O1 - Hosts: 62.75.224.159 jieplugin.cjt1.net O1 - Hosts: 62.75.224.159 jinternetoptimizer.cjt1.net O1 - Hosts: 62.75.224.159 jmediabuy1.cjt1.net O1 - Hosts: 62.75.224.159 jmediabuyad.cjt1.net O1 - Hosts: 62.75.224.159 jmindset.cjt1.net O1 - Hosts: 62.75.224.159 jmindsettest.cjt1.net O1 - Hosts: 62.75.224.159 jnictech.cjt1.net O1 - Hosts: 62.75.224.159 jnova.cjt1.net O1 - Hosts: 62.75.224.159 jpiolet.cjt1.net O1 - Hosts: 62.75.224.159 jsanboxer.cjt1.net O1 - Hosts: 62.75.224.159 jsercee.cjt1.net O1 - Hosts: 62.75.224.159 jthedelfin.cjt1.net O1 - Hosts: 62.75.224.159 jwarezp2p.cjt1.net O1 - Hosts: 62.75.224.159 jwildmedia.cjt1.net O1 - Hosts: 62.75.224.159 mediabuy-nic.cjt1.net O1 - Hosts: 62.75.224.159 http://www.m7z.net O1 - Hosts: 62.75.224.159 m7z.net O1 - Hosts: 62.75.224.159 jcms.cydoor.com O1 - Hosts: 62.75.224.159 cydoor.com O1 - Hosts: 62.75.224.159 http://www.cydoor.com O1 - Hosts: 62.75.224.159 jnova.cjt1.net O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file) O3 - Toolbar: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [NvCplDaemon] “RUNDLL32.EXE” C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM…\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM…\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [spyEmergency] “C:\Program Files\Netgate\Spy Emergency 2006\SpyEmergency.exe” O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file) O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab O16 - DPF: {4F091885-8A80-478E-8F48-C53508CA12FD} (DekaronAutoPlay Control) - http://file.dekaron.co.kr/_DownUtil/syscab/Dekaron.CAB O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (file missing) O23 - Service: CA License Client (CA_LIC_CLNT) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing) O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - E:\programy\instalki\cFosSpeed v3.13\spd.exe" -service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Wiem ze mam śmieci i wirusy bo mi sie komp muli jak horoba w grach sie zacina

A mam dobrego kompa:dane:

procek 2800 amd athlon

dysk 120gb

karta graficzna: geforce 5200 FX

muzyczna:zintegrowana i sound blaster

płyta głowna asus

adam9870 · 29 Grudzień 2006 09:37

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb O1 - Hosts: 62.75.224.159 http://www.bns1.net O1 - Hosts: 62.75.224.159 http://www.bns2.net O1 - Hosts: 62.75.224.159 http://www.bns3.net O1 - Hosts: 62.75.224.159 http://www.bns4.net O1 - Hosts: 62.75.224.159 http://www.bns5.net O1 - Hosts: 62.75.224.159 http://www.bns6.net O1 - Hosts: 62.75.224.159 http://www.bns7.net O1 - Hosts: 62.75.224.159 http://www.bns8.net O1 - Hosts: 62.75.224.159 http://www.cms1.net O1 - Hosts: 62.75.224.159 http://www.cms2.net O1 - Hosts: 62.75.224.159 http://www.cms3.net O1 - Hosts: 62.75.224.159 http://www.cms4.net O1 - Hosts: 62.75.224.159 http://www.cms5.net O1 - Hosts: 62.75.224.159 http://www.cms6.net O1 - Hosts: 62.75.224.159 http://www.cms7.net O1 - Hosts: 62.75.224.159 http://www.cms8.net O1 - Hosts: 62.75.224.159 http://www.rg1.com O1 - Hosts: 62.75.224.159 http://www.rg2.com O1 - Hosts: 62.75.224.159 http://www.rg3.com O1 - Hosts: 62.75.224.159 http://www.rg4.com O1 - Hosts: 62.75.224.159 http://www.rg5.com O1 - Hosts: 62.75.224.159 http://www.rg6.com O1 - Hosts: 62.75.224.159 http://www.rg7.com O1 - Hosts: 62.75.224.159 http://www.rg8.com O1 - Hosts: 62.75.224.159 http://www.cjt1.net O1 - Hosts: 62.75.224.159 http://www.rgs1.net O1 - Hosts: 62.75.224.159 http://www.rgs2.net O1 - Hosts: 62.75.224.159 http://www.bns1.net O1 - Hosts: 62.75.224.159 http://www.bns2.net O1 - Hosts: 62.75.224.159 http://www.cms1.net O1 - Hosts: 62.75.224.159 http://www.cms2.net O1 - Hosts: 62.75.224.159 bns1.net O1 - Hosts: 62.75.224.159 bns2.net O1 - Hosts: 62.75.224.159 bns3.net O1 - Hosts: 62.75.224.159 bns4.net O1 - Hosts: 62.75.224.159 bns5.net O1 - Hosts: 62.75.224.159 bns6.net O1 - Hosts: 62.75.224.159 bns7.net O1 - Hosts: 62.75.224.159 bns8.net O1 - Hosts: 62.75.224.159 cms1.net O1 - Hosts: 62.75.224.159 cms2.net O1 - Hosts: 62.75.224.159 cms3.net O1 - Hosts: 62.75.224.159 cms4.net O1 - Hosts: 62.75.224.159 cms5.net O1 - Hosts: 62.75.224.159 cms6.net O1 - Hosts: 62.75.224.159 cms7.net O1 - Hosts: 62.75.224.159 cms8.net O1 - Hosts: 62.75.224.159 rg1.com O1 - Hosts: 62.75.224.159 rg2.com O1 - Hosts: 62.75.224.159 rg3.com O1 - Hosts: 62.75.224.159 rg4.com O1 - Hosts: 62.75.224.159 rg5.com O1 - Hosts: 62.75.224.159 rg6.com O1 - Hosts: 62.75.224.159 rg7.com O1 - Hosts: 62.75.224.159 rg8.com O1 - Hosts: 62.75.224.159 cjt1.net O1 - Hosts: 62.75.224.159 rgs1.net O1 - Hosts: 62.75.224.159 rgs2.net O1 - Hosts: 62.75.224.159 bns1.net O1 - Hosts: 62.75.224.159 bns2.net O1 - Hosts: 62.75.224.159 cms1.net O1 - Hosts: 62.75.224.159 cms2.net O1 - Hosts: 62.75.224.159 j800banners.cjt1.net O1 - Hosts: 62.75.224.159 jadlogix.cjt1.net O1 - Hosts: 62.75.224.159 jadtegrity.cjt1.net O1 - Hosts: 62.75.224.159 jaimmedia.cjt1.net O1 - Hosts: 62.75.224.159 javatar.cjt1.net O1 - Hosts: 62.75.224.159 jbeet.cjt1.net O1 - Hosts: 62.75.224.159 jbigpops.cjt1.net O1 - Hosts: 62.75.224.159 jbouncetek.cjt1.net O1 - Hosts: 62.75.224.159 jbravenet.cjt1.net O1 - Hosts: 62.75.224.159 jcdcover.cjt1.net O1 - Hosts: 62.75.224.159 jclickspring.cjt1.net O1 - Hosts: 62.75.224.159 jcollegehumor.cjt1.net O1 - Hosts: 62.75.224.159 jdownloadacc.cjt1.net O1 - Hosts: 62.75.224.159 jedonkey.cjt1.net O1 - Hosts: 62.75.224.159 jeuniverse.cjt1.net O1 - Hosts: 62.75.224.159 jhot.cjt1.net O1 - Hosts: 62.75.224.159 jicmedia.cjt1.net O1 - Hosts: 62.75.224.159 jicq.cjt1.net O1 - Hosts: 62.75.224.159 jieplugin.cjt1.net O1 - Hosts: 62.75.224.159 jinternetoptimizer.cjt1.net O1 - Hosts: 62.75.224.159 jmediabuy1.cjt1.net O1 - Hosts: 62.75.224.159 jmediabuyad.cjt1.net O1 - Hosts: 62.75.224.159 jmindset.cjt1.net O1 - Hosts: 62.75.224.159 jmindsettest.cjt1.net O1 - Hosts: 62.75.224.159 jnictech.cjt1.net O1 - Hosts: 62.75.224.159 jnova.cjt1.net O1 - Hosts: 62.75.224.159 jpiolet.cjt1.net O1 - Hosts: 62.75.224.159 jsanboxer.cjt1.net O1 - Hosts: 62.75.224.159 jsercee.cjt1.net O1 - Hosts: 62.75.224.159 jthedelfin.cjt1.net O1 - Hosts: 62.75.224.159 jwarezp2p.cjt1.net O1 - Hosts: 62.75.224.159 jwildmedia.cjt1.net O1 - Hosts: 62.75.224.159 mediabuy-nic.cjt1.net O1 - Hosts: 62.75.224.159 http://www.m7z.net O1 - Hosts: 62.75.224.159 m7z.net O1 - Hosts: 62.75.224.159 jcms.cydoor.com O1 - Hosts: 62.75.224.159 cydoor.com O1 - Hosts: 62.75.224.159 http://www.cydoor.com O1 - Hosts: 62.75.224.159 jnova.cjt1.net O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file) O3 - Toolbar: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file) O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll

Usuń w hjt i poczytaj o edycji pliku hosts tutaj.

Po wykonaniu proszę pokazać nowy log z HijackThis plus z SilentRunners.

Pablo25 · 29 Grudzień 2006 09:40

to wszystko co wysłałeś w tym poście mam usunąć??

adam9870 · 29 Grudzień 2006 09:42

Tak, w hijacku usuwasz wpisy które wymieniłem w swoim poprzednim poście. Następnie poczytaj o edycji pliku hosts i pokaż nowy log z hjt oraz silenta.

Pablo25 · 29 Grudzień 2006 09:46

oto log: “Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”] “SpyEmergency” = ““C:\Program Files\Netgate\Spy Emergency 2006\SpyEmergency.exe”” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [null data] “NvCplDaemon” = ““RUNDLL32.EXE” C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “P17Helper” = “Rundll32 P17.dll,P17Helper” [MS] “CTSysVol” = “C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r” [“Creative Technology Ltd”] “UpdReg” = “C:\WINDOWS\UpdReg.EXE” [“Creative Technology Ltd.”] “nod32kui” = ““C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE” ["Eset "] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\PROGRA~1\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”]

adam9870 · 29 Grudzień 2006 09:48

Log z silenta jest ucięty. Poczekaj aż program skończy robić log, poinformuje wtedy odpowiednim komunikatem i dopiero wtedy wklej go na forum.

Pablo25 · 29 Grudzień 2006 09:54

“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”] “SpyEmergency” = ““C:\Program Files\Netgate\Spy Emergency 2006\SpyEmergency.exe”” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [null data] “NvCplDaemon” = ““RUNDLL32.EXE” C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “P17Helper” = “Rundll32 P17.dll,P17Helper” [MS] “CTSysVol” = “C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r” [“Creative Technology Ltd”] “UpdReg” = “C:\WINDOWS\UpdReg.EXE” [“Creative Technology Ltd.”] “nod32kui” = ““C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE” ["Eset "] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\PROGRA~1\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\msohev.dll” [MS] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{7C9D5882-CB4A-4090-96C8-430BFE8B795B}” = “Webroot Spy Sweeper Context Menu Integration” -> {HKLM…CLSID} = “Webroot Spy Sweeper Context Menu Integration” \InProcServer32(Default) = “blank” [file not found] “{A5110426-177D-4e08-AB3F-785F10B4439C}” = “Sony Ericsson File Manager” -> {HKLM…CLSID} = “Sony Ericsson File Manager” \InProcServer32(Default) = “C:\Program Files\Sony Ericsson\Mobile\File Manager\fmgrgui.dll” [“Sony Ericsson Mobile Communications AB”] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{B089FE88-FB52-11d3-BDF1-0050DA34150D}” = “NOD32 Context Menu Shell Extension” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” ["Eset "] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11d3-BDF1-0050DA34150D}” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” ["Eset "] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11d3-BDF1-0050DA34150D}” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” ["Eset "] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Default executables: -------------------- HKLM\Software\Classes.hta(Default) = (value not set) Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “NoLowDiskSpaceChecks” = (REG_DWORD) hex:0x00000000 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “DisableRegistryTools” = (REG_DWORD) hex:0x00000000 {Prevent access to registry editing tools} HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\ “HomePage” = (REG_DWORD) hex:0x00000000 {Disable changing home page settings} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\Web\Wallpaper\Idylla.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\WINDOWS\Web\Wallpaper\Idylla.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\system32\logon.scr” [MS] Enabled Scheduled Tasks: ------------------------ “1-Click Maintenance” -> launches: “C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe /schedulestart” [file not found] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: imon.dll ["Eset "], 01 - 05, 18 %SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_06” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll” [“Sun Microsystems, Inc.”] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Miscellaneous IE Hijack Points ------------------------------ HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ <> “TuneUp” = “file://C|/Documents and Settings/All Users.WINDOWS/Dane aplikacji/TuneUp Software/Common/base.css” [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [null data] avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [null data] avast! Mail Scanner, avast! Mail Scanner, ““C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] LexBce Server, LexBceS, “C:\WINDOWS\system32\LEXBCES.EXE” [“Lexmark International, Inc.”] NOD32 Kernel Service, NOD32krn, ““C:\Program Files\Eset\nod32krn.exe”” ["Eset "] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Lexmark Network Port\Driver = “LEXLMPM.DLL” [“Lexmark International, Inc.”] ---------- <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 33 seconds, including 2 seconds for message boxes) teraz jest cały (da sie uratowac mojego kompa przed formatem??)Jakie anty wirusy powinienem miec???Napisz wszystko

adam9870 · 29 Grudzień 2006 10:05

Czysto.

Gdzie NOD32 wykrył śmiecia, o którym wspomniałeś w pierwszym poście (dokładna lokalizacja) ??

Możesz przeskanować skanerem http://www.ewido.net/en/ i wkleić raport.

Monczkin · 29 Grudzień 2006 10:09

Pablo25 proszę poprawić logi i objąć je znacznikami.

Pablo25 · 29 Grudzień 2006 10:59

a te wirusy wykrywa w system volume czy coś takiego nie pamiętam

Złączono Posta : 29.12.2006 (Pią) 12:00

ale juz je usunołem

adam9870 · 29 Grudzień 2006 11:09

Przeskanuj jeszcze raz, a jeśli znowu zostaną wykryte śmieci w folderze System volume information , to znaczy że źle je usunąłeś i wtedy poczytaj:

http://forum.dobreprogramy.pl/viewtopic … 398#822398

squeet · 29 Grudzień 2006 11:13

Pablo25 byłeś o coś proszony.

Proszę o lekturę poniższych tematów:

http://forum.dobreprogramy.pl/viewtopic.php?t=66889

http://forum.dobreprogramy.pl/viewtopic.php?t=36654

Logi proszę wklejać w tagach quote. W tym celu proszę użyć przycisku

Pablo25 · 29 Grudzień 2006 11:30

avast wykrywał mi wirusy w tym folderze Documents and Settings\5628252 mi sie wydaje ze ten folder jest to nazwa komputera i do niego nieda sie wejsć i pisze ze folder jest pusty ale jak przeinstalowałęm system już dawno to jak skanuje adwarem to widze w tym folderze stare gry i rozne inne zeczy

Da sie wejsc lub częsciow usunąć te starocia z tego folderu???Proszę o odp

adam9870 · 29 Grudzień 2006 11:35

Przeskanuj avastem bądź http://www.ewido.net/en/ i wklej raport ze skanowania.

Pablo25 · 29 Grudzień 2006 13:07

ej a jest jakis program zeby pozamykać niepotrzebne procesy zeby było więcej pamięci ram??bo ja mam 512mb ramu jest to niewiele i programy podczas startu systemu długo sie uruchamiają jak zrobic zeby programy otwieraly sie szybciej??

sdar · 29 Grudzień 2006 13:23

Pablo25 - kolega adam9870 juz drugi raz prosi Cię o wklejenie rapotrów ze skanowania a Ty uparcie zadajesz inne pytania. Czy chcesz aby Ci pomóc czy tylko chcesz sobie popisać na forum?

I zacznij wreszcie pisać w języku polskim używając polskich znaków (ą, ś, ł, ó, itp). Jeśli się nie zastosujesz do tych sugestii to temat nieodwołalnie wyląduje w śmietniku. Jest tu już zbyt wiele interwencji moderatorskich aby to dalej tolerować.

Pablo25 · 29 Grudzień 2006 20:31

oto screen z ostatniego skanowania:

http://img299.imageshack.us/img299/3632 … 22ujb9.jpg

Tak jak pisałem w tamtym poście wydaje mi się że ten folder 5628252 to jest nazwa komputera w to nieda się wejść :shock: Nie wiem jak usunąć te wirusy

jak wie ktoś jak to zrobić to pisać