Problem z usunięciem programu XP Antivirus 2008


(Brzezoo) #1

prawie całego wyrzuciłem z komputera ale wirusy dalej wchodzą i dalej częśc programu istnieje

Pliki shlwapi.dll i wininet.dll istnieją i program UNLOCKER nie uwolnił wszystkich

Wysyłam log z Hijackthis i proszę o pomoc

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:44, on 2008-07-26

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Avast4\aswUpdSv.exe

C:\Program Files\Avast4\ashServ.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\TEMP\BN1.tmp

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\PROGRA~1\Avast4\ashDisp.exe

D:\odtwarzacze\Winamp 5.5\winampa.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\lphcgm6j0ea4l.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\imapi.exe

C:\Program Files\Avast4\ashMaiSv.exe

C:\Program Files\Opera\opera.exe

C:\Program Files\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

D:\odtwarzacze\Winamp 5.5\winamp.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\rhclm6j0ea4l\sdsd.exe

C:\Program Files\Unlocker\Unlocker.exe

C:\Program Files\Unlocker\Unlocker.exe

C:\Program Files\Unlocker\Unlocker.exe

C:\Program Files\Unlocker\Unlocker.exe

C:\Program Files\Unlocker\Unlocker.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Unlocker\Unlocker.exe

C:\Program Files\Unlocker\Unlocker.exe

C:\Program Files\Unlocker\Unlocker.exe

C:\Program Files\Unlocker\Unlocker.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\brzezoo\Moje dokumenty\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {39DC821C-FE03-415F-8F47-B50ADA5D7D1A} - C:\WINDOWS\system32\khfFUOii.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: fdkowvbp - {CB43E6DF-F6E4-4464-8AE2-F680AD49185E} - C:\WINDOWS\fdkowvbp.dll

O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe

O4 - HKLM..\Run: [WinampAgent] "D:\odtwarzacze\Winamp 5.5\winampa.exe"

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM..\Run: [lphcgm6j0ea4l] C:\WINDOWS\system32\lphcgm6j0ea4l.exe

O4 - HKLM..\Run: [sMrhclm6j0ea4l] C:\Program Files\rhclm6j0ea4l\rhclm6j0ea4l.exe

O4 - HKLM..\Run: [advap32] C:\DOCUME~1\brzezoo\USTAWI~1\Temp\scksexde.exe/r

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU..\Run: [HDDHealth] C:\Program Files\HDD Health-DIAGNOSTA DYSKÓW\hddhealth.exe -wl

O4 - HKCU..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/sezam/components/SignActivX.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: khfFUOii - C:\WINDOWS\SYSTEM32\khfFUOii.dll

O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll

O21 - SSODL: eqvwamkl - {C73B349D-2BF2-4755-A909-4243A6611BDA} - C:\WINDOWS\eqvwamkl.dll

O21 - SSODL: wnslvxtf - {5E357320-0E61-42ED-ADF0-E644E7CBF875} - C:\WINDOWS\wnslvxtf.dll (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe


(Leon$) #2

wpisy

usuń HijackThisem >> Fix checked

Pobierz Combofix http://www.searchengines.pl/index.php?s ... ntry395642 ale nie włączaj.

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri ... iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

Pobierz System Repair Engineer

http://www.cybertrash.pl/images/tata/System%20Repair/System%20Repair%20Engineer.html

przeskanuj daj log

:slight_smile:


(Brzezoo) #3

nie mogę usunąc tych wpisów HiJackThis


(huber2t) #4

Najpierw wykonaj wskazówkę z combofix a później z hijackthis


(Leon$) #5

tak się to usuwa

włącz HijackThis >> Do a system scan only >> w oknie programu pokaże się log >> zaznacz kratki przy podanych wpisach >> klikasz Fix checked

:slight_smile:


(Brzezoo) #6

usunałem tylko czesc te sie nie usunely:

O2 - BHO: (no name) - {39DC821C-FE03-415F-8F47-B50ADA5D7D1A} - C:\WINDOWS\system32\khfFUOii.dll

O4 - HKLM..\Run: [sMrhclm6j0ea4l] C:\Program Files\rhclm6j0ea4l\rhclm6j0ea4l.exe

O20 - Winlogon Notify: khfFUOii - C:\WINDOWS\SYSTEM32\khfFUOii.dll

O21 - SSODL: eqvwamkl - {C73B349D-2BF2-4755-A909-4243A6611BDA} - C:\WINDOWS\eqvwamkl.dll

robic dalelej ta operacje z comboFix mimo to?


(Leon$) #7

oczywiście że tak już hubert ci napisał

:slight_smile:


(Brzezoo) #8

DZiękuję za wszystkie porady

przesyłam logi

  1. po Combnofixem - coś się zawiesiło i nie do końca działał program, ale po ponownym włączeniu komputera, nie było juz programu XP Antivirus 2008 są tylko shlwapi.dll i wininet.dll i nie wszystkie programy z nich dało się uwolnic

  2. log hijackthis

  3. log System Repair Engineer

1.

ComboFix 08-07-26.1 - brzezoo 2008-07-26 21:26:22.10 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.162 [GMT 2:00]

Running from: C:\Documents and Settings\brzezoo\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\brzezoo\Pulpit\CFScript.txt.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

FILE ::

C:\DOCUME~1\brzezoo\USTAWI~1\Temp\scksexde.exe

C:\WINDOWS\eqvwamkl.dll

C:\WINDOWS\fdkowvbp.dll

C:\WINDOWS\system32\khfFUOii.dll

C:\WINDOWS\system32\lphcgm6j0ea4l.exe

C:\WINDOWS\SYSTEM32\WinCtrl32.dll

2.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:28:25, on 2008-07-27

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Avast4\aswUpdSv.exe

C:\Program Files\Avast4\ashServ.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\PROGRA~1\Avast4\ashDisp.exe

D:\odtwarzacze\Winamp 5.5\winampa.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\Avast4\ashMaiSv.exe

C:\Program Files\Avast4\ashWebSv.exe

C:\Program Files\Opera\opera.exe

D:\odtwarzacze\Winamp 5.5\winamp.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\brzezoo\Moje dokumenty\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe

O4 - HKLM..\Run: [WinampAgent] "D:\odtwarzacze\Winamp 5.5\winampa.exe"

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU..\Run: [HDDHealth] C:\Program Files\HDD Health-DIAGNOSTA DYSKÓW\hddhealth.exe -wl

O4 - HKCU..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/sezam/components/SignActivX.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--

End of file - 6684 bytes

3.

2008-07-27,09:33:04


System Repair Engineer 2.6.12.1018

Smallfrogs (http://www.KZTechs.com)


Windows XP Professional Dodatek Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed


Follow item(s) have been selected:

    All Boot Items (Including Registry, Startup Folders, Services and so on)

    Browser Add-ons

    Running Processes (Including process model information)

    File Associations

    Winsock Provider

    Autorun.Inf

    HOSTS File

    Process Privileges Scan



Boot Items

Registry

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  [(Verified)Microsoft Windows Publisher]
  [Logitech]
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot [File is missing]
  [File is missing]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [(Verified)Skype Technologies SA]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  [(Verified)Canon Inc.]
  [Creative Technology Ltd]
  [Creative Technology Ltd.]
"C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" []
  [Logitech Inc.]
  [Logitech Inc.]
  [Logitech Inc.]
  [(Verified)ALWIL Software]
"D:\odtwarzacze\Winamp 5.5\winampa.exe" []
"C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [(Verified)"Sun Microsystems, Inc."]
"C:\Program Files\Unlocker\UnlockerAssistant.exe" []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  [(Verified)Microsoft Windows Component Publisher]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  [N/A]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

    {39DC821C-FE03-415F-8F47-B50ADA5D7D1A} [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
  [(Verified)Microsoft Corporation]

[HKEY_CURRENT_USER\Control Panel\Desktop]
  [File is missing]


==================================

Startup Folders

[Adobe Reader Synchronizer]
 C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE []

[Logitech Desktop Messenger]
 C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe [Logitech]

[Microsoft Office]
 C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]


==================================

Services

[avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start]

  "C:\Program Files\Avast4\aswUpdSv.exe"

[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]


[ATI Smart / ATI Smart][Stopped/Auto Start]


[avast! Antivirus / avast! Antivirus][Running/Auto Start]

  "C:\Program Files\Avast4\ashServ.exe"

[avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start]

  "C:\Program Files\Avast4\ashMaiSv.exe" /service

[avast! Web Scanner / avast! Web Scanner][Running/Manual Start]

  "C:\Program Files\Avast4\ashWebSv.exe" /service

[Creative Service for CDROM Access / Creative Service for CDROM Access][Running/Auto Start]


[Dostęp do urządzeń interfejsu HID / HidServ][Stopped/Disabled]
%SystemRoot%\System32\hidserv.dll

[PIXMA Extended Survey Program / IJPLMSVC][Stopped/Manual Start]


[STI Simulator / STI Simulator][Running/Auto Start]


[WMDM PMSP Service / WMDM PMSP Service][Running/Auto Start]



==================================

Drivers

[aswFsBlk / aswFsBlk][Running/Auto Start]


[ati2mtag / ati2mtag][Running/Manual Start]


[catchme / catchme][Stopped/Manual Start]

  \??\C:\ComboFix\catchme.sys

[Creative AC3 Software Decoder / ctac32k][Running/Manual Start]


[Creative Audio Driver (WDM) / ctaud2k][Running/Manual Start]


[Creative DVD-Audio Device Driver / ctdvda2k][Stopped/Manual Start]


[Port gier dla karty Creative SB Live! / ctljystk][Stopped/Manual Start]


[Creative Proxy Driver / ctprxy2k][Running/Manual Start]


[Creative SoundFont Management Device Driver / ctsfm2k][Running/Manual Start]


[E-mu Plug-in Architecture Driver / emupia][Running/Manual Start]


[Creative Hardware Abstract Layer Driver / ha10kx2k][Running/Manual Start]


[Creative P16V HAL Driver / hap16v2k][Stopped/Manual Start]


[Logitech USB Monitor Filter / LVUSBSta][Running/Manual Start]


[Creative OS Services Driver / ossrv][Running/Manual Start]


[Volume Adapter / pepifilter][Running/Manual Start]


[PfModNT / PfModNT][Running/Auto Start]

  \??\C:\WINDOWS\system32\drivers\PfModNT.sys

[QuickCam IM(PID_08A0) / PID_08A0][Running/Manual Start]


[Sterownik bezpośredniego połączenia kablowego / Ptilink][Running/Manual Start]


[PxHelp20 / PxHelp20][Running/Boot Start]

  \SystemRoot\System32\Drivers\PxHelp20.sys

[Sterownik NT karty Realtek RTL8139(A/B/C)-based PCI Fast Ethernet / rtl8139][Running/Manual Start]


[Secdrv / Secdrv][Stopped/Manual Start]


[Filtr magistrali AGP SIS / sisagp][Running/Boot Start]

  \SystemRoot\system32\DRIVERS\sisagp.sys

[VIA USB Host Controller Lower Filter / vulfnths][Stopped/Manual Start]

  \SystemRoot\System32\Drivers\vulfnth.sys

[VIA USB Roothub Lower Filter / vulfntrs][Stopped/Manual Start]

  \SystemRoot\System32\Drivers\vulfntr.sys

[Winbg82 / Winbg82][Stopped/Boot Start]

  \SystemRoot\System32\Drivers\Winbg82.sys

[Winfk82 / Winfk82][Stopped/Boot Start]

  \SystemRoot\System32\Drivers\Winfk82.sys


==================================

Browser Add-ons

[Adobe PDF Reader Link Helper]

  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} 

[Megaupload Toolbar]

  {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} 

[SSVHelper Class]

  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} 

[Java Plug-in 1.6.0_07]

  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} 

[]

  {e2e2dd38-d088-4134-82b7-f2ba38496583} %windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A

[Messenger]

  {FB5F1910-F110-11d2-BB9E-00C04F795683} 

[Megaupload Toolbar]

  {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} 

[Java Plug-in 1.6.0_07]

  {8AD9C840-044E-11D1-B3E9-00805F499D93} 

[SignActivX Control]

  {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} 

[Java Plug-in 1.6.0_05]

  {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} 

[Java Plug-in 1.6.0_07]

  {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} 

[Java Plug-in 1.6.0_07]

  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} 

[Shockwave Flash Object]

  {D27CDB6E-AE6D-11CF-96B8-444553540000} 

[]

  {00011268-E188-40DF-A514-835FCD78B1BF} , 

[]

  {0026439F-A980-4F18-8C95-4F1CBBF9C1D8} , 

[IDMIEHlprObj Class]

  {0055C089-8582-441B-A0BF-17B458C2A3A8} 

[Adobe PDF Reader Link Helper]

  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} 

[]

  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} , 

[Windows Media Player]

  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} 

[]

  {25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} , 

[XSL Template]

  {2933BF94-7B36-11D2-B20E-00C04F983E60} %SystemRoot%\system32\msxml3.dll, (Signed) N/A

[]

  {39DC821C-FE03-415F-8F47-B50ADA5D7D1A} , 

[XML Document]

  {48123BC4-99D9-11D1-A6B3-00C04FD91555} %SystemRoot%\system32\msxml3.dll, (Signed) N/A

[Megaupload Toolbar]

  {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} 

[]

  {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} , 

[Shell Name Space]

  {55136805-B2DE-11D1-B9F2-00A0C98BC547} 

[Windows Media Player]

  {6BF52A52-394A-11D3-B153-00C04F79FAA6} 

[Active Desktop Mover]

  {72267F6A-A6F9-11D0-BC94-00C04FB67863} %SystemRoot%\system32\SHELL32.dll, (Signed) N/A

[SSVHelper Class]

  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} 

[Microsoft Web Browser]

  {8856F961-340A-11D0-A96B-00C04FD705A2} 

[SignActivX Control]

  {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} 

[RDS.DataSpace]

  {BD96C556-65A3-11D0-983A-00C04FC29E36} 

[fdkowvbp]

  {CB43E6DF-F6E4-4464-8AE2-F680AD49185E} 

[]

  {D187A56B-A33F-4CBE-9D77-459FC0BAE012} , 

[Shockwave Flash Object]

  {D27CDB6E-AE6D-11CF-96B8-444553540000} 

[]

  {E2E2DD38-D088-4134-82B7-F2BA38496583} , 

[WebViewFolderIcon Class]

  {E5DF9D10-3B52-11D1-83E8-00A0C90DC849} 

[]

  {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} , 

[XML HTTP Request]

  {ED8C108E-4349-11D2-91A4-00C04F7969E8} %SystemRoot%\system32\msxml3.dll, (Signed) N/A

[Free Threaded XML DOM Document]

  {F6D90F12-9C73-11D3-B32E-00C04F990BB4} %SystemRoot%\system32\msxml3.dll, (Signed) N/A

[XML HTTP]

  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} %SystemRoot%\system32\msxml3.dll, (Signed) N/A

[]

  {FB5F1910-F110-11D2-BB9E-00C04F795683} , 


==================================

Running Processes

[PID][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [ATI Technologies Inc., 6.14.10.4132]

    [C] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [ATI Technologies Inc., 6.14.10.4132]

    [C] [ATI Technologies, Inc., 6, 14, 10, 2500]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [Microsoft Corporation, 7.10.3077.0]

    [C] [Microsoft Corporation, 7.10.3052.4]

    [C] [ALWIL Software, 4, 8, 1227, 0]

[PID][C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [Microsoft Corporation, 7.10.3077.0]

    [C] [Microsoft Corporation, 7.10.3052.4]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

[PID][C] [ATI Technologies Inc., 6.14.10.4132]

    [C] [ATI Technologies, Inc., 6, 14, 10, 2500]

[PID][C] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]

    [C] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]

    [C] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]

    [C] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]

    [C] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

    [C] [Adobe Systems Incorporated, 8.0.0.2006102200]

    [C] [Adobe Systems, Inc., 8.0.0.0]

    [C] [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]

    [C] [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]

    [C] [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]

    [C] [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]

    [C] [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]

    [C] [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]

    [C] [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]

    [C] [N/A,]

    [C] [N/A,]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]

    [C] [CANON INC., 2.10.2.10]

    [C] [CANON INC., 2.10.2.10]

[PID][C] [Logitech Inc., 8.4.1.1092]

    [C] [Logitech Inc., 8.4.1.1092]

    [C] [Microsoft Corporation, 7.10.3077.0]

    [C] [Microsoft Corporation, 7.10.3052.4]

    [C] [Logitech Inc., 8.4.1.1092]

[PID][C] [Logitech Inc., 8.4.6.1012]

    [C] [Logitech Inc., 8.4.6.1012]

    [C] [LEAD Technologies, Inc., 12.1.0.058]

    [C] [Microsoft Corporation, 7.10.3077.0]

    [C] [Microsoft Corporation, 7.10.3052.4]

    [C] [Microsoft Corporation, 7.10.3077.0]

    [C] [LEAD Technologies, Inc., 12.1.0.058]

    [C] [LEAD Technologies, Inc., 12.1.0.058]

    [C] [Logitech Inc., 8.4.6.1012]

    [C] [Logitech Inc., 8.4.6.1012]

    [C] [LEAD Technologies, Inc., 12.1.0.058]

    [C] [LEAD Technologies, Inc., 12.1.0.058]

    [C] [LEAD Technologies, Inc., 12.1.0.058]

    [C] [LEAD Technologies, Inc., 12.1.0.020]

    [C] [LEAD Technologies, Inc., 12.1.0.058]

    [C] [LEAD Technologies, Inc., 12.1.0.058]

    [C] [LEAD Technologies, Inc., 12.1.0.058]

    [C] [Logitech Inc., 8.4.1.1092]

    [C] [Logitech Inc., 8.4.1.1092]

    [C] [Logitech Inc., 8.4.6.1012]

[PID][C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [Microsoft Corporation, 7.10.3077.0]

    [C] [Microsoft Corporation, 7.10.3052.4]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [Microsoft Corporation, 7.10.3077.0]

    [c] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [Codejock Software, 1, 9, 4, 0]

    [c] [ALWIL Software, 4, 8, 1227, 0]

    [c] [ALWIL Software, 4, 8, 1227, 0]

    [c] [ALWIL Software, 4, 8, 1227, 0]

    [C] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)]

    [c] [ALWIL Software, 4, 8, 1227, 0]

    [c] [ALWIL Software, 4, 8, 1227, 0]

    [c] [ALWIL Software, 4, 8, 1227, 0]

    [C] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

[PID][D] [N/A,]

    [D] [Nullsoft, Inc., 7.10.0000]

    [C] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]

[PID][C] [Sun Microsystems, Inc., 6.0.70.6]

    [C] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]

    [C] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [Creative Technology Ltd, 1.0.1.0]

[PID][C] [N/A,]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]

[PID][C] [Microsoft Corporation, 7.00.00.1954]

[PID][C] [Logitech Inc., 8.4.6.1012]

    [C] [Microsoft Corporation, 7.10.3077.0]

    [C] [Microsoft Corporation, 7.10.3052.4]

    [C] [Microsoft Corporation, 7.10.3077.0]

    [C] [Logitech Inc., 8.4.1.1092]

    [C] [Logitech Inc., 8.4.1.1092]

    [C] [Logitech Inc., 8.4.6.1012]

[PID][C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [Microsoft Corporation, 7.10.3077.0]

    [C] [Microsoft Corporation, 7.10.3052.4]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [Microsoft Corporation, 7.10.3077.0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

[PID][C] [ALWIL Software, 4, 8, 1229, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [Microsoft Corporation, 7.10.3077.0]

    [C] [Microsoft Corporation, 7.10.3052.4]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [Opera Software, 10063]

    [C] [Opera Software, 10063]

    [C] [,]

    [C] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

[PID][D] [Nullsoft, 5,5,0,1640]

    [D] [N/A,]

    [D] [Nullsoft, Inc., 7.10.0000]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [C] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]

    [C] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]

    [C] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [C] [,]

[PID][C] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]

    [C] [BackWeb, Version 6.1.4 (Build 68R)]

    [C] [N/A,]

    [C] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]

[PID][C] [Smallfrogs Studio, 2.6.12.1018]

[PID][C] [Smallfrogs Studio, 2.6.12.1018]

    [C] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]

    [C] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]

    [C] [Smallfrogs Studio, 2, 1, 0, 15]


==================================

File Associations

.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]

.EXE OK. ["%1" %*]

.COM OK. ["%1" %*]

.PIF OK. ["%1" %*]

.REG OK. [regedit.exe "%1"]

.BAT OK. ["%1" %*]

.SCR OK. ["%1" /S]

.CHM OK. ["C:\WINDOWS\hh.exe" %1]

.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]

.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]

.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]

.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]

.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]

.LNK OK. [{00021401-0000-0000-C000-000000000046}]


==================================

Winsock Provider

N/A


==================================

Autorun.Inf

N/A


==================================

HOSTS File

127.0.0.1 localhost


==================================

Process Privileges Scan

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1892, C:\WINDOWS\SYSTEM32\LVCOMSX.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1924, C:\PROGRAM FILES\LOGITECH\VIDEO\LOGITRAY.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1956, D:\ODTWARZACZE\WINAMP 5.5\WINAMPA.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1716, C:\PROGRAM FILES\LOGITECH\VIDEO\FXSVR2.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3356, C:\PROGRAM FILES\OPERA\OPERA.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3380, D:\ODTWARZACZE\WINAMP 5.5\WINAMP.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1884, C:\DOCUMENTS AND SETTINGS\BRZEZOO\PULPIT\SRENG2\SRENGLDR.EXE]


==================================

API HOOK

N/A


==================================

Hidden Process

N/A


==================================

(huber2t) #9

fix w hijackthis

Pobierz ComboFix, ale nie uruchamiaj

Otwórz notatnik i wklej do niego:

Folder::

C:\WINDOWS\privacy_danger

Plik -> zapisz jako -> CFScript.txt.

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

02f8f1e3c410a4cc.gif

Rozpocznie się usuwanie i powstanie log, który dasz na forum.

Logi dajesz na http://wklejto.pl lub na http://wklej.org a w poście dajesz tylko link


(Brzezoo) #10

link do log-a z combofix

http://wklejto.pl/6740


(huber2t) #11

Pobierz ComboFix, ale nie uruchamiaj

Otwórz notatnik i wklej do niego:

File::

C:\WINDOWS\~GLC0000.TMP


Driver:: 

Winbg82

Winfk82


Registry::

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winbg82.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfk82.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winko50.sys]

Plik -> zapisz jako -> CFScript.txt.

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

02f8f1e3c410a4cc.gif

Rozpocznie się usuwanie i powstanie log, który dasz na forum.

Logi dajesz na http://wklejto.pl lub na http://wklej.org a w poście dajesz tylko link


(Brzezoo) #12

link do log-a z combofix

http://wklejto.pl/6745


(huber2t) #13

Log wyglada na czysty

usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!


(Brzezoo) #14

Dziękuję bardzo za pomoc jestem w trakcjie wykonywanie powyższych poleceń


(huber2t) #15

Sorry jeszcze coś sie znalazło:

Pobierz ComboFix, ale nie uruchamiaj

Otwórz notatnik i wklej do niego:

File::

C:\WINDOWS\system32\opnkliGa.dll

C:\WINDOWS\grswptdl.exe

Plik -> zapisz jako -> CFScript.txt.

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

02f8f1e3c410a4cc.gif

Rozpocznie się usuwanie i powstanie log, który dasz na forum.

Logi dajesz na http://wklejto.pl lub na http://wklej.org a w poście dajesz tylko link


(Brzezoo) #16

log po combofixem

http://wklejto.pl/6751


(Spandau) #17

Log wygląda na czysty.

usuń folder C: \Qoobox oraz instalkę Combofix z dysku.

Przeczyść system oraz rejestr CCleaner

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar Mój komputer Kaspersky Online Scanner Uruchom pod IE daj raport na forum

lub Dr.WEB CureIt!


(Brzezoo) #18

Dzięki

teraz włączam skan kaspersky


(Leon$) #19

Po skanie

Otwórz notatnik i wklej

zapisz jako plik.reg >> wszystkie pliki >> scal z rejestrem >> restart

b57f17008275c957m.jpg

powstanie plik o takiej ikonie

062aec4c9b51c033m.jpg

w który dwa razy klikniesz potwierdzisz chęć dodania do rejestru potem restart

Uruchom System Repair Engineer zakładka System repair Browser Add-ons odszukaj i usuń

Ponad to nie ma pewności czy usunął się jeden plik nie dałeś loga

Pobierz i uruchom narzędzie The Avenger Zaznaczasz tekst podany do usunięcia na forum

kopiuj klikasz na Paste Script from Clipboard Execute Potwierdzasz i zgadzasz się na restart klikając OK.

Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt

:slight_smile:


(Brzezoo) #20

post do avenger

http://wklejto.pl/6761

post do kaspersky

http://wklejto.pl/6758

post do System Repair Engineer

http://wklejto.pl/6760