Mam problem z komputerem. po wlaczeniu wyskakuje blad programu svchost.exe, firefoxa mozna jedynie raz wlaczyc drugi raz juz nie chce sie wlaczyc, usuwalem juz pelno wirusow AVG, AVG Anti-Spyware, mam tez SPybot SD, ale ten program czegos tam nie moze usunac. Mam windowsa 2000, wszystkie bierzace aktualizacje. Po wyswietleniu bledu svchost.exe nie mozna kopiowac wklejac itp. Ponizej logi z Hijack i Combofixa.
Deckard's System Scanner v20070611.50
Run by Bober on 2007-10-09 at 23:17:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Bober.exe) -----------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 23:18:13, on 2007-10-09
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\HPZipm12.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINDOWS\system32\config\SVCHOST.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
F:\HP\HP Software Update\HPWuSchd2.exe
C:\WINNT\system32\wfxsnt40.exe
C:\WINNT\system32\internat.exe
E:\pulpit\dss.exe
E:\pulpit\Bober.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nb4f.com.cn
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [HP Software Update] F:\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - Global Startup: Microsoft Office.lnk = F:\OFFICE\Office\OSA9.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182380700994
O17 - HKLM\System\CCS\Services\Tcpip\..\{61B1D289-4FDD-487F-BB83-4BBE0371B21F}: NameServer = 194.204.159.1,194.204.152.34
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Background Support Transfer Service (BSTS) - Unknown owner - C:\WINNT\system32\lssas.exe (file missing)
O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DNS Clients (Dnscanche) - Unknown owner - C:\WINNT\system32\Dns.exe (file missing)
O23 - Service: EvenSystem - Unknown owner - c:\Recycler\svchost.exe (file missing)
O23 - Service: Wirelerss Zesro Configuration (Exrsplorer) - Unknown owner - C:\WINNT\system32\aa.exe (file missing)
O23 - Service: dsaffdsa (ffsdaf) - Unknown owner - C:\WINNT\system32\aa.exe (file missing)
O23 - Service: Mesangerr - Unknown owner - c:\Recyclers\svchost.exe (file missing)
O23 - Service: Microsoft Exchange Engine - Unknown owner - C:\WINNT\System32\infoters.exe (file missing)
O23 - Service: Microsoft Exchange Routing Eng - Unknown owner - C:\WINNT\System32\interinfo.exe
O23 - Service: netpasssend (netpass) - Unknown owner - C:\WINNT\system32\svohst.exe (file missing)
O23 - Service: Ô¶łĚąÜŔíČíĽţĎÔĘľĐĹϢ (netservice) - Unknown owner - C:\Documents and Settings\All Users\Ulubione\netservice.exe
O23 - Service: Network DDE Service - Unknown owner - C:\WINNT\System\netsrv.exe (file missing)
O23 - Service: NOD32 Kernel Services (Nod32krn) - Unknown owner - C:\WINNT\system32\nod32krn.exe (file missing)
O23 - Service: NOD32 Kernel Services update (Nod32upd) - Unknown owner - C:\WINNT\system32\nod32upd.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINNT\system32\perfmonss.exe (file missing)
O23 - Service: Porformance services (Perrormance Logs) - Unknown owner - C:\WINNT\system32\aa.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Remote Access Connection Managers (rassman) - Unknown owner - C:\WINNT\system32\lsess.exe (file missing)
O23 - Service: Remote Procedure Call System (Rdbs) - Unknown owner - C:\WINNT\system32\Rdbs.exe (file missing)
O23 - Service: Microsoft windows updata (Windows updata) - Unknown owner - C:\WINNT\wupdmgr.exe (file missing)
O23 - Service: windowsafe - Unknown owner - c:\dos\svchost.exe (file missing)
O23 - Service: Network Provisioning Services (Windowsclients) - Unknown owner - C:\WINDOWS\system32\config\SVCHOST.EXE
O23 - Service: Windows Accounts Driver (WindowsRemote) - Unknown owner - C:\WINNT\system32\Test.exe (file missing)
-- File Associations -----------------------------------------------------------
[COLOR=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/COLOR]
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R3 alcan5wn (Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)) - c:\winnt\system32\drivers\alcan5wn.sys
R3 alcaudsl (Alcatel Speed Touch ADSL Modem ATM Transport) - c:\winnt\system32\drivers\alcaudsl.sys
R3 pfc (Padus ASPI Shell) - c:\winnt\system32\drivers\pfc.sys
S0 BTHidMgr (Bluetooth HID Manager Service) - c:\winnt\system32\drivers\bthidmgr.sys (file missing)
S3 BlueletAudio (Bluetooth Audio Service) - c:\winnt\system32\drivers\blueletaudio.sys (file missing)
S3 BlueletSCOAudio (Bluetooth SCO Audio Service) - c:\winnt\system32\drivers\blueletscoaudio.sys (file missing)
S3 BT (Bluetooth PAN Network Adapter) - c:\winnt\system32\drivers\btnetdrv.sys (file missing)
S3 BTHidEnum (Bluetooth HID Enumerator) - c:\winnt\system32\drivers\vbtenum.sys (file missing)
S3 VComm (Virtual Serial port driver) - c:\winnt\system32\drivers\vcomm.sys (file missing)
S3 VcommMgr (Bluetooth VComm Manager Service) - c:\winnt\system32\drivers\vcommmgr.sys (file missing)
S3 Winacpci - c:\winnt\system32\drivers\winacpci.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Windowsclients (Network Provisioning Services) - c:\windows\system32\config\svchost.exe
S2 BSTS (Background Support Transfer Service) - c:\winnt\system32\lssas.exe (file missing)
S2 Dnscanche (DNS Clients) - c:\winnt\system32\dns.exe (file missing)
S2 EvenSystem - c:\recycler\svchost.exe (file missing)
S2 Exrsplorer (Wirelerss Zesro Configuration) - c:\winnt\system32\aa.exe (file missing)
S2 ffsdaf (dsaffdsa) - c:\winnt\system32\aa.exe (file missing)
S2 Mesangerr - c:\recyclers\svchost.exe (file missing)
S2 Microsoft Exchange Engine - c:\winnt\system32\infoters.exe (file missing)
S2 Microsoft Exchange Routing Eng - c:\winnt\system32\interinfo.exe
S2 netpass (netpasssend) - c:\winnt\system32\svohst.exe -netsata (file missing)
S2 netservice (Ô¶łĚąÜŔíČíĽţĎÔĘľĐĹϢ) - c:\documents and settings\all users\ulubione\netservice.exe
S2 Network DDE Service - c:\winnt\system\netsrv.exe (file missing)
S2 Nod32krn (NOD32 Kernel Services) - c:\winnt\system32\nod32krn.exe (file missing)
S2 Nod32upd (NOD32 Kernel Services update) - c:\winnt\system32\nod32upd.exe (file missing)
S2 perfmons (perfmons Service) - c:\winnt\system32\perfmonss.exe (file missing)
S2 Perrormance Logs (Porformance services) - c:\winnt\system32\aa.exe (file missing)
S2 rassman (Remote Access Connection Managers) - c:\winnt\system32\lsess.exe (file missing)
S2 Rdbs (Remote Procedure Call System) - c:\winnt\system32\rdbs.exe (file missing)
S2 Windows updata (Microsoft windows updata) - c:\winnt\wupdmgr.exe (file missing)
S2 windowsafe - c:\dos\svchost.exe (file missing)
S2 WindowsRemote (Windows Accounts Driver) - c:\winnt\system32\test.exe (file missing)
-- Files created between 2007-09-09 and 2007-10-09 -----------------------------
2007-10-09 22:03:59 0 -ra------ C:\WINNT\system32\TFTP868
2007-10-09 22:03:51 0 -ra------ C:\WINNT\system32\TFTP880
2007-10-09 22:03:39 0 -ra------ C:\WINNT\system32\TFTP972
2007-10-09 22:03:39 0 -ra------ C:\WINNT\system32\TFTP1740
2007-10-09 21:50:32 0 -ra------ C:\WINNT\system32\TFTP1448
2007-10-09 21:49:12 61 --a------ C:\WINNT\system32\i
2007-10-09 21:48:05 0 -ra------ C:\WINNT\system32\TFTP1656
2007-10-09 21:48:05 0 -ra------ C:\WINNT\system32\TFTP1300
2007-10-09 21:46:40 0 -ra------ C:\WINNT\system32\TFTP804
2007-10-09 21:46:40 0 -ra------ C:\WINNT\system32\TFTP1688
2007-10-09 21:46:36 0 -ra------ C:\WINNT\system32\TFTP1536
2007-10-09 21:31:34 0 -ra------ C:\WINNT\system32\TFTP1684
2007-10-09 21:27:20 0 -ra------ C:\WINNT\system32\TFTP1220
2007-10-09 19:53:58 0 -ra------ C:\WINNT\system32\TFTP1412
2007-10-09 19:52:00 0 -ra------ C:\WINNT\system32\TFTP1096
2007-10-08 22:20:52 0 d-------- C:\WINDOWS
2007-10-08 18:00:05 510 --a------ C:\WINNT\run2.vbs
2007-10-04 13:10:18 1091 --a------ C:\WINNT\run.vbs
2007-10-03 11:21:51 20480 --a------ C:\WINNT\system32\tongji.exe
2007-09-30 22:23:31 0 d--h----- C:\WINNT\PIF
2007-09-28 19:53:29 5370 --a------ C:\WINNT\system32\iget.vbs
2007-09-25 13:47:51 0 d-------- C:\WINNT\system32\inf
2007-09-23 18:47:50 427520 -r-hs---- C:\WINNT\system32\interinfo.exe
2007-09-20 21:06:32 0 d-------- C:\dos
2007-09-15 19:27:11 0 d-------- C:\mp3
2007-09-15 14:12:36 15360 --a------ C:\WINNT\system32\Down(0).exe
-- Find3M Report ---------------------------------------------------------------
2007-10-09 23:14:32 0 d-------- C:\Documents and Settings\Bober\Dane aplikacji\Skype
2007-10-09 23:13:51 0 d-------- C:\Program Files\AutoConnect
2007-10-09 22:22:08 0 d-------- C:\Documents and Settings\Bober\Dane aplikacji\AVG7
2007-10-09 19:48:53 1107738 ---h----- C:\WINNT\ShellIconCache
2007-09-17 18:50:15 184832 -----n--- C:\WINNT\comsysapp.pif
2007-09-03 11:25:59 184832 -----n--- C:\WINNT\svchost.pif
2007-08-07 18:57:35 7681 --a------ C:\WINNT\zethan.exe
-- Registry Dump ---------------------------------------------------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Synchronization Manager"="mobsync.exe /logon"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Alcatel\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"nwiz"="nwiz.exe /install"
"Device Detector"="DevDetect.exe -autorun"
"HP Software Update"="F:\\HP\\HP Software Update\\HPWuSchd2.exe"
"WinFaxAppPortStarter"="wfxsnt40.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"internat.exe"="internat.exe"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"AutoConnect"="C:\\Program Files\\AutoConnect\\AutoConnect.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"="internat.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"Userinit"="rundll32.exe C:\\WINNT\\system32\\winsys16_071004.dll start"
"melove"="C:\\WINNT\\system32\\dream.exe"
"dream"="C:\\WINNT\\system32\\dream.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"StartMenuLogOff"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{7F4D1081-25FD-44F5-99C6-FF271CFB7EC2}"=""
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
rpcss REG_MULTI_SZ RpcSs\0\0
wugroup REG_MULTI_SZ wuauserv\0\0
BITSgroup REG_MULTI_SZ BITS\0\0
Systcem REG_MULTI_SZ Systcem\0\0
-- End of Deckard's System Scanner: finished at 2007-10-09 at 23:18:57 ---------
ComboFix 07-06-13.3