zoomman
(zoomman)
8 Październik 2006 21:23
#1
Prosze o pomoc i dziekuje.
Moze to do skasowania, tak na moje oko
C:\Program Files\Common Files{08505ADE-0965-1045-0911-021128020030}\Update.exe
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
Logfile of HijackThis v1.99.1 Scan saved at 23:18:25, on 2006-10-08 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE D:\Programy\Internet\Bezpieka\AVAST!~1\ashDisp.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Common Files{08505ADE-0965-1045-0911-021128020030}\Update.exe C:\WINDOWS\system32\ctfmon.exe D:\Programy\Internet\Bezpieka\Spybot - Search & Destroy\TeaTimer.exe D:\Programy\Internet\Bezpieka\avast! Home Edition\aswUpdSv.exe D:\Programy\Internet\Bezpieka\avast! Home Edition\ashServ.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\wscntfy.exe D:\Programy\Internet\Bezpieka\avast! Home Edition\ashMaiSv.exe D:\Programy\Internet\Bezpieka\avast! Home Edition\ashWebSv.exe C:\WINDOWS\System32\alg.exe D:\Programy\Internet\Bezpieka\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\WinClamAVShield\sp_clam.exe C:\Program Files\Opera\Opera.exe D:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programy\Internet\Bezpieka\SPYBOT~1\SDHelper.dll O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file) O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [avast!] D:\Programy\Internet\Bezpieka\AVAST!~1\ashDisp.exe O4 - HKLM…\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM…\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM…\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE O4 - HKLM…\Run: [Odkurzacz-MCD] D:\Programy\Internet\Bezpieka\Odkurzacz 10.0 Pro\odk_mcd.exe O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [spywareTerminator] “D:\Programy\Internet\Bezpieka\Spyware Terminator\SpywareTerminatorShield.exe” O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [spybotSD TeaTimer] D:\Programy\Internet\Bezpieka\Spybot - Search & Destroy\TeaTimer.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - AppInit_DLLs: dxclib303562752.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Programy\Internet\Bezpieka\avast! Home Edition\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - D:\Programy\Internet\Bezpieka\avast! Home Edition\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - D:\Programy\Internet\Bezpieka\avast! Home Edition\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - D:\Programy\Internet\Bezpieka\avast! Home Edition\ashWebSv.exe" /service (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
Bieniol
(Bbieniol)
9 Październik 2006 11:54
#2
W trybie awaryjnym z wyłączonym przywracaniem systemu usuwasz (wpisy Hijackiem, pliki/foldery na czerwono ręcznie z dysku):
Po zabiegach nowy log z Hijacka + log z Silent Runners
zoomman
(zoomman)
10 Październik 2006 12:42
#4
Udalo mi sie usunac tylko jeden wpis
C:\Program Files\Common Files{08505ADE-0965-1045-0911-021128020030}\Update.exe
pozostalych nic nie ruszylo!! Malo tego, gdy uruchamialem kompa po tym wszystkim (zeby opisac to na forum) komp padl, wylaczyl sie!
Złączono Posta : 10.10.2006 (Wto) 18:27
OK mam nowy zasilacz i komp chodzi. Nie udalo mi sie usunac smieci!
Logfile of HijackThis v1.99.1 Scan saved at 18:12:35, on 2006-10-10 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe D:\Programy\Internet\Bezpieka\avast! Home Edition\aswUpdSv.exe D:\Programy\Internet\Bezpieka\avast! Home Edition\ashServ.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe D:\Programy\Internet\Bezpieka\AVAST!~1\ashDisp.exe C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\system32\ctfmon.exe D:\Programy\Internet\Bezpieka\Spybot - Search Destroy\TeaTimer.exe C:\WINDOWS\system32\wscntfy.exe D:\Programy\Internet\Bezpieka\avast! Home Edition\ashMaiSv.exe D:\Programy\Internet\Bezpieka\avast! Home Edition\ashWebSv.exe C:\WINDOWS\System32\alg.exe D:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programy\Internet\Bezpieka\SPYBOT~1\SDHelper.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [avast!] D:\Programy\Internet\Bezpieka\AVAST!~1\ashDisp.exe O4 - HKLM…\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM…\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE O4 - HKLM…\Run: [Odkurzacz-MCD] D:\Programy\Internet\Bezpieka\Odkurzacz 10.0 Pro\odk_mcd.exe O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [spywareTerminator] “D:\Programy\Internet\Bezpieka\Spyware Terminator\SpywareTerminatorShield.exe” O4 - HKLM…\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM…\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM…\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe O4 - HKLM…\RunOnce: [spybotSnD] “D:\Programy\Internet\Bezpieka\Spybot - Search Destroy\SpybotSD.exe” /autocheck O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [spybotSD TeaTimer] D:\Programy\Internet\Bezpieka\Spybot - Search Destroy\TeaTimer.exe O4 - HKCU…\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - AppInit_DLLs: dxclib303562752.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Programy\Internet\Bezpieka\avast! Home Edition\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - D:\Programy\Internet\Bezpieka\avast! Home Edition\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - D:\Programy\Internet\Bezpieka\avast! Home Edition\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - D:\Programy\Internet\Bezpieka\avast! Home Edition\ashWebSv.exe" /service (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
“Silent Runners.vbs”, revision 43, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “SpybotSD TeaTimer” = “D:\Programy\Internet\Bezpieka\Spybot - Search Destroy\TeaTimer.exe” [“Safer Networking Limited”] “DeluxeCommunications” = “C:\Program Files\DeluxeCommunications\Dxc.exe” [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “avast!” = “D:\Programy\Internet\Bezpieka\AVAST!~1\ashDisp.exe” [null data] “WINDVDPatch” = “CTHELPER.EXE” [“Creative Technology Ltd”] “CTRegRun” = “C:\WINDOWS\CTRegRun.EXE” ["Creative Technology Ltd "] “Odkurzacz-MCD” = “D:\Programy\Internet\Bezpieka\Odkurzacz 10.0 Pro\odk_mcd.exe” [“FranmoSoft”] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” [MS] “SpywareTerminator” = ““D:\Programy\Internet\Bezpieka\Spyware Terminator\SpywareTerminatorShield.exe”” [“Crawler.com ”] “MSConfig” = “C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto” [MS] “UpdReg” = “C:\WINDOWS\UpdReg.EXE” [“Creative Technology Ltd.”] “DeluxeCommunications” = “C:\Program Files\DeluxeCommunications\Dxc.exe” [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++} “SpybotSnD” = ““D:\Programy\Internet\Bezpieka\Spybot - Search Destroy\SpybotSD.exe” /autocheck” [“Safer Networking Limited”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) - {CLSID}\InProcServer32(Default) = “D:\Programy\Internet\Bezpieka\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” - {CLSID}\InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” - {CLSID}\InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” - {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” - {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” - {CLSID}\InProcServer32(Default) = “D:\Programy\Internet\Bezpieka\avast! Home Edition\ashShell.dll” [“ALWIL Software”] “{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}” = “WinAce Archiver 2.6 Context Menu Shell Extension” - {CLSID}\InProcServer32(Default) = “D:\Programy\Internet\WinAce\arcext.dll” [“e-merge GmbH”] “{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}” = “WinAce Archiver 2.6 DragDrop Shell Extension” - {CLSID}\InProcServer32(Default) = “D:\Programy\Internet\WinAce\arcext.dll” [“e-merge GmbH”] “{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}” = “WinAce Archiver 2.6 Context Menu Shell Extension” - {CLSID}\InProcServer32(Default) = “D:\Programy\Internet\WinAce\arcext.dll” [“e-merge GmbH”] “{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}” = “WinAce Archiver 2.6 Property Sheet Shell Extension” - {CLSID}\InProcServer32(Default) = “D:\Programy\Internet\WinAce\arcext.dll” [“e-merge GmbH”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” - {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” - {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” - {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}” = “jetAudio” - {CLSID}\InProcServer32(Default) = “D:\Programy\Muzyka\JetAudio6\JetFlExt.dll” [“JetAudio, Inc.”] “{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}” = “PhoneBrowser” - {CLSID}\InProcServer32(Default) = “D:\Programy\NOKIA\Nokia PC Suite 6\PhoneBrowser.dll” [“Nokia”] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ INFECTION WARNING! “AppInit_DLLs” = “dxclib303562752.dll” [null data] HKLM\System\CurrentControlSet\Control\Session Manager\ INFECTION WARNING! “BootExecute” = “autocheck autochk *” [file not found], [MS], [file not found] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” - {CLSID}\InProcServer32(Default) = “D:\Programy\Internet\Bezpieka\avast! Home Edition\ashShell.dll” [“ALWIL Software”] ZFAdd(Default) = “{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}” - {CLSID}\InProcServer32(Default) = “D:\Programy\Internet\WinAce\arcext.dll” [“e-merge GmbH”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ jetAudio(Default) = “{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}” - {CLSID}\InProcServer32(Default) = “D:\Programy\Muzyka\JetAudio6\JetFlExt.dll” [“JetAudio, Inc.”] ZFAdd(Default) = “{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}” - {CLSID}\InProcServer32(Default) = “D:\Programy\Internet\WinAce\arcext.dll” [“e-merge GmbH”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” - {CLSID}\InProcServer32(Default) = “D:\Programy\Internet\Bezpieka\avast! Home Edition\ashShell.dll” [“ALWIL Software”] jetAudio(Default) = “{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}” - {CLSID}\InProcServer32(Default) = “D:\Programy\Muzyka\JetAudio6\JetFlExt.dll” [“JetAudio, Inc.”] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\zoomman\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ““D:\Programy\Internet\Bezpieka\avast! Home Edition\ashServ.exe”” [null data] avast! iAVS4 Control Service, aswUpdSv, ““D:\Programy\Internet\Bezpieka\avast! Home Edition\aswUpdSv.exe”” [null data] avast! Mail Scanner, avast! Mail Scanner, ““D:\Programy\Internet\Bezpieka\avast! Home Edition\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““D:\Programy\Internet\Bezpieka\avast! Home Edition\ashWebSv.exe” /service” [“ALWIL Software”] Creative Service for CDROM Access, Creative Service for CDROM Access, “C:\WINDOWS\system32\CTsvcCDA.exe” [“Creative Technology Ltd”] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] WMDM PMSP Service, WMDM PMSP Service, “C:\WINDOWS\system32\MsPMSPSv.exe” [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer “No” at the first message box. ---------- (total run time: 26 seconds, including 8 seconds for message boxes)
Cienko to widze. POMOCY
Złączono Posta : 11.10.2006 (Sro) 23:11
Hmm… Zero odpowiedzi, no to dalej sam walcze.Jak pisalem dzialy sie dziwne rzeczy, instalowaem kilka programow i sprawdzalem czy one cos wykryja, i po kilku stalo sie a tym programem byl AVG Anti-Spyware
Logfile of HijackThis v1.99.1 Scan saved at 22:57:51, on 2006-10-11 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe D:\Programy\Internet\Bezpieka\AVAST!~1\ashDisp.exe C:\WINDOWS\system32\CTHELPER.EXE D:\Programy\Internet\Bezpieka\AVG Anti-Spyware 7.5\avgas.exe D:\Programy\Internet\Bezpieka\WinPatrol\winpatrol.exe C:\WINDOWS\system32\ctfmon.exe D:\Programy\Internet\Bezpieka\Spybot - Search Destroy\TeaTimer.exe D:\Programy\Internet\Bezpieka\avast! Home Edition\aswUpdSv.exe D:\Programy\Internet\Bezpieka\avast! Home Edition\ashServ.exe D:\Programy\Internet\Bezpieka\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\wscntfy.exe D:\Programy\Internet\Bezpieka\avast! Home Edition\ashMaiSv.exe D:\Programy\Internet\Bezpieka\avast! Home Edition\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe D:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file) O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [avast!] D:\Programy\Internet\Bezpieka\AVAST!~1\ashDisp.exe O4 - HKLM…\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM…\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM…\Run: [Odkurzacz-MCD] D:\Programy\Internet\Bezpieka\Odkurzacz 10.0 Pro\odk_mcd.exe O4 - HKLM…\Run: [!AVG Anti-Spyware] “D:\Programy\Internet\Bezpieka\AVG Anti-Spyware 7.5\avgas.exe” /minimized O4 - HKLM…\Run: [WinPatrol] D:\Programy\Internet\Bezpieka\WinPatrol\winpatrol.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [spybotSD TeaTimer] D:\Programy\Internet\Bezpieka\Spybot - Search Destroy\TeaTimer.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Programy\Internet\Bezpieka\avast! Home Edition\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - D:\Programy\Internet\Bezpieka\avast! Home Edition\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - D:\Programy\Internet\Bezpieka\avast! Home Edition\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - D:\Programy\Internet\Bezpieka\avast! Home Edition\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Programy\Internet\Bezpieka\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
“Silent Runners.vbs”, revision 43, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\System32\CTFMON.EXE” [MS] “Nowa wartość #1 ” = “” [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “avast!” = “D:\Programy\Internet\Bezpieka\AVAST!~1\ashDisp.exe” [null data] “WINDVDPatch” = “CTHELPER.EXE” [“Creative Technology Ltd”] “CTRegRun” = “C:\WINDOWS\CTRegRun.EXE” ["Creative Technology Ltd "] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” [MS] “UpdReg” = “C:\WINDOWS\UpdReg.EXE” [“Creative Technology Ltd.”] “Odkurzacz-MCD” = “D:\Programy\Internet\Bezpieka\Odkurzacz 10.0 Pro\odk_mcd.exe” [“FranmoSoft”] “!AVG Anti-Spyware” = ““D:\Programy\Internet\Bezpieka\AVG Anti-Spyware 7.5\avgas.exe” /minimized” [“Anti-Malware Development a.s.”] “WinPatrol” = “D:\Programy\Internet\Bezpieka\WinPatrol\winpatrol.exe” [“BillP Studios”] HKLM\Software\Microsoft\Active Setup\Installed Components\ {26923b43-4d38-484f-9b9e-de460746276c}(Default) = “Internet Explorer” \StubPath = “C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE” [MS] {60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS(Default) = “Dostosowywanie przeglądarki” \StubPath = “RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP” [MS] {881dd1c5-3dcf-431b-b061-f3f88e8be88a}(Default) = “Outlook Express” \StubPath = “C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE” [MS] {2C7339CF-2B09-4501-B3F3-F3508C9228ED}(Default) = “Themes Setup” \StubPath = “C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll” [MS] {44BBA840-CC51-11CF-AAFA-00AA00B6015C}(Default) = “Microsoft Outlook Express 6” \StubPath = ““C:\Program Files\Outlook Express\setup50.exe” /APP:OE /CALLER:WINNT /user /install” [MS] {5945c046-1e7d-11d1-bc44-00c04fd912be}(Default) = “Windows Messenger 4.7” \StubPath = “rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser” [MS] {6BF52A52-394A-11d3-B153-00C04F79FAA6}(Default) = “Microsoft Windows Media Player” \StubPath = “rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub” [MS] {7790769C-0471-11d2-AF11-00C04FA35D02}(Default) = “Książka adresowa 6” \StubPath = ““C:\Program Files\Outlook Express\setup50.exe” /APP:WAB /CALLER:WINNT /user /install” [MS] {89820200-ECBD-11cf-8B85-00AA005B4340}(Default) = “Aktualizacja pulpitu Windows” \StubPath = “regsvr32.exe /s /n /i:U shell32.dll” [MS] {89820200-ECBD-11cf-8B85-00AA005B4383}(Default) = “Internet Explorer 6” \StubPath = “C:\WINDOWS\system32\ie4uinit.exe” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” - {CLSID}\InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” - {CLSID}\InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” - {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” - {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” - {CLSID}\InProcServer32(Default) = “D:\Programy\Internet\Bezpieka\avast! Home Edition\ashShell.dll” [“ALWIL Software”] “{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}” = “WinAce Archiver 2.6 Context Menu Shell Extension” - {CLSID}\InProcServer32(Default) = “D:\Programy\Internet\WinAce\arcext.dll” [“e-merge GmbH”] “{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}” = “WinAce Archiver 2.6 DragDrop Shell Extension” - {CLSID}\InProcServer32(Default) = “D:\Programy\Internet\WinAce\arcext.dll” [“e-merge GmbH”] “{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}” = “WinAce Archiver 2.6 Context Menu Shell Extension” - {CLSID}\InProcServer32(Default) = “D:\Programy\Internet\WinAce\arcext.dll” [“e-merge GmbH”] “{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}” = “WinAce Archiver 2.6 Property Sheet Shell Extension” - {CLSID}\InProcServer32(Default) = “D:\Programy\Internet\WinAce\arcext.dll” [“e-merge GmbH”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” - {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” - {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” - {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}” = “jetAudio” - {CLSID}\InProcServer32(Default) = “D:\Programy\Muzyka\JetAudio6\JetFlExt.dll” [“JetAudio, Inc.”] “{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}” = “PhoneBrowser” - {CLSID}\InProcServer32(Default) = “D:\Programy\NOKIA\Nokia PC Suite 6\PhoneBrowser.dll” [“Nokia”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “AVG Anti-Spyware 7.5” - {CLSID}\InProcServer32(Default) = “D:\Programy\Internet\Bezpieka\AVG Anti-Spyware 7.5\shellexecutehook.dll” [“Anti-Malware Development a.s.”] HKLM\System\CurrentControlSet\Control\Session Manager\ INFECTION WARNING! “BootExecute” = “autocheck autochk *” [file not found], [MS], [file not found] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” - {CLSID}\InProcServer32(Default) = “D:\Programy\Internet\Bezpieka\avast! Home Edition\ashShell.dll” [“ALWIL Software”] AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” - {CLSID}\InProcServer32(Default) = “D:\Programy\Internet\Bezpieka\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] ZFAdd(Default) = “{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}” - {CLSID}\InProcServer32(Default) = “D:\Programy\Internet\WinAce\arcext.dll” [“e-merge GmbH”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” - {CLSID}\InProcServer32(Default) = “D:\Programy\Internet\Bezpieka\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] jetAudio(Default) = “{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}” - {CLSID}\InProcServer32(Default) = “D:\Programy\Muzyka\JetAudio6\JetFlExt.dll” [“JetAudio, Inc.”] ZFAdd(Default) = “{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}” - {CLSID}\InProcServer32(Default) = “D:\Programy\Internet\WinAce\arcext.dll” [“e-merge GmbH”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” - {CLSID}\InProcServer32(Default) = “D:\Programy\Internet\Bezpieka\avast! Home Edition\ashShell.dll” [“ALWIL Software”] jetAudio(Default) = “{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}” - {CLSID}\InProcServer32(Default) = “D:\Programy\Muzyka\JetAudio6\JetFlExt.dll” [“JetAudio, Inc.”] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “(Brak)” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “%SystemRoot%\System32\logon.scr” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] All Non-Disabled Services (Display Name, Service Name, Path {Service DLL}): --------------------------------------------------------------------------- avast! Antivirus, avast! Antivirus, ““D:\Programy\Internet\Bezpieka\avast! Home Edition\ashServ.exe”” [null data] avast! iAVS4 Control Service, aswUpdSv, ““D:\Programy\Internet\Bezpieka\avast! Home Edition\aswUpdSv.exe”” [null data] avast! Mail Scanner, avast! Mail Scanner, ““D:\Programy\Internet\Bezpieka\avast! Home Edition\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““D:\Programy\Internet\Bezpieka\avast! Home Edition\ashWebSv.exe” /service” [“ALWIL Software”] AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, “D:\Programy\Internet\Bezpieka\AVG Anti-Spyware 7.5\guard.exe” [“Anti-Malware Development a.s.”] Creative Service for CDROM Access, Creative Service for CDROM Access, “C:\WINDOWS\system32\CTsvcCDA.exe” [“Creative Technology Ltd”] HTTP SSL, HTTPFilter, “C:\WINDOWS\System32\svchost.exe -k HTTPFilter” {“C:\WINDOWS\System32\w3ssl.dll” [MS]} Karta wydajności WMI, WmiApSrv, “C:\WINDOWS\System32\wbem\wmiapsrv.exe” [MS] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] ServiceLayer, ServiceLayer, ““C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe”” [“Nokia.”] Usługa administracyjna Menedżera dysków logicznych, dmadmin, “C:\WINDOWS\System32\dmadmin.exe /com” [“Microsoft Corp., Veritas Software”] Usługa dostarczania sieci, xmlprov, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\xmlprov.dll” [MS]} Usługa numeru seryjnego multimediów przenośnych, WmdmPmSN, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\mspmsnsv.dll” [MS]} WMDM PMSP Service, WMDM PMSP Service, “C:\WINDOWS\system32\MsPMSPSv.exe” [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer “No” at the first message box. ---------- (total run time: 24 seconds, including 4 seconds for message boxes)
Moze to? Wiem ze to Messenger ale te cyferki…
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
ganie
(Swiderskidaniel)
12 Październik 2006 21:54
#5
mam lek na tego virus
usuwam kontakt, poczytaj regulamin
Gutek
(Gutek)
12 Październik 2006 22:00
#6
Otwórz Notatnik i wklej w nim to:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager] “BootExecute”=hex(7):61,00,75,00,74,00,6f,00,63,00,68,00,65,00,63,00,6b,00,20,\ 00,61,00,75,00,74,00,6f,00,63,00,68,00,6b,00,20,00,2a,00,00,00,00,00
Plik >>> Zapisz jako >>> Ustaw rozszerzenie z TXT na Wszystkie pliki >>> zapisz pod nazwą FIX.REG >>> kliknij podwójnie zrobiony plik i potwierdź >>> reset kompa
usuń wpis HJT
ganie
(Swiderskidaniel)
12 Październik 2006 22:11
#7
to znowu ja to jest imie scener InstallPREVX102000216.exe
zlikwiduje :dxclib303562752.dll i calom rodzinke
Złączono Posta : 12.10.2006 (Czw) 23:20
http://info.prevx.com/downloadremove.as … mination=G
:o :o :o :o :o :o :o :o :o :o :o :o :o :o :o :o :o :o
zoomman
(zoomman)
14 Październik 2006 11:00
#8
OK wpis R3 skasowany. Sorki ze pytam ale po co mam to wpisac do rejestru? Nie zrozum mnie zle, chce tylko wiedziec co to da?
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager] “BootExecute”=hex(7):61,00,75,00,74,00,6f,00,63,00,68,00,65,00,63,00,6b,00,20,\ 00,61,00,75,00,74,00,6f,00,63,00,68,00,6b,00,20,00,2a,00,00,00,00,00
Bieniol
(Bbieniol)
14 Październik 2006 11:05
#9
Otwórz notatnik i wklej w nim to:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager] “BootExecute”=hex(7):61,00,75,00,74,00,6f,00,63,00,68,00,65,00,63,00,6b,00,20,\ 00,61,00,75,00,74,00,6f,00,63,00,68,00,6b,00,20,00,2a,00,00,00,00,00
Plik -> zapisz jako -> zmień rozszerzenie na wszystkie pliki -> zapisz pod nazwą FIX.REG
Odpal plik FIX.REG i potwierdź dodanie do rejestru i reset kompa
Gutek
(Gutek)
15 Październik 2006 18:00
#10
Bieniol było pytanie
poprawi wpis, zrób jak napisałem
zoomman
(zoomman)
16 Październik 2006 14:15
#11
Ok, mam chyba czysto. Wielkie dzieki.
I log na wszelki wypadek.
Logfile of HijackThis v1.99.1 Scan saved at 16:11:39, on 2006-10-16 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe D:\Programy\Internet\Bezpieka\AVAST!~1\ashDisp.exe C:\WINDOWS\system32\CTHELPER.EXE D:\Programy\Internet\Bezpieka\AVG Anti-Spyware 7.5\avgas.exe D:\Programy\Internet\Bezpieka\WinPatrol\winpatrol.exe C:\WINDOWS\system32\ctfmon.exe D:\Programy\Internet\Bezpieka\Spybot - Search & Destroy\TeaTimer.exe D:\Programy\Internet\Bezpieka\avast! Home Edition\aswUpdSv.exe D:\Programy\Internet\Bezpieka\avast! Home Edition\ashServ.exe D:\Programy\Internet\Bezpieka\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe D:\Programy\Internet\Bezpieka\avast! Home Edition\ashMaiSv.exe D:\Programy\Internet\Bezpieka\avast! Home Edition\ashWebSv.exe D:\hijackthis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programy\Internet\Bezpieka\SPYBOT~1\SDHelper.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [avast!] D:\Programy\Internet\Bezpieka\AVAST!~1\ashDisp.exe O4 - HKLM…\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM…\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [Odkurzacz-MCD] D:\Programy\Internet\Bezpieka\Odkurzacz 10.0 Pro\odk_mcd.exe O4 - HKLM…\Run: [!AVG Anti-Spyware] “D:\Programy\Internet\Bezpieka\AVG Anti-Spyware 7.5\avgas.exe” /minimized O4 - HKLM…\Run: [WinPatrol] D:\Programy\Internet\Bezpieka\WinPatrol\winpatrol.exe O4 - HKLM…\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [spybotSD TeaTimer] D:\Programy\Internet\Bezpieka\Spybot - Search & Destroy\TeaTimer.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\Programy\MSOFFI~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Programy\Internet\Bezpieka\avast! Home Edition\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - D:\Programy\Internet\Bezpieka\avast! Home Edition\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - D:\Programy\Internet\Bezpieka\avast! Home Edition\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - D:\Programy\Internet\Bezpieka\avast! Home Edition\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Programy\Internet\Bezpieka\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
Złączono Posta : 16.10.2006 (Pon) 16:17
A co z tym …
Bieniol
(Bbieniol)
16 Październik 2006 14:17
#12
Log z Hijacka był już wcześniej czysty Jednak widzę u Ciebie dwa antywirusy (AVG i avast) - koniecznie jednego z nich odinstaluj
EDIT:
To są usługi avasta!
zoomman
(zoomman)
16 Październik 2006 14:25
#13
AVG to Anti-Spyware. Wiem ze to avast ale co z tym : file missing, skasowac?
Bieniol
(Bbieniol)
16 Październik 2006 14:31
#14
Przepraszam - mój błąd :oops:
Nic nie kasujesz :!: Wszystko jest już OK