Problem z usunięciem programu XP Antivirus 2008

prawie całego wyrzuciłem z komputera ale wirusy dalej wchodzą i dalej częśc programu istnieje

Pliki shlwapi.dll i wininet.dll istnieją i program UNLOCKER nie uwolnił wszystkich

Wysyłam log z Hijackthis i proszę o pomoc

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:44, on 2008-07-26

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Avast4\aswUpdSv.exe

C:\Program Files\Avast4\ashServ.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\TEMP\BN1.tmp

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\PROGRA~1\Avast4\ashDisp.exe

D:\odtwarzacze\Winamp 5.5\winampa.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\lphcgm6j0ea4l.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\imapi.exe

C:\Program Files\Avast4\ashMaiSv.exe

C:\Program Files\Opera\opera.exe

C:\Program Files\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

D:\odtwarzacze\Winamp 5.5\winamp.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\rhclm6j0ea4l\sdsd.exe

C:\Program Files\Unlocker\Unlocker.exe

C:\Program Files\Unlocker\Unlocker.exe

C:\Program Files\Unlocker\Unlocker.exe

C:\Program Files\Unlocker\Unlocker.exe

C:\Program Files\Unlocker\Unlocker.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Unlocker\Unlocker.exe

C:\Program Files\Unlocker\Unlocker.exe

C:\Program Files\Unlocker\Unlocker.exe

C:\Program Files\Unlocker\Unlocker.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\brzezoo\Moje dokumenty\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {39DC821C-FE03-415F-8F47-B50ADA5D7D1A} - C:\WINDOWS\system32\khfFUOii.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: fdkowvbp - {CB43E6DF-F6E4-4464-8AE2-F680AD49185E} - C:\WINDOWS\fdkowvbp.dll

O4 - HKLM…\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM…\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM…\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM…\Run: [Jet Detection] “C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe”

O4 - HKLM…\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM…\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM…\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe

O4 - HKLM…\Run: [WinampAgent] “D:\odtwarzacze\Winamp 5.5\winampa.exe”

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”

O4 - HKLM…\Run: [lphcgm6j0ea4l] C:\WINDOWS\system32\lphcgm6j0ea4l.exe

O4 - HKLM…\Run: [sMrhclm6j0ea4l] C:\Program Files\rhclm6j0ea4l\rhclm6j0ea4l.exe

O4 - HKLM…\Run: [advap32] C:\DOCUME~1\brzezoo\USTAWI~1\Temp\scksexde.exe/r

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU…\Run: [LogitechSoftwareUpdate] “C:\Program Files\Logitech\Video\ManifestEngine.exe” boot

O4 - HKCU…\Run: [HDDHealth] C:\Program Files\HDD Health-DIAGNOSTA DYSKÓW\hddhealth.exe -wl

O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/sezam/components/SignActivX.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: khfFUOii - C:\WINDOWS\SYSTEM32\khfFUOii.dll

O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll

O21 - SSODL: eqvwamkl - {C73B349D-2BF2-4755-A909-4243A6611BDA} - C:\WINDOWS\eqvwamkl.dll

O21 - SSODL: wnslvxtf - {5E357320-0E61-42ED-ADF0-E644E7CBF875} - C:\WINDOWS\wnslvxtf.dll (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

wpisy

usuń HijackThisem >> Fix checked

Pobierz Combofix http://www.searchengines.pl/index.php?s … ntry395642 ale nie włączaj.

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri … iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

Pobierz System Repair Engineer

http://www.cybertrash.pl/images/tata/System%20Repair/System%20Repair%20Engineer.html

przeskanuj daj log

:slight_smile:

nie mogę usunąc tych wpisów HiJackThis

Najpierw wykonaj wskazówkę z combofix a później z hijackthis

tak się to usuwa

włącz HijackThis >> Do a system scan only >> w oknie programu pokaże się log >> zaznacz kratki przy podanych wpisach >> klikasz Fix checked

:slight_smile:

usunałem tylko czesc te sie nie usunely:

O2 - BHO: (no name) - {39DC821C-FE03-415F-8F47-B50ADA5D7D1A} - C:\WINDOWS\system32\khfFUOii.dll

O4 - HKLM…\Run: [sMrhclm6j0ea4l] C:\Program Files\rhclm6j0ea4l\rhclm6j0ea4l.exe

O20 - Winlogon Notify: khfFUOii - C:\WINDOWS\SYSTEM32\khfFUOii.dll

O21 - SSODL: eqvwamkl - {C73B349D-2BF2-4755-A909-4243A6611BDA} - C:\WINDOWS\eqvwamkl.dll

robic dalelej ta operacje z comboFix mimo to?

oczywiście że tak już hubert ci napisał

:slight_smile:

DZiękuję za wszystkie porady

przesyłam logi

  1. po Combnofixem - coś się zawiesiło i nie do końca działał program, ale po ponownym włączeniu komputera, nie było juz programu XP Antivirus 2008 są tylko shlwapi.dll i wininet.dll i nie wszystkie programy z nich dało się uwolnic

  2. log hijackthis

  3. log System Repair Engineer

ComboFix 08-07-26.1 - brzezoo 2008-07-26 21:26:22.10 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.162 [GMT 2:00]

Running from: C:\Documents and Settings\brzezoo\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\brzezoo\Pulpit\CFScript.txt.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

FILE ::

C:\DOCUME~1\brzezoo\USTAWI~1\Temp\scksexde.exe

C:\WINDOWS\eqvwamkl.dll

C:\WINDOWS\fdkowvbp.dll

C:\WINDOWS\system32\khfFUOii.dll

C:\WINDOWS\system32\lphcgm6j0ea4l.exe

C:\WINDOWS\SYSTEM32\WinCtrl32.dll

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:28:25, on 2008-07-27

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Avast4\aswUpdSv.exe

C:\Program Files\Avast4\ashServ.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\PROGRA~1\Avast4\ashDisp.exe

D:\odtwarzacze\Winamp 5.5\winampa.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\Avast4\ashMaiSv.exe

C:\Program Files\Avast4\ashWebSv.exe

C:\Program Files\Opera\opera.exe

D:\odtwarzacze\Winamp 5.5\winamp.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\brzezoo\Moje dokumenty\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM…\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM…\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM…\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM…\Run: [Jet Detection] “C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe”

O4 - HKLM…\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM…\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM…\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe

O4 - HKLM…\Run: [WinampAgent] “D:\odtwarzacze\Winamp 5.5\winampa.exe”

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”

O4 - HKLM…\Run: [unlockerAssistant] “C:\Program Files\Unlocker\UnlockerAssistant.exe”

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU…\Run: [LogitechSoftwareUpdate] “C:\Program Files\Logitech\Video\ManifestEngine.exe” boot

O4 - HKCU…\Run: [HDDHealth] C:\Program Files\HDD Health-DIAGNOSTA DYSKÓW\hddhealth.exe -wl

O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/sezam/components/SignActivX.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

End of file - 6684 bytes

2008-07-27,09:33:04


System Repair Engineer 2.6.12.1018

Smallfrogs (http://www.KZTechs.com)


Windows XP Professional Dodatek Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed


Follow item(s) have been selected:

    All Boot Items (Including Registry, Startup Folders, Services and so on)

    Browser Add-ons

    Running Processes (Including process model information)

    File Associations

    Winsock Provider

    Autorun.Inf

    HOSTS File

    Process Privileges Scan



Boot Items

Registry

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  [(Verified)Microsoft Windows Publisher]
  [Logitech]
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot [File is missing]
  [File is missing]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [(Verified)Skype Technologies SA]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  [(Verified)Canon Inc.]
  [Creative Technology Ltd]
  [Creative Technology Ltd.]
"C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" []
  [Logitech Inc.]
  [Logitech Inc.]
  [Logitech Inc.]
  [(Verified)ALWIL Software]
"D:\odtwarzacze\Winamp 5.5\winampa.exe" []
"C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [(Verified)"Sun Microsystems, Inc."]
"C:\Program Files\Unlocker\UnlockerAssistant.exe" []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  [(Verified)Microsoft Windows Component Publisher]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  [N/A]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

    {39DC821C-FE03-415F-8F47-B50ADA5D7D1A} [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
  [(Verified)Microsoft Corporation]

[HKEY_CURRENT_USER\Control Panel\Desktop]
  [File is missing]


==================================

Startup Folders

[Adobe Reader Synchronizer]
 C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE []

[Logitech Desktop Messenger]
 C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe [Logitech]

[Microsoft Office]
 C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]


==================================

Services

[avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start]

  "C:\Program Files\Avast4\aswUpdSv.exe"

[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]


[ATI Smart / ATI Smart][Stopped/Auto Start]


[avast! Antivirus / avast! Antivirus][Running/Auto Start]

  "C:\Program Files\Avast4\ashServ.exe"

[avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start]

  "C:\Program Files\Avast4\ashMaiSv.exe" /service

[avast! Web Scanner / avast! Web Scanner][Running/Manual Start]

  "C:\Program Files\Avast4\ashWebSv.exe" /service

[Creative Service for CDROM Access / Creative Service for CDROM Access][Running/Auto Start]


[Dostęp do urządzeń interfejsu HID / HidServ][Stopped/Disabled]
%SystemRoot%\System32\hidserv.dll

[PIXMA Extended Survey Program / IJPLMSVC][Stopped/Manual Start]


[STI Simulator / STI Simulator][Running/Auto Start]


[WMDM PMSP Service / WMDM PMSP Service][Running/Auto Start]



==================================

Drivers

[aswFsBlk / aswFsBlk][Running/Auto Start]


[ati2mtag / ati2mtag][Running/Manual Start]


[catchme / catchme][Stopped/Manual Start]

  \??\C:\ComboFix\catchme.sys

[Creative AC3 Software Decoder / ctac32k][Running/Manual Start]


[Creative Audio Driver (WDM) / ctaud2k][Running/Manual Start]


[Creative DVD-Audio Device Driver / ctdvda2k][Stopped/Manual Start]


[Port gier dla karty Creative SB Live! / ctljystk][Stopped/Manual Start]


[Creative Proxy Driver / ctprxy2k][Running/Manual Start]


[Creative SoundFont Management Device Driver / ctsfm2k][Running/Manual Start]


[E-mu Plug-in Architecture Driver / emupia][Running/Manual Start]


[Creative Hardware Abstract Layer Driver / ha10kx2k][Running/Manual Start]


[Creative P16V HAL Driver / hap16v2k][Stopped/Manual Start]


[Logitech USB Monitor Filter / LVUSBSta][Running/Manual Start]


[Creative OS Services Driver / ossrv][Running/Manual Start]


[Volume Adapter / pepifilter][Running/Manual Start]


[PfModNT / PfModNT][Running/Auto Start]

  \??\C:\WINDOWS\system32\drivers\PfModNT.sys

[QuickCam IM(PID_08A0) / PID_08A0][Running/Manual Start]


[Sterownik bezpośredniego połączenia kablowego / Ptilink][Running/Manual Start]


[PxHelp20 / PxHelp20][Running/Boot Start]

  \SystemRoot\System32\Drivers\PxHelp20.sys

[Sterownik NT karty Realtek RTL8139(A/B/C)-based PCI Fast Ethernet / rtl8139][Running/Manual Start]


[Secdrv / Secdrv][Stopped/Manual Start]


[Filtr magistrali AGP SIS / sisagp][Running/Boot Start]

  \SystemRoot\system32\DRIVERS\sisagp.sys

[VIA USB Host Controller Lower Filter / vulfnths][Stopped/Manual Start]

  \SystemRoot\System32\Drivers\vulfnth.sys

[VIA USB Roothub Lower Filter / vulfntrs][Stopped/Manual Start]

  \SystemRoot\System32\Drivers\vulfntr.sys

[Winbg82 / Winbg82][Stopped/Boot Start]

  \SystemRoot\System32\Drivers\Winbg82.sys

[Winfk82 / Winfk82][Stopped/Boot Start]

  \SystemRoot\System32\Drivers\Winfk82.sys


==================================

Browser Add-ons

[Adobe PDF Reader Link Helper]

  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} 

[Megaupload Toolbar]

  {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} 

[SSVHelper Class]

  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} 

[Java Plug-in 1.6.0_07]

  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} 

[]

  {e2e2dd38-d088-4134-82b7-f2ba38496583} %windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A

[Messenger]

  {FB5F1910-F110-11d2-BB9E-00C04F795683} 

[Megaupload Toolbar]

  {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} 

[Java Plug-in 1.6.0_07]

  {8AD9C840-044E-11D1-B3E9-00805F499D93} 

[SignActivX Control]

  {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} 

[Java Plug-in 1.6.0_05]

  {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} 

[Java Plug-in 1.6.0_07]

  {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} 

[Java Plug-in 1.6.0_07]

  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} 

[Shockwave Flash Object]

  {D27CDB6E-AE6D-11CF-96B8-444553540000} 

[]

  {00011268-E188-40DF-A514-835FCD78B1BF} , 

[]

  {0026439F-A980-4F18-8C95-4F1CBBF9C1D8} , 

[IDMIEHlprObj Class]

  {0055C089-8582-441B-A0BF-17B458C2A3A8} 

[Adobe PDF Reader Link Helper]

  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} 

[]

  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} , 

[Windows Media Player]

  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} 

[]

  {25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} , 

[XSL Template]

  {2933BF94-7B36-11D2-B20E-00C04F983E60} %SystemRoot%\system32\msxml3.dll, (Signed) N/A

[]

  {39DC821C-FE03-415F-8F47-B50ADA5D7D1A} , 

[XML Document]

  {48123BC4-99D9-11D1-A6B3-00C04FD91555} %SystemRoot%\system32\msxml3.dll, (Signed) N/A

[Megaupload Toolbar]

  {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} 

[]

  {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} , 

[Shell Name Space]

  {55136805-B2DE-11D1-B9F2-00A0C98BC547} 

[Windows Media Player]

  {6BF52A52-394A-11D3-B153-00C04F79FAA6} 

[Active Desktop Mover]

  {72267F6A-A6F9-11D0-BC94-00C04FB67863} %SystemRoot%\system32\SHELL32.dll, (Signed) N/A

[SSVHelper Class]

  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} 

[Microsoft Web Browser]

  {8856F961-340A-11D0-A96B-00C04FD705A2} 

[SignActivX Control]

  {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} 

[RDS.DataSpace]

  {BD96C556-65A3-11D0-983A-00C04FC29E36} 

[fdkowvbp]

  {CB43E6DF-F6E4-4464-8AE2-F680AD49185E} 

[]

  {D187A56B-A33F-4CBE-9D77-459FC0BAE012} , 

[Shockwave Flash Object]

  {D27CDB6E-AE6D-11CF-96B8-444553540000} 

[]

  {E2E2DD38-D088-4134-82B7-F2BA38496583} , 

[WebViewFolderIcon Class]

  {E5DF9D10-3B52-11D1-83E8-00A0C90DC849} 

[]

  {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} , 

[XML HTTP Request]

  {ED8C108E-4349-11D2-91A4-00C04F7969E8} %SystemRoot%\system32\msxml3.dll, (Signed) N/A

[Free Threaded XML DOM Document]

  {F6D90F12-9C73-11D3-B32E-00C04F990BB4} %SystemRoot%\system32\msxml3.dll, (Signed) N/A

[XML HTTP]

  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} %SystemRoot%\system32\msxml3.dll, (Signed) N/A

[]

  {FB5F1910-F110-11D2-BB9E-00C04F795683} , 


==================================

Running Processes

[PID][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [ATI Technologies Inc., 6.14.10.4132]

    [C] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [ATI Technologies Inc., 6.14.10.4132]

    [C] [ATI Technologies, Inc., 6, 14, 10, 2500]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [Microsoft Corporation, 7.10.3077.0]

    [C] [Microsoft Corporation, 7.10.3052.4]

    [C] [ALWIL Software, 4, 8, 1227, 0]

[PID][C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [Microsoft Corporation, 7.10.3077.0]

    [C] [Microsoft Corporation, 7.10.3052.4]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

[PID][C] [ATI Technologies Inc., 6.14.10.4132]

    [C] [ATI Technologies, Inc., 6, 14, 10, 2500]

[PID][C] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]

    [C] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]

    [C] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]

    [C] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]

    [C] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

    [C] [Adobe Systems Incorporated, 8.0.0.2006102200]

    [C] [Adobe Systems, Inc., 8.0.0.0]

    [C] [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]

    [C] [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]

    [C] [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]

    [C] [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]

    [C] [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]

    [C] [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]

    [C] [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]

    [C] [N/A,]

    [C] [N/A,]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]

    [C] [CANON INC., 2.10.2.10]

    [C] [CANON INC., 2.10.2.10]

[PID][C] [Logitech Inc., 8.4.1.1092]

    [C] [Logitech Inc., 8.4.1.1092]

    [C] [Microsoft Corporation, 7.10.3077.0]

    [C] [Microsoft Corporation, 7.10.3052.4]

    [C] [Logitech Inc., 8.4.1.1092]

[PID][C] [Logitech Inc., 8.4.6.1012]

    [C] [Logitech Inc., 8.4.6.1012]

    [C] [LEAD Technologies, Inc., 12.1.0.058]

    [C] [Microsoft Corporation, 7.10.3077.0]

    [C] [Microsoft Corporation, 7.10.3052.4]

    [C] [Microsoft Corporation, 7.10.3077.0]

    [C] [LEAD Technologies, Inc., 12.1.0.058]

    [C] [LEAD Technologies, Inc., 12.1.0.058]

    [C] [Logitech Inc., 8.4.6.1012]

    [C] [Logitech Inc., 8.4.6.1012]

    [C] [LEAD Technologies, Inc., 12.1.0.058]

    [C] [LEAD Technologies, Inc., 12.1.0.058]

    [C] [LEAD Technologies, Inc., 12.1.0.058]

    [C] [LEAD Technologies, Inc., 12.1.0.020]

    [C] [LEAD Technologies, Inc., 12.1.0.058]

    [C] [LEAD Technologies, Inc., 12.1.0.058]

    [C] [LEAD Technologies, Inc., 12.1.0.058]

    [C] [Logitech Inc., 8.4.1.1092]

    [C] [Logitech Inc., 8.4.1.1092]

    [C] [Logitech Inc., 8.4.6.1012]

[PID][C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [Microsoft Corporation, 7.10.3077.0]

    [C] [Microsoft Corporation, 7.10.3052.4]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [Microsoft Corporation, 7.10.3077.0]

    [c] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [Codejock Software, 1, 9, 4, 0]

    [c] [ALWIL Software, 4, 8, 1227, 0]

    [c] [ALWIL Software, 4, 8, 1227, 0]

    [c] [ALWIL Software, 4, 8, 1227, 0]

    [C] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)]

    [c] [ALWIL Software, 4, 8, 1227, 0]

    [c] [ALWIL Software, 4, 8, 1227, 0]

    [c] [ALWIL Software, 4, 8, 1227, 0]

    [C] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

[PID][D] [N/A,]

    [D] [Nullsoft, Inc., 7.10.0000]

    [C] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]

[PID][C] [Sun Microsystems, Inc., 6.0.70.6]

    [C] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]

    [C] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [Creative Technology Ltd, 1.0.1.0]

[PID][C] [N/A,]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]

[PID][C] [Microsoft Corporation, 7.00.00.1954]

[PID][C] [Logitech Inc., 8.4.6.1012]

    [C] [Microsoft Corporation, 7.10.3077.0]

    [C] [Microsoft Corporation, 7.10.3052.4]

    [C] [Microsoft Corporation, 7.10.3077.0]

    [C] [Logitech Inc., 8.4.1.1092]

    [C] [Logitech Inc., 8.4.1.1092]

    [C] [Logitech Inc., 8.4.6.1012]

[PID][C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [Microsoft Corporation, 7.10.3077.0]

    [C] [Microsoft Corporation, 7.10.3052.4]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [Microsoft Corporation, 7.10.3077.0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

[PID][C] [ALWIL Software, 4, 8, 1229, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [Microsoft Corporation, 7.10.3077.0]

    [C] [Microsoft Corporation, 7.10.3052.4]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

    [C] [ALWIL Software, 4, 8, 1227, 0]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [Opera Software, 10063]

    [C] [Opera Software, 10063]

    [C] [,]

    [C] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

[PID][D] [Nullsoft, 5,5,0,1640]

    [D] [N/A,]

    [D] [Nullsoft, Inc., 7.10.0000]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [C] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]

    [C] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]

    [C] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [D] [N/A,]

    [C] [,]

[PID][C] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]

    [C] [BackWeb, Version 6.1.4 (Build 68R)]

    [C] [N/A,]

    [C] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]

[PID][C] [Smallfrogs Studio, 2.6.12.1018]

[PID][C] [Smallfrogs Studio, 2.6.12.1018]

    [C] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]

    [C] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]

    [C] [Smallfrogs Studio, 2, 1, 0, 15]


==================================

File Associations

.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]

.EXE OK. ["%1" %*]

.COM OK. ["%1" %*]

.PIF OK. ["%1" %*]

.REG OK. [regedit.exe "%1"]

.BAT OK. ["%1" %*]

.SCR OK. ["%1" /S]

.CHM OK. ["C:\WINDOWS\hh.exe" %1]

.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]

.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]

.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]

.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]

.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]

.LNK OK. [{00021401-0000-0000-C000-000000000046}]


==================================

Winsock Provider

N/A


==================================

Autorun.Inf

N/A


==================================

HOSTS File

127.0.0.1 localhost


==================================

Process Privileges Scan

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1892, C:\WINDOWS\SYSTEM32\LVCOMSX.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1924, C:\PROGRAM FILES\LOGITECH\VIDEO\LOGITRAY.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1956, D:\ODTWARZACZE\WINAMP 5.5\WINAMPA.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1716, C:\PROGRAM FILES\LOGITECH\VIDEO\FXSVR2.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3356, C:\PROGRAM FILES\OPERA\OPERA.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3380, D:\ODTWARZACZE\WINAMP 5.5\WINAMP.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1884, C:\DOCUMENTS AND SETTINGS\BRZEZOO\PULPIT\SRENG2\SRENGLDR.EXE]


==================================

API HOOK

N/A


==================================

Hidden Process

N/A


==================================

fix w hijackthis

Pobierz ComboFix, ale nie uruchamiaj

Otwórz notatnik i wklej do niego:

Folder::

C:\WINDOWS\privacy_danger

Plik -> zapisz jako -> CFScript.txt.

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

02f8f1e3c410a4cc.gif

Rozpocznie się usuwanie i powstanie log, który dasz na forum.

Logi dajesz na http://wklejto.pl lub na http://wklej.org a w poście dajesz tylko link

link do log-a z combofix

http://wklejto.pl/6740

Pobierz ComboFix, ale nie uruchamiaj

Otwórz notatnik i wklej do niego:

File::

C:\WINDOWS\~GLC0000.TMP


Driver:: 

Winbg82

Winfk82


Registry::

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winbg82.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfk82.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winko50.sys]

Plik -> zapisz jako -> CFScript.txt.

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

02f8f1e3c410a4cc.gif

Rozpocznie się usuwanie i powstanie log, który dasz na forum.

Logi dajesz na http://wklejto.pl lub na http://wklej.org a w poście dajesz tylko link

link do log-a z combofix

http://wklejto.pl/6745

Log wyglada na czysty

usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!

Dziękuję bardzo za pomoc jestem w trakcjie wykonywanie powyższych poleceń

Sorry jeszcze coś sie znalazło:

Pobierz ComboFix, ale nie uruchamiaj

Otwórz notatnik i wklej do niego:

File::

C:\WINDOWS\system32\opnkliGa.dll

C:\WINDOWS\grswptdl.exe

Plik -> zapisz jako -> CFScript.txt.

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

02f8f1e3c410a4cc.gif

Rozpocznie się usuwanie i powstanie log, który dasz na forum.

Logi dajesz na http://wklejto.pl lub na http://wklej.org a w poście dajesz tylko link

log po combofixem

http://wklejto.pl/6751

Log wygląda na czysty.

usuń folder C: \Qoobox oraz instalkę Combofix z dysku.

Przeczyść system oraz rejestr CCleaner

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar Mój komputer Kaspersky Online Scanner Uruchom pod IE daj raport na forum

lub Dr.WEB CureIt!

Dzięki

teraz włączam skan kaspersky

Po skanie

Otwórz notatnik i wklej

zapisz jako plik.reg >> wszystkie pliki >> scal z rejestrem >> restart

b57f17008275c957m.jpg

powstanie plik o takiej ikonie

062aec4c9b51c033m.jpg

w który dwa razy klikniesz potwierdzisz chęć dodania do rejestru potem restart

Uruchom System Repair Engineer zakładka System repair Browser Add-ons odszukaj i usuń

Ponad to nie ma pewności czy usunął się jeden plik nie dałeś loga

Pobierz i uruchom narzędzie The Avenger Zaznaczasz tekst podany do usunięcia na forum

kopiuj klikasz na Paste Script from Clipboard Execute Potwierdzasz i zgadzasz się na restart klikając OK.

Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt

:slight_smile:

post do avenger

http://wklejto.pl/6761

post do kaspersky

http://wklejto.pl/6758

post do System Repair Engineer

http://wklejto.pl/6760