Mimet
23 Marzec 2008 21:07
#1
Witam
Jestem nowa i nie jestem zzbyt zorientowana w tematyce bezpieczenstwa komputerów, tak więc proszę o pomoc. Generalnie, jak w temacie, duzy mam problem z programem bitdefender ( nie da sie go odinstalowac ani nic innego z nim zrobic), komputer działa powoli (baaaardzo powoli), całkowite zajęcie wydajności i inne których nie jestem w stanie wymienić.
Zamieszczam log hjt:
Logfile of HijackThis v1.99.1
Scan saved at 21:58:52, on 2008-03-23
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\CTsvcCDA.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\hidserv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\RYKACZ~1\USTAWI~1\Temp\Rar$EX02.594\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: iMesh MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\iMesh applications\iMesh MediaBar\MediaBar.dll (file missing)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz 10.1 Pro\odk_mcd.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ping 64 dale 01] C:\Documents and Settings\All Users\Dane aplikacji\modeballping64\Test 2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Spik] C:\Program Files\Spik\Spik.exe -autostart
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [AlexaToolbar] C:\WINNT\alt.exe
O4 - HKCU\..\Run: [AVKBar] "C:\Program Files\AntiVirenKit\AVKBar.exe"
O4 - HKCU\..\Run: [Acid Five] C:\DOCUME~1\RYKACZ~1\DANEAP~1\MPEGLE~1\hide show.exe
O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O4 - HKCU\..\Run: [ares lite] "C:\Program Files\Ares Lite\Ares.exe" -h
O4 - HKCU\..\Run: [filecroc] "C:\Program Files\FileCroc\FileCroc.exe" -h
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [VS Online] C:\VSOnline.exe /tray
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O15 - Trusted Zone: http://arcaonline.arcabit.com
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.netsecure.pl/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126653227125
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll
O23 - Service: ArcaVir Antivirus Monitor Service (ArcaVirMonitor) - Unknown owner - C:\Program Files\ArcaBit\ArcaVir\AvMon.exe (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.exe
O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Mimet
23 Marzec 2008 21:59
#3
Zrobione :
nowy log:
Logfile of HijackThis v1.99.1
Scan saved at 22:57:42, on 2008-03-23
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\CTsvcCDA.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\hidserv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\RYKACZ~1\USTAWI~1\Temp\Rar$EX00.516\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: iMesh MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\iMesh applications\iMesh MediaBar\MediaBar.dll (file missing)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz 10.1 Pro\odk_mcd.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ping 64 dale 01] C:\Documents and Settings\All Users\Dane aplikacji\modeballping64\Test 2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Spik] C:\Program Files\Spik\Spik.exe -autostart
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [AlexaToolbar] C:\WINNT\alt.exe
O4 - HKCU\..\Run: [AVKBar] "C:\Program Files\AntiVirenKit\AVKBar.exe"
O4 - HKCU\..\Run: [Acid Five] C:\DOCUME~1\RYKACZ~1\DANEAP~1\MPEGLE~1\hide show.exe
O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O4 - HKCU\..\Run: [ares lite] "C:\Program Files\Ares Lite\Ares.exe" -h
O4 - HKCU\..\Run: [filecroc] "C:\Program Files\FileCroc\FileCroc.exe" -h
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [VS Online] C:\VSOnline.exe /tray
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O15 - Trusted Zone: http://arcaonline.arcabit.com
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.netsecure.pl/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126653227125
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll
O23 - Service: ArcaVir Antivirus Monitor Service (ArcaVirMonitor) - Unknown owner - C:\Program Files\ArcaBit\ArcaVir\AvMon.exe (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.exe
O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Czy należy zrobić coś jeszcze?
Części składowych programu bitdefender nadal nie mogę usunąć, pojawia sie komunikat: brak dostępu, plik źródłowy moze byc uzywany. nie deinstalowałam programu bo się nie dało, częściowo pousuwałam to co sie dało. w menadzerze zadan nie mozna zatrzymac procesów.
sonnor
23 Marzec 2008 22:14
#4
w trybie awaryjnym pousuwaj wszystkie składniki “bitdefendera” … łącznie z wpisami w rejestrze … bitdefender … według mnie to jeden z lepszych programów AV … ale Twoja decyzja …
dawidek11
23 Marzec 2008 22:40
#5
Jeśli masz Bitdefender w wersji 9 i znasz angielski to link jak usunąć http://www.bitdefender.com/KB278-world–Additional-BitDefender-9-Professional-uninstall-methods.html
Dlaczego używasz 2 antywirusy , to może być powodem bardzo wolnego systemu :!:
Znasz to?
Poniższe wpisy zafixuj w Hijackthis czyli zaptaszkuj wpiszy i kliknij na Fix Checked …
Pobierz comboFix’a http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Wklej do Notatnika :
>>Plik>>Zapisz jako… >>> CFScript.txt
Przeciagnij i upusc plik CFScript.txt na plik ComboFix.exe (czyli ikonke CFScript.txt na ikonke ComboFix.exe)
Nastapi usuwanie , po tym ComboFix wygweneruje log który wklej na wklej.org a w poscie podaj tylko link .
Mimet
23 Marzec 2008 23:30
#6
niestety czapa. przy przeciaganiu CFScript na combofix wyskakuje komunikat: Nie można zaimportować import: błąd przy otwieraniu pliku. Mogła nastąpić awaria systemowa dysku albo pliku.
dawidek11
23 Marzec 2008 23:59
#7
C:\WINNT\ alt.exe plik alt.exe oraz folder AskSBar C:\Program Files\ AskSBar wywal z dysku w trybie awaryjnym z wyłączony przywracaniem systemu . Pozdrawiam
Mimet
24 Marzec 2008 11:28
#8
WINNT/alt.exe nie zdołałam znaleźć , AskSbar usunięty. Przy przenoszeniu CFScript na combofix nadal wyświetla sie komunikat - Nie można zaimportować import: błąd przy otwieraniu pliku. Mogła nastąpić awaria systemowa dysku albo pliku.
Jakieś sugestie?
dawidek11
24 Marzec 2008 13:00
#9
Sciagnij -->Avenger. http://swandog46.geekstogo.com/avenger2/avenger.exe
Wklej do niego to:
Klikasz w Execute i zatwierdzasz reset kompa.
Potem pokaż Log z Avengera znajduje się w C:\avenger.txt. .
Mimet
24 Marzec 2008 14:25
#10
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows 2000
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: file "C:\WINNT\alt.exe" not found!
Deletion of file "C:\WINNT\alt.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Completed script processing.
*******************
Finished! Terminate.
hehe, przypadek pewnie jedyny w swoim rodzaju.
jessica
24 Marzec 2008 14:59
#11
Avenger nic nie usuwał, bo nic nie było.
Widzę w logu Hijacka, że masz infekcję " LOP ", więc:
Daj log z -->DSS
Log wklej na http://wklej.org/
jessi
Mimet
24 Marzec 2008 15:23
#12
Gotowe (wklej.org chwilowo nie działa)
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Backed up registry hives.
Performed disk cleanup.
[color=red]Total Physical Memory: 128 MiB (256 MiB recommended).[/color]
[color=red]System Drive C: has 0.88 GiB (less than 15%) free.[/color]
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-24 16:15:56
Platform: Windows 2000 Service Pack 4 (5.00.2195)
MSIE: Internet Explorer (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\system32\smss.exe
C:\WINNT\system32\WINLOGON.EXE
C:\WINNT\system32\SERVICES.EXE
C:\WINNT\system32\LSASS.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\CTSVCCDA.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\mstask.exe
C:\WINNT\system32\wbem\winmgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\notepad.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINNT\system32\svchost.exe
C:\Documents and Settings\Rykaczewska\Pulpit\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar4.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz 10.1 Pro\odk_mcd.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ping 64 dale 01] C:\Documents and Settings\All Users\Dane aplikacji\modeballping64\Test 2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Spik] C:\Program Files\Spik\Spik.exe -autostart
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [AVKBar] "C:\Program Files\AntiVirenKit\AVKBar.exe"
O4 - HKCU\..\Run: [Acid Five] C:\DOCUME~1\RYKACZ~1\DANEAP~1\MPEGLE~1\hide show.exe
O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O4 - HKCU\..\Run: [ares lite] "C:\Program Files\Ares Lite\Ares.exe" -h
O4 - HKCU\..\Run: [filecroc] "C:\Program Files\FileCroc\FileCroc.exe" -h
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [VS Online] C:\VSOnline.exe /tray
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = ?
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O15 - Trusted Zone: http://arcaonline.arcabit.com (HKCU)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/fhg.CAB
O16 - DPF: {32564D57-0000-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/wmv8ax.cab
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.netsecure.pl/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126653227125
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll
O23 - Service: ArcaVir Antivirus Monitor Service (ArcaVirMonitor) - Unknown owner - C:\Program Files\ArcaBit\ArcaVir\AvMon.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTSVCCDA.EXE
O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) - VERITAS Software Corp. - C:\WINNT\system32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
--
End of file - 10893 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\winnt\system32\drivers\prohlp02.sys
R0 prosync1 (StarForce Protection Synchronization Driver v1) - c:\winnt\system32\drivers\prosync1.sys
R0 sfhlp01 (StarForce Protection Helper Driver) - c:\winnt\system32\drivers\sfhlp01.sys
R1 AFS2K - c:\winnt\system32\drivers\afs2k.sys
R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\winnt\system32\drivers\prodrv06.sys
S1 bdpredir - c:\program files\softwin\bitdefender10\bdpredir.sys (file missing)
S2 BDRSDRV - c:\program files\softwin\bitdefender10\bdrsdrv.sys (file missing)
S3 arcaen (ArcaVir Monitor Kernel Engine Driver) - c:\program files\arcabit\arcavir\arcaen.sys (file missing)
S3 arcaev (ArcaVir Monitor Kernel Events Driver) - c:\program files\arcabit\arcavir\arcaev.sys (file missing)
S3 arcafd (ArcaVir Monitor Kernel Filter Driver) - c:\program files\arcabit\arcavir\arcafd.sys (file missing)
S3 ATE_PROCMON - c:\program files\anti trojan elite\atepmon.sys (file missing)
S3 bdfdll - c:\program files\softwin\bitdefender10\bdfdll.sys (file missing)
S3 BDFSDRV - c:\program files\softwin\bitdefender10\bdfsdrv.sys (file missing)
S3 SABProcEnum - c:\program files\superadblocker.com\super ad blocker\sabprocenum.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S2 ArcaVirMonitor (ArcaVir Antivirus Monitor Service) - c:\program files\arcabit\arcavir\avmon.exe (file missing)
S2 bdss (BitDefender Scan Server) - "c:\program files\common files\softwin\bitdefender scan server\bdss.exe" /service (file missing)
S2 LIVESRV (BitDefender Desktop Update Service) - "c:\program files\common files\softwin\bitdefender update service\livesrv.exe" /service (file missing)
S2 VSSERV (BitDefender Virus Shield) - "c:\program files\softwin\bitdefender10\vsserv.exe" /service (file missing)
S2 XCOMM (BitDefender Communicator) - "c:\program files\common files\softwin\bitdefender communicator\xcommsvr.exe" /service (file missing)
S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-03-24 16:00:03 278 --ah----- C:\WINNT\Tasks\A5E030A4918BAB4C.job
-- Files created between 2008-02-24 and 2008-03-24 -----------------------------
2008-03-24 15:12:51 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2c8.dat
2008-03-24 00:24:35 68096 --a------ C:\WINNT\system32\zip.exe
2008-03-24 00:24:35 98816 --a------ C:\WINNT\system32\sed.exe
2008-03-24 00:24:35 80412 --a------ C:\WINNT\system32\grep.exe
2008-03-24 00:24:35 73728 --a------ C:\WINNT\system32\fdsv.exe
2008-03-23 13:33:23 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_6ac.dat
2008-03-22 19:06:49 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_674.dat
2008-03-22 18:56:37 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_1c8.dat
2008-03-22 14:19:57 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_37008.dat
2008-03-22 12:37:09 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_518.dat
2008-03-22 12:11:26 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_520.dat
2008-03-21 20:33:06 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_460.dat
2008-03-19 15:43:22 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_370.dat
2008-03-18 12:35:25 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_668.dat
2008-03-17 22:28:39 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_145a4.dat
2008-03-16 12:50:55 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_4d0.dat
2008-03-16 11:26:19 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_37c.dat
2008-03-16 11:11:55 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2dc.dat
2008-03-16 01:01:35 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_360.dat
2008-03-15 12:35:59 81984 --a------ C:\WINNT\system32\bdod.bin
2008-03-15 12:08:46 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_350.dat
2008-03-12 21:00:44 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_23c4c.dat
2008-03-12 17:59:44 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_348.dat
2008-03-12 15:46:48 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_5e8.dat
2008-03-08 18:26:55 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_638.dat
2008-03-04 18:46:25 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2c0.dat
2008-03-03 10:39:34 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2bc.dat
2008-03-02 17:24:40 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_730.dat
2008-03-02 13:47:24 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_364.dat
2008-03-02 12:26:21 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_14c.dat
2008-02-29 21:07:00 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2d0.dat
-- Find3M Report ---------------------------------------------------------------
2008-03-23 23:50:25 0 d-a------ C:\Program Files\Common Files
2008-03-18 14:03:10 0 d-------- C:\Documents and Settings\Rykaczewska\Dane aplikacji\Tlen.pl
2008-03-17 15:54:13 0 d-------- C:\Program Files\Codec Pack - All In 1
2008-03-17 15:53:52 737280 --a------ C:\WINNT\iun6002.exe
2008-03-16 14:46:47 0 d-------- C:\Program Files\NAPI-PROJEKT
2008-03-15 22:33:52 0 d-------- C:\Documents and Settings\Rykaczewska\Dane aplikacji\Bitdefender
2008-03-14 23:22:50 0 d-------- C:\Program Files\Spik
2008-03-14 22:10:19 0 d-------- C:\Documents and Settings\Rykaczewska\Dane aplikacji\Spik
2008-03-04 02:08:33 0 d-------- C:\Program Files\eMule
2008-03-02 19:15:22 0 d-------- C:\Documents and Settings\Rykaczewska\Dane aplikacji\FrostWire
2008-02-16 16:25:00 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_548.dat
2008-02-11 15:03:27 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_58c.dat
2008-02-10 23:33:17 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_5e4.dat
2008-02-10 23:28:35 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_654.dat
2008-02-10 23:20:44 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_93f8.dat
2008-02-10 19:16:43 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_560.dat
2008-02-08 21:25:56 0 d-------- C:\Program Files\Ares
2008-02-05 19:51:52 1744 --a------ C:\WINNT\system32\d3d9caps.dat
2008-02-03 23:43:47 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_3650.dat
2008-01-31 14:47:47 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_6e4.dat
2008-01-18 11:15:56 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2ac.dat
2008-01-14 20:01:19 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2a8.dat
2008-01-13 20:38:37 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2b5bc.dat
2008-01-10 19:53:43 3061 --a------ C:\WINNT\mozver.dat
2008-01-10 16:07:01 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2b4.dat
2007-12-31 17:38:20 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_540.dat
2007-12-29 15:37:40 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_13c8.dat
2007-12-28 20:18:53 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_42c.dat
2007-12-28 18:48:35 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_684.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL []
[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05-10-12 18:44]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [05-03-04 14:20]
"BearShare"="C:\Program Files\BearShare\BearShare.exe" []
"Odkurzacz-MCD"="C:\Program Files\Odkurzacz 10.1 Pro\odk_mcd.exe" [05-12-28 10:09]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [06-06-26 09:46]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [06-06-26 10:34]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [06-06-26 10:33]
"Synchronization Manager"="mobsync.exe" [03-06-19 13:05 C:\WINNT\system32\mobsync.exe]
"NvCplDaemon"="C:\WINNT\system32\NvCpl.dll" [04-10-29 16:50]
"nwiz"="nwiz.exe" [04-10-29 16:50 C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="C:\WINNT\system32\NvMcTray.dll" [04-10-29 16:50]
"ping 64 dale 01"="C:\Documents and Settings\All Users\Dane aplikacji\modeballping64\Test 2.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [07-09-25 01:11]
"HPDJ Taskbar Utility"="C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe" [03-03-11 09:08]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [02-12-17 11:40]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [02-12-02 20:56]
"Spik"="C:\Program Files\Spik\Spik.exe" [08-02-20 16:11]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" []
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [00-03-21 02:00 C:\WINNT\system32\internat.exe]
"AVKBar"="C:\Program Files\AntiVirenKit\AVKBar.exe" []
"Acid Five"="C:\DOCUME~1\RYKACZ~1\DANEAP~1\MPEGLE~1\hide show.exe" []
"areslite"="C:\Program Files\Ares Lite Edition\AresLite.exe" []
"ares lite"="C:\Program Files\Ares Lite\Ares.exe" []
"filecroc"="C:\Program Files\FileCroc\FileCroc.exe" []
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [07-02-27 22:43]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07-05-27 12:40]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"VS Online"="C:\VSOnline.exe" []
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"=internat.exe
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-27 22:43:28]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-10-12 18:14:32]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"disableregistrytools"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
-- Hosts -----------------------------------------------------------------------
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
60 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-03-24 16:17:57 ------------
jessica
24 Marzec 2008 16:05
#13
Do Notatnika wklej:
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"=-
[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BearShare"=-
"ping 64 dale 01"=-
"BDMCon"=-
"BDAgent"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVKBar"=-
"Acid Five"=-
"areslite"=-
"ares lite"=-
"filecroc"=-
"MsnMsgr"=-
"BitTorrent"=-
"VS Online"=-
Z menu Notatnika >>> Plik >>> Zapisz jako >>> Ustaw rozszerzenie na: “Wszystkie pliki” >>> Zapisz jako FIX.REG >>> plik uruchom (dwuklik i OK- zgódź się na dodanie do Rejestru). Potem: >Avenger> wklej do niego ten tekst:
Files to delete:
C:\WINNT\Tasks\A5E030A4918BAB4C.job
C:\Documents and Settings\All Users\Dane aplikacji\modeballping64\Test 2.exe
C:\DOCUME~1\RYKACZ~1\DANEAP~1\MPEGLE~1\hide show.exe
Folders to delete:
C:\DOCUME~1\RYKACZ~1\DANEAP~1\MPEGLE~1
C:\Documents and Settings\All Users\Dane aplikacji\modeballping64
C:\Documents and Settings\Rykaczewska\Dane aplikacji\Bitdefender
C:\Program Files\Softwin\BitDefender10
C:\Program Files\Softwin
Drivers to unload:
bdpredir
BDRSDRV
arcaen
arcaev
arcafd
ATE_PROCMON
bdfdl
BDFSDRV
SABProcEnum
ArcaVirMonitor
bdss
LIVESRV
VSSERV
XCOMM
Klikasz w Execute i zatwierdzasz reset kompa.
Zrestartuj komputer.Log z Avengera znajduje się w C:\avenger.txt .
Potem:
>>C:\WINDOWS\system32\drivers\etc\HOSTS>>otwórz jako Notatnik>>usuń wszystkie wpisy zawierające w sobie “## added by CiD”
Potem:
>>Panel Sterowania>>Zaplanowane Zadania>>usuń zadanie “A5E030A4918BAB4C” (jeśli Avenger go już nie usunął).
Potem usuń DSS i ściągnij od nowa (żeby nie bawić się w ręczne konfiguracje) i daj z niego log (+raport Avengera).
jessi
Mimet
24 Marzec 2008 17:08
#14
nie mam takiej sciezki (uzywam windows 2000)
Mimet
24 Marzec 2008 17:25
#16
jednak udało sie :
avenger:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows 2000
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\WINNT\Tasks\A5E030A4918BAB4C.job" deleted successfully.
Error: file "C:\Documents and Settings\All Users\Dane aplikacji\modeballping64\Test 2.exe" not found!
Deletion of file "C:\Documents and Settings\All Users\Dane aplikacji\modeballping64\Test 2.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\DOCUME~1\RYKACZ~1\DANEAP~1\MPEGLE~1\hide show.exe" not found!
Deletion of file "C:\DOCUME~1\RYKACZ~1\DANEAP~1\MPEGLE~1\hide show.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Folder "C:\DOCUME~1\RYKACZ~1\DANEAP~1\MPEGLE~1" deleted successfully.
Folder "C:\Documents and Settings\All Users\Dane aplikacji\modeballping64" deleted successfully.
Folder "C:\Documents and Settings\Rykaczewska\Dane aplikacji\Bitdefender" deleted successfully.
Folder "C:\Program Files\Softwin\BitDefender10" deleted successfully.
Folder "C:\Program Files\Softwin" deleted successfully.
Driver "bdpredir" deleted successfully.
Driver "BDRSDRV" deleted successfully.
Driver "arcaen" deleted successfully.
Driver "arcaev" deleted successfully.
Driver "arcafd" deleted successfully.
Driver "ATE_PROCMON" deleted successfully.
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\bdfdl" not found!
Deletion of driver "bdfdl" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Driver "BDFSDRV" deleted successfully.
Driver "SABProcEnum" deleted successfully.
Driver "ArcaVirMonitor" deleted successfully.
Driver "bdss" deleted successfully.
Driver "LIVESRV" deleted successfully.
Driver "VSSERV" deleted successfully.
Driver "XCOMM" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
dss:
Deckard's System Scanner v20071014.68
Run by Rykaczewska on 2008-03-24 18:45:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------
[color=red]Percentage of Memory in Use: 97% (more than 75%).[/color]
[color=red]Total Physical Memory: 128 MiB (256 MiB recommended).[/color]
[color=red]System Drive C: has 0.67 GiB (less than 15%) free.[/color]
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-24 18:46:28
Platform: Windows 2000 Service Pack 4 (5.00.2195)
MSIE: Internet Explorer (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\system32\smss.exe
C:\WINNT\system32\WINLOGON.EXE
C:\WINNT\system32\SERVICES.EXE
C:\WINNT\system32\LSASS.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\CTSVCCDA.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\mstask.exe
C:\WINNT\system32\wbem\winmgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\notepad.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINNT\system32\svchost.exe
C:\Documents and Settings\Rykaczewska\Pulpit\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar4.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz 10.1 Pro\odk_mcd.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Spik] C:\Program Files\Spik\Spik.exe -autostart
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = ?
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O15 - Trusted Zone: http://arcaonline.arcabit.com (HKCU)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/fhg.CAB
O16 - DPF: {32564D57-0000-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/wmv8ax.cab
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.netsecure.pl/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126653227125
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTSVCCDA.EXE
O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) - VERITAS Software Corp. - C:\WINNT\system32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
--
End of file - 9184 bytes
-- Files created between 2008-02-24 and 2008-03-24 -----------------------------
2008-03-24 17:57:09 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2c4.dat
2008-03-24 00:24:35 68096 --a------ C:\WINNT\system32\zip.exe
2008-03-24 00:24:35 98816 --a------ C:\WINNT\system32\sed.exe
2008-03-24 00:24:35 80412 --a------ C:\WINNT\system32\grep.exe
2008-03-24 00:24:35 73728 --a------ C:\WINNT\system32\fdsv.exe
2008-03-23 13:33:23 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_6ac.dat
2008-03-22 19:06:49 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_674.dat
2008-03-22 18:56:37 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_1c8.dat
2008-03-22 14:19:57 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_37008.dat
2008-03-22 12:37:09 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_518.dat
2008-03-22 12:11:26 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_520.dat
2008-03-21 20:33:06 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_460.dat
2008-03-19 15:43:22 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_370.dat
2008-03-18 12:35:25 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_668.dat
2008-03-17 22:28:39 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_145a4.dat
2008-03-16 12:50:55 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_4d0.dat
2008-03-16 11:26:19 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_37c.dat
2008-03-16 11:11:55 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2dc.dat
2008-03-16 01:01:35 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_360.dat
2008-03-15 12:35:59 81984 --a------ C:\WINNT\system32\bdod.bin
2008-03-15 12:08:46 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_350.dat
2008-03-12 21:00:44 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_23c4c.dat
2008-03-12 17:59:44 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_348.dat
2008-03-12 15:46:48 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_5e8.dat
2008-03-08 18:26:55 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_638.dat
2008-03-04 18:46:25 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2c0.dat
2008-03-03 10:39:34 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2bc.dat
2008-03-02 17:24:40 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_730.dat
2008-03-02 13:47:24 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_364.dat
2008-03-02 12:26:21 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_14c.dat
2008-02-29 21:07:00 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2d0.dat
-- Find3M Report ---------------------------------------------------------------
2008-03-23 23:50:25 0 d-a------ C:\Program Files\Common Files
2008-03-18 14:03:10 0 d-------- C:\Documents and Settings\Rykaczewska\Dane aplikacji\Tlen.pl
2008-03-17 15:54:13 0 d-------- C:\Program Files\Codec Pack - All In 1
2008-03-17 15:53:52 737280 --a------ C:\WINNT\iun6002.exe
2008-03-16 14:46:47 0 d-------- C:\Program Files\NAPI-PROJEKT
2008-03-14 23:22:50 0 d-------- C:\Program Files\Spik
2008-03-14 22:10:19 0 d-------- C:\Documents and Settings\Rykaczewska\Dane aplikacji\Spik
2008-03-04 02:08:33 0 d-------- C:\Program Files\eMule
2008-03-02 19:15:22 0 d-------- C:\Documents and Settings\Rykaczewska\Dane aplikacji\FrostWire
2008-02-16 16:25:00 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_548.dat
2008-02-11 15:03:27 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_58c.dat
2008-02-10 23:33:17 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_5e4.dat
2008-02-10 23:28:35 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_654.dat
2008-02-10 23:20:44 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_93f8.dat
2008-02-10 19:16:43 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_560.dat
2008-02-08 21:25:56 0 d-------- C:\Program Files\Ares
2008-02-05 19:51:52 1744 --a------ C:\WINNT\system32\d3d9caps.dat
2008-02-03 23:43:47 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_3650.dat
2008-01-31 14:47:47 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_6e4.dat
2008-01-18 11:15:56 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2ac.dat
2008-01-14 20:01:19 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2a8.dat
2008-01-13 20:38:37 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2b5bc.dat
2008-01-10 19:53:43 3061 --a------ C:\WINNT\mozver.dat
2008-01-10 16:07:01 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2b4.dat
2007-12-31 17:38:20 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_540.dat
2007-12-29 15:37:40 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_13c8.dat
2007-12-28 20:18:53 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_42c.dat
2007-12-28 18:48:35 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_684.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05-10-12 18:44]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [05-03-04 14:20]
"Odkurzacz-MCD"="C:\Program Files\Odkurzacz 10.1 Pro\odk_mcd.exe" [05-12-28 10:09]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [06-06-26 09:46]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [06-06-26 10:34]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [06-06-26 10:33]
"Synchronization Manager"="mobsync.exe" [03-06-19 13:05 C:\WINNT\system32\mobsync.exe]
"NvCplDaemon"="C:\WINNT\system32\NvCpl.dll" [04-10-29 16:50]
"nwiz"="nwiz.exe" [04-10-29 16:50 C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="C:\WINNT\system32\NvMcTray.dll" [04-10-29 16:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [07-09-25 01:11]
"HPDJ Taskbar Utility"="C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe" [03-03-11 09:08]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [02-12-17 11:40]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [02-12-02 20:56]
"Spik"="C:\Program Files\Spik\Spik.exe" [08-02-20 16:11]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [00-03-21 02:00 C:\WINNT\system32\internat.exe]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [07-02-27 22:43]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07-05-27 12:40]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"=internat.exe
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-27 22:43:28]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-10-12 18:14:32]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"disableregistrytools"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
-- End of Deckard's System Scanner: finished at 2008-03-24 18:48:02 ------------
jessica
24 Marzec 2008 18:25
#17
Teraz nic podejrzanego już nie widzę.
jessi
Mimet
24 Marzec 2008 18:36
#18
W takim razie dziękuje bardzo za poświęcenie mi czasu:D pozdrawiam
Gutek
25 Marzec 2008 15:25
#19
Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350
