Reklamy CiD

(Bartas154) #1

Witam mam problem z reklamami CiD. Bardzo prosze o pomoc. Oto logi z combo fixa i hijcakthis:

ComboFix 08-07-05.1 - Bartek 2008-07-07 9:56:12.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.591 [GMT 2:00]

Running from: C:\Documents and Settings\Bartek\Pulpit\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Autorun.inf

C:\Documents and Settings\Bartek\Dane aplikacji.#

C:\Documents and Settings\Bartek\Dane aplikacji.#\MBX@580@3C4198.###

C:\Documents and Settings\Bartek\Dane aplikacji.#\MBX@580@3C41C8.###

C:\Documents and Settings\Bartek\Dane aplikacji.#\MBX@580@3C41F8.###

C:\Documents and Settings\Bartek\Dane aplikacji.#\MBX@8E4@3C4198.###

C:\Documents and Settings\Bartek\Dane aplikacji.#\MBX@8E4@3C41C8.###

C:\Documents and Settings\Bartek\Dane aplikacji.#\MBX@8E4@3C41F8.###

C:\Documents and Settings\Bartek\Dane aplikacji.#\MBX@C20@3C4198.###

C:\Documents and Settings\Bartek\Dane aplikacji.#\MBX@C20@3C41C8.###

C:\Documents and Settings\Bartek\Dane aplikacji.#\MBX@C20@3C41F8.###

C:\Documents and Settings\Bartek\Dane aplikacji.#\MBX@CF4@3C4198.###

C:\Documents and Settings\Bartek\Dane aplikacji.#\MBX@CF4@3C41C8.###

C:\Documents and Settings\Bartek\Dane aplikacji.#\MBX@CF4@3C41F8.###

C:\Documents and Settings\Bartek\Dane aplikacji.#\MBX@E14@3C4198.###

C:\Documents and Settings\Bartek\Dane aplikacji.#\MBX@E14@3C41C8.###

C:\Documents and Settings\Bartek\Dane aplikacji.#\MBX@E14@3C41F8.###

C:\Documents and Settings\Wojtek\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows Media\10.0\WMSDKNSD.XML

C:\Program Files\myglobalsearch

C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR

C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST

C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR

C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST

C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL

C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL

C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL

C:\Program Files\myglobalsearch\bar\Cache\000ADD7E.bin

C:\Program Files\myglobalsearch\bar\Cache\000AEE28.bin

C:\Program Files\myglobalsearch\bar\Cache\000AF173.bin

C:\Program Files\myglobalsearch\bar\Cache\000DDFC2

C:\Program Files\myglobalsearch\bar\Cache\files.ini

C:\Program Files\myglobalsearch\bar\History\search

C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm

C:\Recycled\Recycled

C:\Recycled\Recycled\ctfmon.exe

.

((((((((((((((((((((((((( Files Created from 2008-06-07 to 2008-07-07 )))))))))))))))))))))))))))))))

.

2008-06-27 21:59 . 2008-06-27 21:59

2008-06-27 21:59 . 2008-06-27 21:59

2008-06-27 21:59 . 2008-06-27 21:59

2008-06-23 12:15 . 2008-06-23 12:15 22,328 --a------ C:\Documents and Settings\Bartek\Dane aplikacji\PnkBstrK.sys

2008-06-23 12:14 . 2008-06-23 12:14 319 --a------ C:\WINDOWS\game.ini

2008-06-20 21:05 . 2008-06-26 19:28

2008-06-20 21:05 . 2008-06-20 21:06 681 --a------ C:\WINDOWS\mozver.dat

2008-06-13 16:31 . 2008-06-13 16:31

2008-06-13 16:31 . 2008-06-13 16:31

2008-06-11 21:20 . 2008-07-07 09:56

2008-06-11 10:26 . 2008-06-14 20:01 273,024 -----c— C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-11 10:02 . 2008-06-11 10:02

2008-06-11 10:02 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

2008-06-11 09:58 . 2008-06-11 09:58

2008-06-11 09:57 . 2008-06-14 10:27

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-07 08:00 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\Skype

2008-07-07 07:45 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\skypePM

2008-07-06 14:28 136,888 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-07-06 14:28 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-07-04 12:30 --------- d-----w C:\Program Files\neostrada tp

2008-07-04 12:29 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-07-04 12:29 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems

2008-06-24 14:34 --------- d-----w C:\Program Files\BearShare

2008-06-23 16:35 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-13 14:31 444,952 ----a-w C:\WINDOWS\system32\wrap_oal.dll

2008-06-13 14:31 109,080 ----a-w C:\WINDOWS\system32\OpenAL32.dll

2008-06-13 14:31 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-06-03 21:03 --------- d-----w C:\Documents and Settings\Wojtek\Dane aplikacji\Gadu-Gadu

2008-06-03 19:18 --------- d-----w C:\Documents and Settings\Wojtek\Dane aplikacji\Ulead Systems

2008-06-02 11:18 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\Ulead Systems

2008-06-02 11:06 --------- d-----w C:\Program Files\BitComet

2008-06-02 10:53 --------- d-----w C:\Program Files\Windows Media Components

2008-06-02 10:53 --------- d-----w C:\Program Files\Common Files\InterVideo

2008-06-02 10:46 --------- d-----w C:\Program Files\Testy gimnazjalne 2006

2008-06-02 10:46 --------- d-----w C:\Program Files\Steam

2008-05-31 09:43 --------- d-----w C:\Documents and Settings\Wojtek\Dane aplikacji\Skype

2008-05-22 11:53 --------- d-----w C:\Documents and Settings\Wojtek\Dane aplikacji\Zylom Games

2008-05-22 11:53 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Zylom

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-28 10:29 805,400 ----a-r C:\WINDOWS\system32\tmp13F.tmp

2008-04-28 10:29 805,400 ----a-r C:\WINDOWS\system32\tmp13E.tmp

2008-04-21 07:03 662,016 ----a-w C:\WINDOWS\system32\wininet.dll

2008-04-11 17:23 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll

2008-04-06 13:10 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44 15360]

“DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2007-08-22 14:06 167368]

“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2007-06-01 11:21 153136]

“LightScribe Control Panel”=“C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe” [2007-05-15 18:12 484904]

“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2008-02-06 18:37 21898024]

“BitComet”=“C:\Program Files\BitComet\BitComet.exe” [2008-03-25 08:38 2196280]

“Gadu-Gadu”=“E:\Program Files\Gadu-Gadu\gg.exe” [2007-11-14 12:54 2131392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NvCplDaemon”=“C:\WINDOWS\System32\NvCpl.dll” [2007-06-28 18:43 8466432]

“NvMediaCenter”=“C:\WINDOWS\System32\NvMcTray.dll” [2007-06-28 18:43 81920]

“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2008-03-05 18:57 155648]

“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2008-01-16 00:54 37376]

“NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-03-01 16:57 153136]

“avgnt”=“C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” [2008-04-17 14:47 262401]

“Ante bags flap that”=“C:\Documents and Settings\All Users\Dane aplikacji\kind setup ante bags\Scr help.exe” [2008-07-07 10:00 2823168]

“nwiz”=“nwiz.exe” [2007-06-28 18:43 1626112 C:\WINDOWS\system32\nwiz.exe]

“RTHDCPL”=“RTHDCPL.EXE” [2007-04-10 09:28 16126464 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-04 00:44 15360]

C:\Documents and Settings\Bartek\Menu Start\Programy\Autostart\

PowerReg Scheduler V3.exe [2008-04-17 15:14:09 225280]

PowerReg Scheduler.exe [2008-04-17 15:08:24 256000]

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\eMule\emule.exe”=

“C:\Program Files\Shareaza\Shareaza.exe”=

“C:\Program Files\BitComet\BitComet.exe”=

“J:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=

“J:\Program Files\Codemasters\GRID Demo\GRID.exe”=

“C:\WINDOWS\system32\PnkBstrA.exe”=

“C:\WINDOWS\system32\PnkBstrB.exe”=

“E:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe”=

“E:\Program Files\BearShare\BearShare.exe”=

“E:\Program Files\Gadu-Gadu\gg.exe”=

“C:\Program Files\Skype\Phone\Skype.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“23304:TCP”= 23304:TCP:BitComet 23304 TCP

“23304:UDP”= 23304:UDP:BitComet 23304 UDP

S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys []

S3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys []

S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 16:49]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{3bd9d120-ead0-11dc-bfd8-845c6fef3968}]

\Shell\AutoRun\command - E:\

\Shell\open\Command - rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{41a90132-0bb6-11dd-80db-0090d00c16af}]

\Shell\AutoRun\command - L:\

\Shell\open\Command - rundll32.exe .\desktop.dll,InstallM

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

“C:\Program Files\Common Files\LightScribe\LSRunOnce.exe”

.

Contents of the ‘Scheduled Tasks’ folder

“2008-07-07 08:00:00 C:\WINDOWS\Tasks\A37EB43C91B53218.job”

  • c:\docume~1\szymon~1\daneap~1\greysc~1\Locks Mp3 Bird.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-07 10:00:04

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

.

**************************************************************************

.

Completion time: 2008-07-07 10:02:21 - machine was rebooted

ComboFix-quarantined-files.txt 2008-07-07 08:02:18

Pre-Run: 1,056,751,616 bajtów wolnych

Post-Run: 1,670,897,664 bajt˘w wolnych

188 — E O F — 2008-06-22 09:01:37

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:03:48, on 2008-07-07

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\BitComet\BitComet.exe

E:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Bartek\Pulpit\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime

O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”

O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min

O4 - HKLM…\Run: [Ante bags flap that] C:\Documents and Settings\All Users\Dane aplikacji\kind setup ante bags\Scr help.exe

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033

O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”

O4 - HKCU…\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

O4 - HKCU…\Run: [bitComet] “C:\Program Files\BitComet\BitComet.exe” /tray

O4 - HKCU…\Run: [Gadu-Gadu] “E:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Startup: PowerReg Scheduler.exe

O8 - Extra context menu item: Download with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Download all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Eksport do programu Microsoft Excel - res://J:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Eksportuj do programu Microsoft Excel - res://J:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - J:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra ‘Tools’ menuitem: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - J:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - J:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

End of file - 7247 bytes

(huber2t) #2

fix w hijackthis

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

File::

C:\WINDOWS\system32\msonpmon.dll


Folder::

C:\Recycled

C:\Documents and Settings\All Users\Dane aplikacji\kind setup ante bags


Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3bd9d120-ead0-11dc-bfd8-845c6fef3968}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41a90132-0bb6-11dd-80db-0090d00c16af}]

Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

02f8f1e3c410a4cc.gif

Rozpocznie się usuwanie i powstanie log, który dasz na forum.

Logi dajesz na http://wklejto.pl a w poście dajesz tylko link