Cole
(Cole_)
4 Lipiec 2006 20:04
#1
Logfile of HijackThis v1.99.1 Scan saved at 15:18:22, on 2006-07-03 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:/WINDOWS/System32/smss.exe C:/WINDOWS/system32/winlogon.exe C:/WINDOWS/system32/services.exe C:/WINDOWS/system32/lsass.exe C:/WINDOWS/system32/svchost.exe C:/WINDOWS/system32/svchost.exe C:/WINDOWS/System32/svchost.exe C:/Program Files/Internet Explorer/iexplore.exe C:/Program Files/Internet Explorer/iexplore.exe C:/Program Files/Internet Explorer/iexplore.exe C:/Program Files/Internet Explorer/iexplore.exe C:/WINDOWS/system32/spoolsv.exe C:/WINDOWS/Explorer.EXE C:/Program Files/AVPersonal/AVGNT.EXE C:/Program Files/AntiVir PersonalEdition Classic/sched.exe C:/Program Files/AntiVir PersonalEdition Classic/avguard.exe C:/Program Files/Alwil Software/Avast4/aswUpdSv.exe C:/Program Files/Alwil Software/Avast4/ashServ.exe C:/WINDOWS/system32/nvsvc32.exe C:/Program Files/Opera/Opera.exe C:/Documents and Settings/Tato/Pulpit/HijackThis.exe R0 - HKCU/Software/Microsoft/Internet Explorer/Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:/Program Files/Adobe/Acrobat 6.0 CE/Reader/ActiveX/AcroIEHelper.dll O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:/WINDOWS/system32/nzdd.dll O4 - HKLM/…/Run: [KAVPersonal50] C:/Program Files/Kaspersky Lab/Kaspersky Anti-Virus Personal/kav.exe /minimize O4 - HKLM/…/Run: [siSSoundMan] C:/WINDOWS/system32/SoundMan.exe O4 - HKLM/…/Run: [AVGCtrl] “C:/Program Files/AVPersonal/AVGNT.EXE” /min O4 - HKLM/…/Run: [NvCplDaemon] RUNDLL32.EXE C:/WINDOWS/system32/NvCpl.dll,NvStartup O4 - HKLM/…/Run: [wpkontakt] C:/Program Files/Wirtualna Polska/wpkontakt/wpkontakt.exe -autostart O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:/Program Files/IrfanView/Ebay/Ebay.htm O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab O20 - Winlogon Notify: 2006reg - C:/Documents and Settings/All Users/Dokumenty/Settings/2006.dll O20 - Winlogon Notify: 2014reg - C:/Documents and Settings/All Users/Dokumenty/Settings/2014.dll O20 - Winlogon Notify: 20242402reg - C:/Documents and Settings/All Users/Dokumenty/Settings/20242402.dll O20 - Winlogon Notify: 3246762198745124975reg - C:/Documents and Settings/All Users/Dokumenty/Settings/3246762198745124975.dll (file missing) O20 - Winlogon Notify: artm_newreg - C:/Documents and Settings/All Users/Dokumenty/Settings/artm_new.dll O20 - Winlogon Notify: msctl32.dll - C:/WINDOWS/system32/msctl32.dll (file missing) O20 - Winlogon Notify: SensSrv - C:/WINDOWS/ O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:/WINDOWS/system32/2236_26.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:/Program Files/AntiVir PersonalEdition Classic/sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:/Program Files/AntiVir PersonalEdition Classic/avguard.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:/Program Files/Alwil Software/Avast4/aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:/Program Files/Alwil Software/Avast4/ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:/Program Files/Alwil Software/Avast4/ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:/Program Files/Alwil Software/Avast4/ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:/Program Files/Common Files/InstallShield/Driver/1050/Intel 32/IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:/WINDOWS/system32/nvsvc32.exe
Strona startowa MSIE jest podmieniana na http://www.msn.com , mój provider nie chce mnie wpuścić do internetu (podkłada swoją stronę, na której informuje, że mam wirusa)… Wydawało mi się, że usunąłem trojana, którego wykrył Avast, ale problem powrócił, stąd ta prośba. Na http://www.hijackthis.de/ napisali, że tylko
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\system32\nzdd.dll
jest nasty , ale jest też kilka nieznanych procesów.
1.Startujesz do trybu awaryjnego
2.Wyłanczasz przywracanie systemu (tylko Me/Xp)
3.Kasujesz wpisy w HijackThis
4.Kasujesz pogrubione pliki/foldery
5.Dajesz nowy log z hjt + log z Silent Runners
po co ci avg i avast ? odinstaluj jednego
ten automat wprowadza ludzi w błąd, ma nie aktualną baze …wady moge wymieniać cały dzień, radze nie korzystać z niego.
Cole
(Cole_)
5 Lipiec 2006 12:27
#3
Z tym jest problem, bo 4 z tych plików (te, które siedzą w C:/Documents and Settings/All Users/Dokumenty/Settings) nie chcą się dać usunąć hjt…
A to nie ja instalowałem, to w ogóle nie mój komputer Ale przekażę.
Jeszcze wrzucam loga SilentRunnera:
"Silent Runners.vbs", revision 46, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"KAVPersonal50" = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize" [file not found]
"SiSSoundMan" = "C:\WINDOWS\system32\SoundMan.exe" ["Avance Logic, Inc."]
"AVGCtrl" = ""C:\Program Files\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"wpkontakt" = "C:\Program Files\Wirtualna Polska\wpkontakt\wpkontakt.exe -autostart" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD}" = "Skladnik rozszerzenia powloki CorelDRAW"
-> {HKLM...CLSID} = "CorelDRAW Shell Extension Component"
\InProcServer32\(Default) = "C:\Program Files\Corel\Corel Graphics 11\DRAW\CDRVIEWER\CrlShell110.dll" [null data]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "System" = "cslbm.exe" [file not found]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! 2006reg\DLLName = "C:\Documents and Settings\All Users\Dokumenty\Settings\2006.dll" [null data]
INFECTION WARNING! 2014reg\DLLName = "C:\Documents and Settings\All Users\Dokumenty\Settings\2014.dll" [null data]
INFECTION WARNING! 20242402reg\DLLName = "C:\Documents and Settings\All Users\Dokumenty\Settings\20242402.dll" [null data]
INFECTION WARNING! artm_newreg\DLLName = "C:\Documents and Settings\All Users\Dokumenty\Settings\artm_new.dll" [null data]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Tato\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\AVASTSS.scr" ["ALWIL Software"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{21569614-B795-46B1-85F4-E737A8DC09AD}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A}\
"ButtonText" = "eBay - Homepage"
"CLSIDExtension" = "{1FBA04EE-3024-11D2-8F1F-0000F87ABD16}"
-> {HKLM...CLSID} = "Toolbar Extension for Executable"
\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
"Exec" = "C:\Program Files\IrfanView\Ebay\Ebay.htm" [null data]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AntiVir PersonalEdition Classic Scheduler, AntiVirScheduler, "C:\Program Files\AntiVir PersonalEdition Classic\sched.exe" ["Avira GmbH"]
avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 148 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 54 seconds.
---------- (total run time: 531 seconds)
Ściągnij Pocket Killbox >>>uruchom>>>zaznacz opcje “Delete on Reboot” i “all files”>>>w polu “Full path of file” wklej ścieżki:
Po wklejeniu każdej ścieżki z osobna , klikasz x, dopiero gdy wkleisz “ostatnią” zgadzasz się na restart kompa.
Otwórz notatnik i wklej:
Plik>>>zapisz jako>>zmień rozszerzenie z .txt na wszystkie pliki>>>zapisz pod nazwą FIX.REG i uruchom w trybie awaryjnym
Puść w ruch fixwareout i pokaż raport.
Cole
(Cole_)
6 Lipiec 2006 11:54
#5
Wrzucam loga z fixwareout’a:
Fixwareout ver 1.003
Last edited 07/1/2006
Post this report in the forums please
Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\iugogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\atsniwd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\tafggrfd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\tsiphxp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\nmdapxlt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\cvsgolps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\fcqmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\iugogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\sidkkhc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\atsniwd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ko2toob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tafggrfd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tsiphxp
...
Random Runs removed from HKLM
...
PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is legitimate
»»»»» Search by size and names...
»»»»» Misc files
»»»»» Checking for older varients covered by the Rem3 tool
»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
Other suspects
Directory of C:\WINDOWS\system32
I z hjt:
Logfile of HijackThis v1.99.1
Scan saved at 13:58:31, on 2006-07-06
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Tato\Pulpit\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [SiSSoundMan] C:\WINDOWS\system32\SoundMan.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [wpkontakt] C:\Program Files\Wirtualna Polska\wpkontakt\wpkontakt.exe -autostart
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2534AA11-16BB-4265-A0AB-4CA35D85FB27}: NameServer = 172.16.1.254,217.96.23.251
O17 - HKLM\System\CS1\Services\Tcpip\..\{2534AA11-16BB-4265-A0AB-4CA35D85FB27}: NameServer = 172.16.1.254,217.96.23.251
O17 - HKLM\System\CS3\Services\Tcpip\..\{2534AA11-16BB-4265-A0AB-4CA35D85FB27}: NameServer = 172.16.1.254,217.96.23.251
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Cole
(Cole_)
6 Lipiec 2006 12:13
#7
Tylko Avast jeszcze wywala mi że “czas na połączenie upłynął” i wypisuje pod spodem SERVICES.EXE -> . I tak co chwilę… :roll:
wrzuć jeszcze loga z silent runners , podaj screena z komunikatu avasta
Cole
(Cole_)
7 Lipiec 2006 14:19
#9
Na razie wywaliłem wszystkie antywirusy oprócz Avasta, wyłączyłem systemową i avastową zaporę i zainstalowałem Zone Alarma. W ZA zabroniłem procesowi services.exe dostępu do netu i objawy ustały. Na jak długo - zobaczymy Dzięki za wszystko!