Problem z okienkami i kaspersky

Dla specjalistów Bezpieczeństwo
#1

witam, mam 2 problemy:

  1. kiedys instalowałem kaspersky anty-vir 156 i teraz nie moge go wywalić ani nawet uruchomić, jesli chce go usunąć to pisze, ze najpierw musze go wyłączyc! ale on jest wyłączony i nawet go sie nei da właczyc, jedyne co jest to proces kav.exe jako SYSTEM i nie da sie zamknac bo pisze “odmowa dostepu”. Jak wywalić to cholerstwo?

  2. wyskakuja mi cholerne okienka w IE typu twoj komp jest zarazony wirusem sciagnij spy-ware itp jakies jeszcze free poker, w ogole duzo roznych okienek. Skanowalem avastem, adaware, cwshredderem, antyviren kit i cos nie bardzo pomogło.

log z hijacks:

Logfile of HijackThis v1.99.1

Scan saved at 11:31:21, on 03/20/2005

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\ms04220942723.exe

C:\WINDOWS\SysCheckBop32.exe

C:\WINDOWS\System32\wintask.exe

C:\WINDOWS\System32\RUNDLL32.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

G:\Programy\D-Tools\daemon.exe

C:\WINDOWS\PowerS.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\System32\sysmonnt.exe

C:\WINDOWS\System32?ti2evxx.exe

C:\Documents and Settings\Baryłka\Dane aplikacji\rarr.exe

C:\Program Files\Gadu-Gadu\gg.exe

g:\programy\Avast4\ashServ.exe

C:\Program Files\Prolink\PlayTV XP\TVRMVCR.EXE

G:\Programy\AntiVirenKit professional\AVKService.exe

G:\Programy\AntiVirenKit professional\AVKWCtl.exe

C:\WINDOWS\System32\inetsrv\inetinfo.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\UAService7.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

G:\Programy\Opera\Opera.exe

C:\DOCUME~1\BARYKA~1\USTAWI~1\Temp\Rar$EX00.597\HijackThis.exe

C:\WINDOWS\System32\dwwin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.offeroptimizer.com/sidebar.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.offeroptimizer.com/sidebar.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w3cache.lublin.pl:3128

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {00A0A40C-F432-4C59-BA11-B25D142C7AB7} - C:\WINDOWS\System32\mskceo.dll

O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:\WINDOWS\System32\mskhhe.dll

O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINDOWS\System32\rsyncmon.dll

O2 - BHO: (no name) - {23A2CD50-74B7-7C35-C17A-0115736BB29B} - C:\WINDOWS\System32\uqfw.dll

O2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-00D05990014C} - C:\WINDOWS\System32\mseggo.gif (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Programy\SPYBOT~1\SDHelper.dll

O2 - BHO: CUrlCliObj Object - {94927A13-4AAA-476A-989D-392456427688} - C:\WINDOWS\System32\mselhm.dll

O2 - BHO: (no name) - {CC916B4B-BE44-4026-A19D-8C74BBD23361} - C:\WINDOWS\System32\msfaol.dll

O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)

O4 - HKLM…\Run: [ms04220942723] C:\WINDOWS\ms04220942723.exe

O4 - HKLM…\Run: [systemCheck] C:\WINDOWS\SysCheckBop32

O4 - HKLM…\Run: [msmc] C:\WINDOWS\System32\msdioo.exe

O4 - HKLM…\Run: [RSync] C:\WINDOWS\System32\netsync.exe

O4 - HKLM…\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe

O4 - HKLM…\Run: [farmmext] C:\WINDOWS\farmmext.exe

O4 - HKLM…\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16

O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot

O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

O4 - HKLM…\Run: [DAEMON Tools-1033] “G:\Programy\D-Tools\daemon.exe” -lang 1033

O4 - HKLM…\Run: [PowerS] C:\WINDOWS\PowerS.exe

O4 - HKLM…\Run: [Microsoft Services] lssrv.exe

O4 - HKLM…\Run: [Microsoft DirectX] PDSched.exe

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [etbrun] C:\windows\system32\elitevjd32.exe

O4 - HKLM…\RunServices: [Microsoft DirectX] PDSched.exe

O4 - HKLM…\RunServices: [Microsoft Services] lssrv.exe

O4 - HKCU…\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt

O4 - HKCU…\Run: [Fslxys] C:\WINDOWS\System32?ti2evxx.exe

O4 - HKCU…\Run: [Lrae] C:\Documents and Settings\Baryłka\Dane aplikacji\rarr.exe

O4 - HKCU…\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU…\Run: [Microsoft DirectX] PDSched.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = G:\Programy\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: TVRMVCR.lnk = C:\Program Files\Prolink\PlayTV XP\TVRMVCR.EXE

O8 - Extra context menu item: &Download with &DAP - G:\Programy\DAP\dapextie.htm

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Download &all with DAP - G:\Programy\DAP\dapextie2.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://G:\Programy\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Pobierz z &BitSpirit - G:\Programy\BitSpirit\bsurl.htm

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll

O15 - Trusted Zone: *.iframedollars.biz

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.slotchbar.com

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.iframedollars.biz (HKLM)

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted IP range: 213.159.117.202

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/62479 … e-c139.cab

O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_15.cab

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://miniclip.com/bestfriends/miniclipGameLoader.dll

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ … 0_0_44.cab

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (GINBOARDS Class) - http://67.15.101.3/g_bin/pl/boards_2_0_0_16.cab

O16 - DPF: {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - http://www.miniclip.com/toolbar/minicliptoolbar.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v … 3561586418

O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/pl/words_2_0_0_26.cab

O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://67.15.101.3/g_bin/pl/wordssingle_2_0_0_30.cab

O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://67.15.101.3/g_bin/pl/mahjong_2_0_0_17.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab

O23 - Service: AVK Service (AVKService) - Unknown owner - G:\Programy\AntiVirenKit professional\AVKService.exe

O23 - Service: Strażnik AVK (AVKWCtl) - Unknown owner - G:\Programy\AntiVirenKit professional\AVKWCtl.exe

O23 - Service: kavsvc - Kaspersky Lab - G:\Programy\Kaspersky Anti-Virus Personal\kavsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe

prosze o pomoc

#2

do wywalenia

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.offeroptimizer.com/sidebar.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.offeroptimizer.com/sidebar.htm

O8 - Extra context menu item: &Download with &DAP - G:\Programy\DAP\dapextie.htm

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Download &all with DAP - G:\Programy\DAP\dapextie2.htm

O15 - Trusted Zone: *.iframedollars.biz

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.slotchbar.com

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.iframedollars.biz (HKLM)

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted IP range: 213.159.117.202

#3

Podam Ci to, co masz na początek usunąć + sposób usuwania:

Pogrubione wpisy usuwasz ręcznie w trybie awaryjnym bez obsługi sieci. Po czynnościach skan prograami anty. Temat przyklejony w tym dziale. Potem na nowo log. Instalacja SP2.

Nie użuwaj IE. Zaiinstaluj Firefoxa.

#4

hmm niewiem czemu ale nie moge znalezc takich plikow:

C:\WINDOWS\System32?ti2evxx.exe

C:\Documents and Settings\Baryłka\Dane aplikacji\rarr.exe

te inne pogrubione wywaliłem.

#5

wklej adres do tych katalogów a pasku na górze. Być moze są one ukryte

#6

hmm jakies dziwne wklepuje ten adres w operze to mi znajduje, wzialem zapisz jako element docelowy na pulpit i wywaliłem, ale zrobilem restart i nadal sa ;] a jak wlacze normalnie przez foldery to nic nie ma ![;

dziwne :o

edit:

znalazłem ale odnaczyłem w opcjach folderów “ukryj chronione pliki systemu operacyjnego” mimo wszystko wywalić??

#7

Wywal

#8

ok zrobilem to wsio, poskanowałem troche a okienka nadal są i oto log:

Logfile of HijackThis v1.99.1

Scan saved at 14:22:35, on 03/20/2005

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\RUNDLL32.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

G:\Programy\D-Tools\daemon.exe

C:\WINDOWS\PowerS.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Tlen.pl\tlen.exe

G:\Programy\AntiVirenKit professional\AVKService.exe

C:\Program Files\Prolink\PlayTV XP\TVRMVCR.EXE

G:\Programy\AntiVirenKit professional\AVKWCtl.exe

C:\WINDOWS\System32\inetsrv\inetinfo.exe

C:\WINDOWS\System32\nvsvc32.exe

G:\Programy\Opera\Opera.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\DOCUME~1\BARYKA~1\USTAWI~1\Temp\Rar$EX00.019\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w3cache.lublin.pl:3128

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot

O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

O4 - HKLM…\Run: [DAEMON Tools-1033] “G:\Programy\D-Tools\daemon.exe” -lang 1033

O4 - HKLM…\Run: [PowerS] C:\WINDOWS\PowerS.exe

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [etbrun] C:\windows\system32\elitevjd32.exe

O4 - HKCU…\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = G:\Programy\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: TVRMVCR.lnk = C:\Program Files\Prolink\PlayTV XP\TVRMVCR.EXE

O8 - Extra context menu item: &Download with &DAP - G:\Programy\DAP\dapextie.htm

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Download &all with DAP - G:\Programy\DAP\dapextie2.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://G:\Programy\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Pobierz z &BitSpirit - G:\Programy\BitSpirit\bsurl.htm

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll

O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_15.cab

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://miniclip.com/bestfriends/miniclipGameLoader.dll

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ … 0_0_44.cab

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (GINBOARDS Class) - http://67.15.101.3/g_bin/pl/boards_2_0_0_16.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v … 3561586418

O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/pl/words_2_0_0_26.cab

O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://67.15.101.3/g_bin/pl/wordssingle_2_0_0_30.cab

O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://67.15.101.3/g_bin/pl/mahjong_2_0_0_17.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab

O23 - Service: AVK Service (AVKService) - Unknown owner - G:\Programy\AntiVirenKit professional\AVKService.exe

O23 - Service: Strażnik AVK (AVKWCtl) - Unknown owner - G:\Programy\AntiVirenKit professional\AVKWCtl.exe

O23 - Service: kavsvc - Kaspersky Lab - G:\Programy\Kaspersky Anti-Virus Personal\kavsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe (file missing)

#9

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe (file missing)

R3 - Default URLSearchHook is missing

Start>>>Uruchom>>>Msconfig>>>Uruchamianie> Odznacz:

O4 - HKLM…\Run: [etbrun] C:\windows\system32\elitevjd32.exe

#10

tego dziadostwa O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe (file missing) cos nie bardzo mozna wywalić, klikam fixed i potem YES i to nie znika.

Logfile of HijackThis v1.99.1

Scan saved at 16:47:52, on 03/20/2005

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

G:\Programy\D-Tools\daemon.exe

C:\WINDOWS\PowerS.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Prolink\PlayTV XP\TVRMVCR.EXE

G:\Programy\AntiVirenKit professional\AVKService.exe

G:\Programy\AntiVirenKit professional\AVKWCtl.exe

C:\WINDOWS\System32\inetsrv\inetinfo.exe

C:\WINDOWS\System32\nvsvc32.exe

G:\Programy\Opera\Opera.exe

C:\DOCUME~1\BARYKA~1\USTAWI~1\Temp\Rar$EX00.422\HijackThis.exe

C:\WINDOWS\System32\dllhost.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w3cache.lublin.pl:3128

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot

O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

O4 - HKLM…\Run: [DAEMON Tools-1033] “G:\Programy\D-Tools\daemon.exe” -lang 1033

O4 - HKLM…\Run: [PowerS] C:\WINDOWS\PowerS.exe

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [etbrun] C:\windows\system32\elitevjd32.exe

O4 - HKCU…\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = G:\Programy\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: TVRMVCR.lnk = C:\Program Files\Prolink\PlayTV XP\TVRMVCR.EXE

O8 - Extra context menu item: &Download with &DAP - G:\Programy\DAP\dapextie.htm

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Download &all with DAP - G:\Programy\DAP\dapextie2.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://G:\Programy\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Pobierz z &BitSpirit - G:\Programy\BitSpirit\bsurl.htm

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll

O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_15.cab

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://miniclip.com/bestfriends/miniclipGameLoader.dll

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ … 0_0_44.cab

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (GINBOARDS Class) - http://67.15.101.3/g_bin/pl/boards_2_0_0_16.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v … 3561586418

O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/pl/words_2_0_0_26.cab

O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://67.15.101.3/g_bin/pl/wordssingle_2_0_0_30.cab

O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://67.15.101.3/g_bin/pl/mahjong_2_0_0_17.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab

O23 - Service: AVK Service (AVKService) - Unknown owner - G:\Programy\AntiVirenKit professional\AVKService.exe

O23 - Service: Strażnik AVK (AVKWCtl) - Unknown owner - G:\Programy\AntiVirenKit professional\AVKWCtl.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe (file missing)

#11

To:

O4 - HKLM…\Run: [etbrun] C:\windows\system32\elitevjd32.exe

Tak jak mówiłem odznacz w msconfig, a potem fix w HijackThis

#12

odznaczyłem to w msconfig ;/ ale cos w hijacku nie moge tego wywalic zaznaczam klikam fix i nie wywala jakos ;/ nieweim czemu

dobra problem juz chyba rozwiaany! thx