adlerxx
(Adlerxx)
1 Lipiec 2007 17:15
#1
Witam. Proszę o pomoc, ponieważ mam problem z KAV 06 - skan kompa trwa b. długo - po 5 godzinach ukończono zaledwie 2 % skanu. Termin zakończenia skanu wg KAV to ok. 2 tygodnie. Użyłem Pest Patrola, AdAware, Spybota i Smitfraud Fix.
Log Hijack This:
Logfile of HijackThis v1.99.1 Scan saved at 18:45:57, on 2007-07-01 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\cisvc.exe F:\Program Files\Diablo II\d2gs 1.11b\D2GSSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\Program Files\AGEIA Technologies\TrayIcon.exe C:\WINDOWS\RTHDCPL.EXE F:\program files\powerstrip\pstrip.exe C:\PROGRA~1\PESTPA~1\PPControl.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\PROGRA~1\PESTPA~1\CookiePatrol.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\LXSUPMON.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\HijackThis\HijackThis.exe F:\Program Files\Diablo II\d2gs 1.11b\D2GS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) R3 - URLSearchHook: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - F:\Program Files\ivo\Expressivo Demo\IH_iexplore.dll O2 - BHO: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll O3 - Toolbar: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - F:\Program Files\ivo\Expressivo Demo\IH_iexplore.dll O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe O4 - HKLM…\Run: [instantAccess] c:\program files\TBRIDGE\BIN\InstantAccess.exe /h O4 - HKLM…\Run: [RegisterDropHandler] c:\program files\TBRIDGE\BIN\RegisterDropHandler.exe O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [skyTel] SkyTel.EXE O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM…\Run: [PowerStrip] f:\program files\powerstrip\pstrip.exe O4 - HKLM…\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe O4 - HKLM…\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM…\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [iSUSPM] “C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” -scheduler O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [kav] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe” O4 - HKLM…\RunServices: [RegisterDropHandler] c:\program files\TBRIDGE\BIN\RegisterDropHandler.exe O4 - HKCU…\Run: [systweak Memory Optimizer] c:\program files\advanced system optimizer\memtuneup.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [Expressivo] “F:\Program Files\ivo\Expressivo Demo\expressivo.exe” -t O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O14 - IERESET.INF: START_PAGE_URL=about:blank O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVP - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe O23 - Service: Diablo II Close Game Server (D2GS) - Unknown owner - F:\Program Files\Diablo II\d2gs 1.11b\D2GSSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Log Silentrunners:
“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Systweak Memory Optimizer” = “c:\program files\advanced system optimizer\memtuneup.exe” [file not found] “Steam” = “(empty string)” [file not found] “MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS] “Expressivo” = ““F:\Program Files\ivo\Expressivo Demo\expressivo.exe” -t” [“IVO Software Sp. z o.o.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “SunJavaUpdateSched” = ““C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”” [“Sun Microsystems, Inc.”] “SpeedTouch USB Diagnostics” = ““C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon” [“THOMSON Telecom Belgium”] “WooCnxMon” = “C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [empty string] “WOOWATCH” = “C:\PROGRA~1\NEOSTR~1\Watch.exe” [“France Télécom R&D”] “WOOTASKBARICON” = “C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [“France Télécom R&D”] “AGEIA PhysX SysTray” = “C:\Program Files\AGEIA Technologies\TrayIcon.exe” [null data] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” [MS] “PrinTray” = “C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe” [“Lexmark”] “InstantAccess” = “c:\program files\TBRIDGE\BIN\InstantAccess.exe /h” [null data] “RegisterDropHandler” = “c:\program files\TBRIDGE\BIN\RegisterDropHandler.exe” [empty string] “RTHDCPL” = “RTHDCPL.EXE” [“Realtek Semiconductor Corp.”] “SkyTel” = “SkyTel.EXE” [“Realtek Semiconductor Corp.”] “Alcmtr” = “ALCMTR.EXE” [“Realtek Semiconductor Corp.”] “PowerStrip” = “f:\program files\powerstrip\pstrip.exe” [“EnTech Taiwan”] “PestPatrol Control Center” = “C:\PROGRA~1\PESTPA~1\PPControl.exe” [“Computer Associates International”] “PPMemCheck” = “C:\PROGRA~1\PESTPA~1\PPMemCheck.exe” [null data] “CookiePatrol” = “C:\PROGRA~1\PESTPA~1\CookiePatrol.exe” [“Computer Associates International”] “DAEMON Tools” = ““C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033” [“DT Soft Ltd.”] “LXSUPMON” = “C:\WINDOWS\system32\LXSUPMON.EXE RUN” [“Lexmark”] “QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”] “ISUSPM” = ““C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” -scheduler” [file not found] “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [“ALWIL Software”] “kav” = ““C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe”” [“Kaspersky Lab”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “Adobe PDF Reader Link Helper” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\PROGRA~1\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll” [“Sun Microsystems, Inc.”] {85F685C3-20D9-4943-95E4-EB4224056C3F}(Default) = (no title provided) -> {HKLM…CLSID} = “Expressivo” \InProcServer32(Default) = “F:\Program Files\ivo\Expressivo Demo\IH_iexplore.dll” [“IVO Software Sp. z o.o.”] {b5146c40-189a-4311-bda9-fbae3e023187}(Default) = (no title provided) -> {HKLM…CLSID} = “Multi_Media toolbar” \InProcServer32(Default) = “C:\Program Files\Multi_Media\tbMult.dll” [“Conduit Ltd.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}” = “OpenOffice.org Column Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{087B3AE3-E237-4467-B8DB-5A38AB959AC9}” = “OpenOffice.org Infotip Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{63542C48-9552-494A-84F7-73AA6A7C99C1}” = “OpenOffice.org Property Sheet Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{3B092F0C-7696-40E3-A80F-68D74DA84210}” = “OpenOffice.org Thumbnail Viewer” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] “{D0FAC080-AE1A-11ce-8016-CE90976DC901}” = “Picture Publisher File Viewer” -> {HKLM…CLSID} = “Picture Publisher File Viewer” \InProcServer32(Default) = “ppiv30.dll” [null data] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{377BF0A0-F755-4469-BA0C-BEB93AAB5454}” = “MuVo V100 Media Explorer” -> {HKLM…CLSID} = “MuVo V100 Media Explorer” \InProcServer32(Default) = “C:\Program Files\Creative\Creative MuVo V100\MuVo V100 Media Explorer\CTMvnsu.dll” [“Creative Technology Ltd”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] HKLM\System\CurrentControlSet\Control\Session Manager\ <> “BootExecute” = “autocheck autochk *”|“pgdfgsvc C 1” [“Sysinternals - http://www.sysinternals.com ”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> klogon\DLLName = “C:\WINDOWS\system32\klogon.dll” [“Kaspersky Lab”] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}(Default) = “OpenOffice.org Column Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be enabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Active Desktop web content (hidden if disabled): HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\ “FriendlyName” = “” “Source” = “file:///C:/DOCUME~1/user/USTAWI~1/Temp/msohtml1/01/clip_image002.jpg” “SubscribedURL” = “file:///C:/DOCUME~1/user/USTAWI~1/Temp/msohtml1/01/clip_image002.jpg” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\system32\OBJECT~1.SCR” (Object Browser For Trainz ScreenSaver.scr) [“Axialis Software”] Startup items in “user” & “All Users” startup folders: ------------------------------------------------------ C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Reader Speed Launch” -> shortcut to: “C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{B5146C40-189A-4311-BDA9-FBAE3E023187}” -> {HKLM…CLSID} = “Multi_Media toolbar” \InProcServer32(Default) = “C:\Program Files\Multi_Media\tbMult.dll” [“Conduit Ltd.”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{B5146C40-189A-4311-BDA9-FBAE3E023187}” = “Multi Media Toolbar” -> {HKLM…CLSID} = “Multi_Media toolbar” \InProcServer32(Default) = “C:\Program Files\Multi_Media\tbMult.dll” [“Conduit Ltd.”] “{85F685C3-20D9-4943-95E4-EB4224056C3F}” = “Expressivo” -> {HKLM…CLSID} = “Expressivo” \InProcServer32(Default) = “F:\Program Files\ivo\Expressivo Demo\IH_iexplore.dll” [“IVO Software Sp. z o.o.”] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = “ToolBand Class” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.6.0_01” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.6.0_01” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll” [“Sun Microsystems, Inc.”] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to “Reset Web Settings”) Added lines (compared with English-language version): [strings]: START_PAGE_URL=about:blank Missing lines (compared with English-language version): [strings]: 1 line HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <> “{b5146c40-189a-4311-bda9-fbae3e023187}” = (no title provided) -> {HKLM…CLSID} = “Multi_Media toolbar” \InProcServer32(Default) = “C:\Program Files\Multi_Media\tbMult.dll” [“Conduit Ltd.”] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [“ALWIL Software”] avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [“ALWIL Software”] avast! Mail Scanner, avast! Mail Scanner, ““C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] Diablo II Close Game Server, D2GS, “F:\Program Files\Diablo II\d2gs 1.11b\D2GSSVC.exe” [null data] LexBce Server, LexBceS, “C:\WINDOWS\system32\LEXBCES.EXE” [“Lexmark International, Inc.”] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Lexmark Network Port\Driver = “LEXLMPM.DLL” [“Lexmark International, Inc.”] Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] ---------- <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 111 seconds, including 6 seconds for message boxes)
Log Fixwareout:
Fixwareout Last edited 2/11/2007 Post this report in the forums please … »»»»»Prerun check »»»»» System restarted »»»»» Postrun check HKLM\SOFTWARE~\Winlogon\ “System”="" … … »»»»» Misc files. … »»»»» Checking for older varients. … Search five digit cs, dm, kd, jb, other, files. The following files NEED TO BE SUBMITTED to one of the following URL’S for further inspection. Click browse, find the file then click submit. http://www.virustotal.com/flash/index_en.html Or http://virusscan.jotti.org/ »»»»» Other »»»»» Current runs [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SunJavaUpdateSched”="“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”" “SpeedTouch USB Diagnostics”="“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon" “WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” “AGEIA PhysX SysTray”=“C:\Program Files\AGEIA Technologies\TrayIcon.exe” “NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” “nwiz”=“nwiz.exe /install” “NvMediaCenter”=“RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” “PrinTray”=“C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe” “InstantAccess”=“c:\program files\TBRIDGE\BIN\InstantAccess.exe /h” “RegisterDropHandler”=“c:\program files\TBRIDGE\BIN\RegisterDropHandler.exe” “RTHDCPL”=“RTHDCPL.EXE” “SkyTel”=“SkyTel.EXE” “Alcmtr”=“ALCMTR.EXE” “PowerStrip”=“f:\program files\powerstrip\pstrip.exe” “PestPatrol Control Center”=“C:\PROGRA~1\PESTPA~1\PPControl.exe” “PPMemCheck”=“C:\PROGRA~1\PESTPA~1\PPMemCheck.exe” “CookiePatrol”=“C:\PROGRA~1\PESTPA~1\CookiePatrol.exe” “DAEMON Tools”="“C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033" “LXSUPMON”=“C:\WINDOWS\system32\LXSUPMON.EXE RUN” “QuickTime Task”="“C:\Program Files\QuickTime\qttask.exe” -atboottime" “ISUSPM”="“C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” -scheduler" “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” “kav”="“C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe”" “KernelFaultCheck”=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Systweak Memory Optimizer”=“c:\program files\advanced system optimizer\memtuneup.exe” “Steam”="" “MSMSGS”="“C:\Program Files\Messenger\msmsgs.exe” /background" “Expressivo”="“F:\Program Files\ivo\Expressivo Demo\expressivo.exe” -t" … Hosts file was reset, If you use a custom hosts file please replace it »»»»» End report »»»»»
Log Comboscan:
ComboScan v20070306.20 run by user on 2007-07-01 at 18:47:59 Computer is in Normal Mode. -------------------------------------------------------------------------------- – HijackThis (run as user.exe) ------------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 18:48:01, on 2007-07-01 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\cisvc.exe F:\Program Files\Diablo II\d2gs 1.11b\D2GSSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\Program Files\AGEIA Technologies\TrayIcon.exe C:\WINDOWS\RTHDCPL.EXE F:\program files\powerstrip\pstrip.exe C:\PROGRA~1\PESTPA~1\PPControl.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\PROGRA~1\PESTPA~1\CookiePatrol.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\LXSUPMON.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\cidaemon.exe C:\Documents and Settings\user\Pulpit\pliki pobierane\comboscan.exe C:\PROGRA~1\HIJACK~1\user.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) R3 - URLSearchHook: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - F:\Program Files\ivo\Expressivo Demo\IH_iexplore.dll O2 - BHO: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll O3 - Toolbar: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - F:\Program Files\ivo\Expressivo Demo\IH_iexplore.dll O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe O4 - HKLM…\Run: [instantAccess] c:\program files\TBRIDGE\BIN\InstantAccess.exe /h O4 - HKLM…\Run: [RegisterDropHandler] c:\program files\TBRIDGE\BIN\RegisterDropHandler.exe O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [skyTel] SkyTel.EXE O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM…\Run: [PowerStrip] f:\program files\powerstrip\pstrip.exe O4 - HKLM…\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe O4 - HKLM…\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM…\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [iSUSPM] “C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” -scheduler O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [kav] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe” O4 - HKLM…\RunServices: [RegisterDropHandler] c:\program files\TBRIDGE\BIN\RegisterDropHandler.exe O4 - HKCU…\Run: [systweak Memory Optimizer] c:\program files\advanced system optimizer\memtuneup.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [Expressivo] “F:\Program Files\ivo\Expressivo Demo\expressivo.exe” -t O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O14 - IERESET.INF: START_PAGE_URL=about:blank O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVP - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe O23 - Service: Diablo II Close Game Server (D2GS) - Unknown owner - F:\Program Files\Diablo II\d2gs 1.11b\D2GSSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe – Files created between 2007-06-01 and 2007-07-01 ----------------------------- 2007-06-30 13:02:09 79360 --a------ C:\WINDOWS\system32\swxcacls.exe 2007-06-30 13:02:09 40960 --a------ C:\WINDOWS\system32\swsc.exe 2007-06-30 13:02:09 135168 --a------ C:\WINDOWS\system32\swreg.exe 2007-06-30 13:02:09 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-06-30 13:02:09 53248 --a------ C:\WINDOWS\system32\Process.exe 2007-06-30 13:02:09 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-06-30 12:07:30 23416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-06-30 12:07:29 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-06-30 12:07:28 26888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-06-30 12:07:25 95872 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-06-30 12:07:22 94552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-06-30 12:07:22 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-06-30 12:07:14 745600 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-06-30 12:07:09 0 d-------- C:\Program Files\Alwil Software 2007-06-26 02:06:31 0 d-------- C:\Program Files\Multi_Media 2007-06-23 18:20:30 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll 2007-06-23 18:20:30 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll 2007-06-23 18:20:29 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll 2007-06-23 18:10:22 35521 --a------ C:\WINDOWS\DIIUnin.dat 2007-06-23 18:10:18 2829 --a------ C:\WINDOWS\DIIUnin.pif 2007-06-23 18:10:18 106496 --a------ C:\WINDOWS\DIIUnin.exe 2007-06-22 19:10:32 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2007-06-21 09:58:30 0 d-------- C:\Program Files\Common Files\Adobe 2007-06-16 21:37:52 0 d-------- C:\Program Files\Electronic Arts 2007-06-15 21:07:38 0 d-------- C:\WINDOWS\Project Snowblind 2007-06-14 00:25:31 0 d-------- C:\BrothersInArmsEiB 2007-06-12 15:56:06 9699328 --a------ C:\Documents and Settings\user\ntuser.dat 2007-06-08 20:14:37 0 d-------- C:\Program Files\MAIET 2007-06-03 19:48:52 0 d-------- C:\Documents and Settings\user\Application Data\ExecutiveSoftware 2007-06-03 17:55:36 20 --a------ C:\WINDOWS\GndGGGg.dat 2007-06-03 17:55:33 0 d–hs---- C:\RecoveryBin 2007-06-03 17:55:15 0 d-------- C:\Program Files\Executive Software 2007-06-02 21:24:48 14 --a------ C:\WINDOWS\system32\systeminfo3.dll 2007-06-02 21:21:59 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2007-06-02 21:21:32 0 d-------- C:\Program Files\SlySoft – Find3M Report --------------------------------------------------------------- 2007-07-01 18:43:48 460734 --a------ C:\WINDOWS\system32\perfh015.dat 2007-07-01 18:43:48 80752 --a------ C:\WINDOWS\system32\perfc015.dat 2007-07-01 18:40:43 0 d-------- C:\Program Files\PestPatrol 2007-07-01 18:21:30 0 d-------- C:\Program Files\Neostrada TP 2007-06-30 13:05:24 4776 --a------ C:\WINDOWS\system32\tmp.reg 2007-06-28 15:52:55 0 d-------- C:\Documents and Settings\user\Dane aplikacji\Azureus 2007-06-28 15:52:52 0 d-------- C:\Program Files\PeerGuardian2 2007-06-28 14:39:13 0 d-------- C:\Program Files\eMule 2007-06-27 14:06:28 0 d-------- C:\Program Files\Google 2007-06-27 13:13:25 0 d-------- C:\Documents and Settings\user\Dane aplikacji\Tibia 2007-06-22 12:20:05 0 d-------- C:\Program Files\Azureus 2007-06-21 09:33:36 0 d-------- C:\Documents and Settings\user\Dane aplikacji\AdobeUM 2007-06-20 20:35:13 0 d–h----- C:\Program Files\InstallShield Installation Information 2007-06-19 18:26:53 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-06-15 13:14:40 0 d-------- C:\Program Files\Kaspersky Lab 2007-06-10 22:50:28 0 d-------- C:\Program Files\Ontrack 2007-06-04 22:21:42 0 d-------- C:\Program Files\Mozilla Firefox 2007-06-03 22:16:09 0 d-------- C:\Documents and Settings\user\Dane aplikacji\Gearbox Software 2007-06-03 13:23:37 0 d-------- C:\Documents and Settings\user\Dane aplikacji\Vso 2007-06-03 13:23:37 47360 --a------ C:\Documents and Settings\user\Dane aplikacji\pcouffin.sys 2007-06-03 13:23:37 33 --a------ C:\Documents and Settings\user\Dane aplikacji\pcouffin.log 2007-06-03 13:23:37 1144 --a------ C:\Documents and Settings\user\Dane aplikacji\pcouffin.inf 2007-06-03 13:23:37 7176 --a------ C:\Documents and Settings\user\Dane aplikacji\pcouffin.cat 2007-06-03 13:23:37 81920 --a------ C:\Documents and Settings\user\Dane aplikacji\ezpinst.exe 2007-06-02 21:31:36 0 d-------- C:\Documents and Settings\user\Dane aplikacji\SlySoft 2007-05-31 10:21:29 98304 --a------ C:\WINDOWS\system32CmdLineExt.dll 2007-05-19 10:53:58 0 d—s---- C:\Documents and Settings\user\Dane aplikacji\Microsoft 2007-05-06 21:59:48 0 d-------- C:\Program Files\Apple Software Update – Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “Systweak Memory Optimizer”=“c:\program files\advanced system optimizer\memtuneup.exe” “Steam”="" “MSMSGS”="“C:\Program Files\Messenger\msmsgs.exe” /background" “Expressivo”="“F:\Program Files\ivo\Expressivo Demo\expressivo.exe” -t" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “SunJavaUpdateSched”="“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”" “SpeedTouch USB Diagnostics”="“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon" “WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” “AGEIA PhysX SysTray”=“C:\Program Files\AGEIA Technologies\TrayIcon.exe” “NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” “nwiz”=“nwiz.exe /install” “NvMediaCenter”=“RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” “PrinTray”=“C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe” “InstantAccess”=“c:\program files\TBRIDGE\BIN\InstantAccess.exe /h” “RegisterDropHandler”=“c:\program files\TBRIDGE\BIN\RegisterDropHandler.exe” “RTHDCPL”=“RTHDCPL.EXE” “SkyTel”=“SkyTel.EXE” “Alcmtr”=“ALCMTR.EXE” “PowerStrip”=“f:\program files\powerstrip\pstrip.exe” “PestPatrol Control Center”=“C:\PROGRA~1\PESTPA~1\PPControl.exe” “PPMemCheck”=“C:\PROGRA~1\PESTPA~1\PPMemCheck.exe” “CookiePatrol”=“C:\PROGRA~1\PESTPA~1\CookiePatrol.exe” “DAEMON Tools”="“C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033" “LXSUPMON”=“C:\WINDOWS\system32\LXSUPMON.EXE RUN” “QuickTime Task”="“C:\Program Files\QuickTime\qttask.exe” -atboottime" “ISUSPM”="“C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” -scheduler" “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” “kav”="“C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe”" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] “RegisterDropHandler”=“c:\program files\TBRIDGE\BIN\RegisterDropHandler.exe” @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Action Manager 32.lnk] “path”=“C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Action Manager 32.lnk” “backup”=“C:\WINDOWS\pss\Action Manager 32.lnkCommon Startup” “location”=“Common Startup” “command”="C:\Program Files\ScannerU\AM32.exe " “item”=“Action Manager 32” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“NeroCheck” “hkey”=“HKLM” “command”=“C:\WINDOWS\system32\NeroCheck.exe” “inimapping”=“0” [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source REG_SZ file:///C:/DOCUME~1/user/USTAWI~1/Temp/msohtml1/01/clip_image002.jpg [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{b16b6842-3771-11db-8827-806d6172696f}] Shell\AutoRun\command E:\SETUP.EXE – End of ComboScan: finished at 2007-07-01 at 18:49:18 ------------------------
Z góry dziękuję za pomoc.
system
(system)
1 Lipiec 2007 17:39
#2
A na jakim pliku się zatrzymuje :?: Usuń go i powinno być po kłopocie
adlerxx
(Adlerxx)
1 Lipiec 2007 17:45
#3
Nie zatrzymuje się, ale strasznie wolno chodzi. Jak wyżej napisałem, po ok. 5 godzinach działania, KAV przeskanował zaledwie 2 %. W takim tempie skanowałby mi dysk przez ponad 2 tygodnie.
system
(system)
1 Lipiec 2007 17:58
#4
Tak to jest jak się instaluje 2 AV.
adlerxx
(Adlerxx)
1 Lipiec 2007 18:58
#5
Drugiego Antyvira zainstalowałem dopiero wczoraj, gdy Kaspersky zaczął zamulać. Myślałem, że Avastem usunę wirusy i KAV będzie hulać.
adam9870
(adam9870)
1 Lipiec 2007 19:07
#6
Usuń jednego z aktualnie zainstalowanych antyvirusów i sprawdź czy system w dalszym ciągu będzie wolniej chodził. Jeśli tak to poszukamy innych sposobów mogących rozwiązać ten problem jednak na 90% powodem wolniejszego działania systemu jest działanie dwóch programów antyvirusówych w jednym czasie.
Zamiast drugiego antyvirusa proponuję przeskanować system od czasu do czasu jakimś skanerem on-line. Osobiście polecam:
http://www.ewido.net/de/onlinescan/
http://www.kaspersky.pl/virusscanner.html
adlerxx
(Adlerxx)
4 Lipiec 2007 13:46
#7
Odinstalowałem Avasta, komp nadal zamulał. Kaspersky też. Odinstalowałem więc Kaspersky’ego i zainstalowałem ponownie. Komp jak zamulał, tak nadal zamula. Skan Kasperskym ok. 220 GB trwał prawie 8 godzin - nie wiem czy to normalne (notabene nie wykrył żadnych virów). Nie wiem już, co robić - czy pozostał tylko FORMAT?
Joan
(Joan Sunshine)
4 Lipiec 2007 14:01
#8
usun wpisy w hjt a folder na czerwono ręcznie z dysku.
Przeczyść rejestr – użyj do tego jv16 PowerTools 2006 1.5.2.344.
adlerxx
(Adlerxx)
4 Lipiec 2007 16:04
#9
Czy w jv16 Power Tools po zrobieniu skanu rejestru trzeba kliknąc fix, czy remove? Na wszelki wypadek zrobiłem backup’y.
Złączono Posta : 04.07.2007 (Sro) 18:09
To znaczy na registry errors zrobiłem fix, a na leftover data zrobiłem remove. Nie wiem czy dobrze.
Joan
(Joan Sunshine)
4 Lipiec 2007 16:15
#10
jak masz kopię to możesz usunąć, ja zawsze usuwam i nie mam problemów.
adlerxx
(Adlerxx)
4 Lipiec 2007 18:15
#11
Mam pytanie. Zrobiłem skan programem http://www.kaspersky.pl/virusscanner.html i wykrył on trochę wirusów
4 lipiec 2007 20:11:34 System operacyjny: Microsoft Windows XP Professional, Dodatek Service Pack 2 (Build 2600) Kaspersky Online Scanner wersja: 5.0.83.0 Ostatnia aktualizacja Kaspersky Anti-Virus 4/07/2007 Liczba wpisów w bazie danych Kaspersky Anti-Virus335795 Ustawienia skanowania Skanowanie przy użyciu następujących baz danych standardowe Skanuj archiwa tak Skanuj pocztowe bazy danych tak Obszar skanowania Mój komputer A:\ C:\ D:\ E:\ F:\ G:\ Statystyki skanowania Liczba skanowanych obiektów 216410 Liczba wykrytych wirusów 1 Liczba zainfekowanych obiektów 3 / 0 Liczba podejrzanych obiektów 0 Czas trwania skanowania 03:36:51 Nazwa zainfekowanego obiektu Nazwa wirusa Ostatnie działanie C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab\AVP6\Report\00da_File_Monitoring_eventlog.rpt Object is locked pominięty C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab\AVP6\Report\00dc_Web_Monitoring_eventlog.rpt Object is locked pominięty C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab\AVP6\Report\detected.idx Object is locked pominięty C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab\AVP6\Report\detected.rpt Object is locked pominięty C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab\AVP6\Report\eventlog.rpt Object is locked pominięty C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab\AVP6\Report\report.rpt Object is locked pominięty C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked pominięty C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked pominięty C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked pominięty C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked pominięty C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked pominięty C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty C:\Documents and Settings\user\Cookies\index.dat Object is locked pominięty C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\8g9kmhoc.default\cert8.db Object is locked pominięty C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\8g9kmhoc.default\history.dat Object is locked pominięty C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\8g9kmhoc.default\key3.db Object is locked pominięty C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\8g9kmhoc.default\parent.lock Object is locked pominięty C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\8g9kmhoc.default\search.sqlite Object is locked pominięty C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\8g9kmhoc.default\urlclassifier2.sqlite Object is locked pominięty C:\Documents and Settings\user\ntuser.dat Object is locked pominięty C:\Documents and Settings\user\ntuser.dat.LOG Object is locked pominięty C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\8g9kmhoc.default\Cache_CACHE_001_ Object is locked pominięty C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\8g9kmhoc.default\Cache_CACHE_002_ Object is locked pominięty C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\8g9kmhoc.default\Cache_CACHE_003_ Object is locked pominięty C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\8g9kmhoc.default\Cache_CACHE_MAP_ Object is locked pominięty C:\Documents and Settings\user\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty C:\Documents and Settings\user\Ustawienia lokalne\Historia\History.IE5\MSHist012007070420070705\index.dat Object is locked pominięty C:\Documents and Settings\user\Ustawienia lokalne\Temp~DF7CCD.tmp Object is locked pominięty C:\Documents and Settings\user\Ustawienia lokalne\Temp~DF7D34.tmp Object is locked pominięty C:\Documents and Settings\user\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log.idx Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx Object is locked pominięty C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked pominięty C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked pominięty C:\System Volume Information\catalog.wci\00010012.ci Object is locked pominięty C:\System Volume Information\catalog.wci\00010012.dir Object is locked pominięty C:\System Volume Information\catalog.wci\00010017.ci Object is locked pominięty C:\System Volume Information\catalog.wci\cicat.fid Object is locked pominięty C:\System Volume Information\catalog.wci\cicat.hsh Object is locked pominięty C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked pominięty C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked pominięty C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked pominięty C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked pominięty C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked pominięty C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked pominięty C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked pominięty C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked pominięty C:\System Volume Information\catalog.wci\INDEX.000 Object is locked pominięty C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked pominięty C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked pominięty C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty C:\System Volume Information_restore{0ACA1419-566E-4E88-9FD9-4CFD130662EB}\RP97\A0038253.exe/data.rar/rinst.exe Zainfekowanych: Trojan.Win32.KillAV.is pominięty C:\System Volume Information_restore{0ACA1419-566E-4E88-9FD9-4CFD130662EB}\RP97\A0038253.exe/data.rar Zainfekowanych: Trojan.Win32.KillAV.is pominięty C:\System Volume Information_restore{0ACA1419-566E-4E88-9FD9-4CFD130662EB}\RP97\A0038253.exe RarSFX: zainfekowany - 2 pominięty C:\System Volume Information_restore{0ACA1419-566E-4E88-9FD9-4CFD130662EB}\RP97\change.log Object is locked pominięty C:\WINDOWS\Debug\PASSWD.LOG Object is locked pominięty C:\WINDOWS\SchedLgU.Txt Object is locked pominięty C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked pominięty C:\WINDOWS\system32\CatRoot2\edb.log Object is locked pominięty C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked pominięty C:\WINDOWS\system32\config\AppEvent.Evt Object is locked pominięty C:\WINDOWS\system32\config\default Object is locked pominięty C:\WINDOWS\system32\config\default.LOG Object is locked pominięty C:\WINDOWS\system32\config\sam Object is locked pominięty C:\WINDOWS\system32\config\SAM.LOG Object is locked pominięty C:\WINDOWS\system32\config\SecEvent.Evt Object is locked pominięty C:\WINDOWS\system32\config\security Object is locked pominięty C:\WINDOWS\system32\config\SECURITY.LOG Object is locked pominięty C:\WINDOWS\system32\config\software Object is locked pominięty C:\WINDOWS\system32\config\software.LOG Object is locked pominięty C:\WINDOWS\system32\config\SysEvent.Evt Object is locked pominięty C:\WINDOWS\system32\config\system Object is locked pominięty C:\WINDOWS\system32\config\system.LOG Object is locked pominięty C:\WINDOWS\system32\drivers\fidbox.dat Object is locked pominięty C:\WINDOWS\system32\drivers\fidbox.idx Object is locked pominięty C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked pominięty C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked pominięty C:\WINDOWS\system32\drivers\sptd.sys Object is locked pominięty C:\WINDOWS\system32\h323log.txt Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked pominięty C:\WINDOWS\Temp\cch~3dbcf3ae6.htp Object is locked pominięty C:\WINDOWS\Temp\cch~3dbcf4167.htp Object is locked pominięty C:\WINDOWS\Temp\cch~3dbddbe97.htp Object is locked pominięty C:\WINDOWS\Temp\cch~3dbddc568.htp Object is locked pominięty C:\WINDOWS\Temp\cch~3dbec59a1.htp Object is locked pominięty C:\WINDOWS\Temp\cch~3dbec60bd.htp Object is locked pominięty C:\WINDOWS\Temp\cch~3e353fbaf.htp Object is locked pominięty C:\WINDOWS\Temp\cch~3e35401ba.htp Object is locked pominięty C:\WINDOWS\Temp\cch~3e73990e8.htp Object is locked pominięty C:\WINDOWS\Temp\cch~3e7399795.htp Object is locked pominięty C:\WINDOWS\Temp\cch~4105c60b5.htp Object is locked pominięty C:\WINDOWS\Temp\cch~4105c66ca.htp Object is locked pominięty C:\WINDOWS\Temp\cch~410819ac4.htp Object is locked pominięty C:\WINDOWS\Temp\cch~41081a0d3.htp Object is locked pominięty C:\WINDOWS\Temp\cch~411c0ae5b.htp Object is locked pominięty C:\WINDOWS\Temp\cch~411c0b4d1.htp Object is locked pominięty C:\WINDOWS\Temp\cch~411c6044e.htp Object is locked pominięty C:\WINDOWS\Temp\cch~411c60adc.htp Object is locked pominięty C:\WINDOWS\WindowsUpdate.log Object is locked pominięty D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty D:\System Volume Information_restore{0ACA1419-566E-4E88-9FD9-4CFD130662EB}\RP97\change.log Object is locked pominięty F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty F:\System Volume Information_restore{0ACA1419-566E-4E88-9FD9-4CFD130662EB}\RP97\change.log Object is locked pominięty Proces skanowania został zakończony.
Czy można to jakoś usunąć?
Złączono Posta : 04.07.2007 (Sro) 20:21
Na wszelki wypadek podaję nowy log Hijacka:
Logfile of HijackThis v1.99.1 Scan saved at 20:19:47, on 2007-07-04 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\WINDOWS\system32\cisvc.exe F:\Program Files\Diablo II\d2gs 1.11b\D2GSSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\Program Files\AGEIA Technologies\TrayIcon.exe C:\WINDOWS\RTHDCPL.EXE F:\program files\powerstrip\pstrip.exe C:\PROGRA~1\PESTPA~1\PPControl.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\PROGRA~1\PESTPA~1\CookiePatrol.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\LXSUPMON.EXE C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Neostrada TP\NeostradaTP.exe C:\Program Files\Neostrada TP\ComComp.exe C:\Program Files\Neostrada TP\Watch.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\jv16 PowerTools 2007\jv16PT.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - F:\Program Files\ivo\Expressivo Demo\IH_iexplore.dll O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - F:\Program Files\ivo\Expressivo Demo\IH_iexplore.dll O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe O4 - HKLM…\Run: [instantAccess] c:\program files\TBRIDGE\BIN\InstantAccess.exe /h O4 - HKLM…\Run: [RegisterDropHandler] c:\program files\TBRIDGE\BIN\RegisterDropHandler.exe O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [skyTel] SkyTel.EXE O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM…\Run: [PowerStrip] f:\program files\powerstrip\pstrip.exe O4 - HKLM…\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe O4 - HKLM…\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM…\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [iSUSPM] “C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” -scheduler O4 - HKLM…\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe” O4 - HKLM…\RunServices: [RegisterDropHandler] c:\program files\TBRIDGE\BIN\RegisterDropHandler.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [Expressivo] “F:\Program Files\ivo\Expressivo Demo\expressivo.exe” -t O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O14 - IERESET.INF: START_PAGE_URL=about:blank O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O17 - HKLM\System\CCS\Services\Tcpip…{C0958865-FBF1-4D64-A379-46AE8E74F458}: NameServer = 194.204.159.1 217.98.63.164 O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: Diablo II Close Game Server (D2GS) - Unknown owner - F:\Program Files\Diablo II\d2gs 1.11b\D2GSSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
Pomocy!
Joan
(Joan Sunshine)
4 Lipiec 2007 18:29
#12
Wyłączasz przywracanie systemu (Panel sterowania -> System -> Przywracanie systemu -> zaznaczasz „Wyłącz przywracanie systemu” ).
Użyj ATF-Cleaner w trybie awaryjnym – wyczyści tempy.
A obiekty zablokowane to normalna rzecz
adlerxx
(Adlerxx)
4 Lipiec 2007 18:59
#13
Wyczyściłem tempy, ale komp nadal zamula, wolno sie otwierają okna, w necie też wszystko trwa długo.
qrczak13
(qrczak13)
4 Lipiec 2007 20:57
#14
adlerxx
(Adlerxx)
6 Lipiec 2007 21:22
#15
Czy znalazłby się ktoś tak uprzejmy i przejrzał mi loga z HJT? Przeskanowałem system czym tylko mogłem i usunąłem co się dało i co umiałem usunąć. System dalej wolno chodzi i nie wiem co robić. Heeelp!
Logfile of HijackThis v1.99.1 Scan saved at 23:18:12, on 2007-07-06 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\WINDOWS\system32\cisvc.exe F:\Program Files\Diablo II\d2gs 1.11b\D2GSSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AGEIA Technologies\TrayIcon.exe C:\WINDOWS\RTHDCPL.EXE F:\program files\powerstrip\pstrip.exe C:\PROGRA~1\PESTPA~1\PPControl.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\PROGRA~1\PESTPA~1\CookiePatrol.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\LXSUPMON.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\Program Files\HijackThis\user.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe F:\Program Files\Diablo II\d2gs 1.11b\D2GS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - F:\Program Files\ivo\Expressivo Demo\IH_iexplore.dll O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - F:\Program Files\ivo\Expressivo Demo\IH_iexplore.dll O4 - HKLM…\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe O4 - HKLM…\Run: [instantAccess] c:\program files\TBRIDGE\BIN\InstantAccess.exe /h O4 - HKLM…\Run: [RegisterDropHandler] c:\program files\TBRIDGE\BIN\RegisterDropHandler.exe O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [skyTel] SkyTel.EXE O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM…\Run: [PowerStrip] f:\program files\powerstrip\pstrip.exe O4 - HKLM…\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe O4 - HKLM…\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM…\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [iSUSPM] “C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” -scheduler O4 - HKLM…\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe” O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized O4 - HKLM…\RunServices: [RegisterDropHandler] c:\program files\TBRIDGE\BIN\RegisterDropHandler.exe O4 - HKCU…\Run: [Expressivo] “F:\Program Files\ivo\Expressivo Demo\expressivo.exe” -t O4 - HKCU…\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Eksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O14 - IERESET.INF: START_PAGE_URL=about:blank O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: Diablo II Close Game Server (D2GS) - Unknown owner - F:\Program Files\Diablo II\d2gs 1.11b\D2GSSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Gutek
(Gutek)
7 Lipiec 2007 14:27
#16
masz nadal zbędniki w autostarcie
Gutek
(Gutek)
8 Lipiec 2007 11:07
#18