Trojany których nie umiem usunąć, a które blokują google


(Serek X) #1

Już jeden taki temat dałem, ale w innym, złym, dziale.. Oto log:

Logfile of HijackThis v1.99.1

Scan saved at 19:29:18, on 2008-09-07

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Razer\DeathAdder\razerhid.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Razer\DeathAdder\razertra.exe

C:\Program Files\Razer\DeathAdder\razerofa.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Winamp\winamp.exe

D:\downloads\KillBox.exe

C:\WINDOWS\explorer.exe

D:\downloads\HijackThis.exe


O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [BMe75175e7] Rundll32.exe "C:\WINDOWS\system32\lgrweqjf.dll",s

O4 - HKLM\..\Run: [e462467b] rundll32.exe "C:\WINDOWS\system32\oyukuqto.dll",b

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

Regularnie próbuję usuwać powiązane z BME.. pliki przy pomocy Killboxa, ale to nic nie daje... Regularnie odnawia się całość, a błąd występuje pod innymi nazwami plików .dll. Spybot wyszukuje wszystko, ale mimo usunięcia po jakimś dniu znowu wszystko wraca do "normy". Będę bardzo wdzięczny za jakąkolwiek radę.


(Spandau) #2

Usuń te wpisy w HJT

Uruchom HijackThis - Do a system scan only - w oknie programu pokaże się log - zaznacz kratki przy podanych wpisach - klikasz Fix checked

Pobierz Combofix ale nie uruchamiaj wklej do notatnika:

Zapisz plik jako CFScript.txt najlepiej aby ikonka tego pliku znajdowała się obok ikonki ComboFix.exe

Przeciągnij i upuść plik CFScript.txt na ikonkę ComboFix.exe powinno rozpocząć się usuwanie po tym daj log na forum.

Usuń ręcznie folder C:\Qoobox , usuń instalkę Combofix z dysku.


(Serek X) #3

Dużo usuwało

log programu:

ComboFix 08-09-05.03 - Sergiusz 2008-09-07 20:04:06.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.576 [GMT 2:00]

Running from: D:\downloads\ComboFix.exe

Command switches used :: D:\downloads\CFScript.txt

 * Created a new restore point


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED [/b][/color]

.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.


C:\Documents and Settings\Rodzina\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk

C:\Documents and Settings\Rodzina\Menu Start\Antivirus 2009

C:\Documents and Settings\Rodzina\Menu Start\Antivirus 2009\Antivirus 2009.lnk

C:\Documents and Settings\Rodzina\Menu Start\Antivirus 2009\Uninstall Antivirus 2009.lnk

C:\Documents and Settings\Rodzina\Pulpit\Antivirus 2009.lnk

C:\Program Files\Antivirus 2009

C:\Program Files\Antivirus 2009\av2009.exe.tmp

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\abyujrke.ini

C:\WINDOWS\system32\ahhtkofw.ini

C:\WINDOWS\system32\ahldtnad.dll

C:\WINDOWS\system32\ajeykxet.exe

C:\WINDOWS\system32\arpyafux.dll

C:\WINDOWS\system32\cosnpglm.dll

C:\WINDOWS\system32\crttetww.dll

C:\WINDOWS\system32\dcbpldkb.exe

C:\WINDOWS\system32\dvudsddu.ini

C:\WINDOWS\system32\ecbeuiyj.dll

C:\WINDOWS\system32\edugibno.dll

C:\WINDOWS\system32\efipscik.ini

C:\WINDOWS\system32\ekrjuyba.dll

C:\WINDOWS\system32\emgvbwgi.dll

C:\WINDOWS\system32\eniaflgr.exe

C:\WINDOWS\system32\envjftqx.ini

C:\WINDOWS\system32\exehovrp.ini

C:\WINDOWS\system32\fapexrws.ini

C:\WINDOWS\system32\fbusqgev.dll

C:\WINDOWS\system32\fmhhnufc.dll

C:\WINDOWS\system32\fwpwppjv.ini

C:\WINDOWS\system32\fxhcyhiv.dll

C:\WINDOWS\system32\Ghjlknpo.ini

C:\WINDOWS\system32\Ghjlknpo.ini2

C:\WINDOWS\system32\gumyecos.dll

C:\WINDOWS\system32\gwtkkicr.exe

C:\WINDOWS\system32\haektjqq.ini

C:\WINDOWS\system32\hducxcsv.ini

C:\WINDOWS\system32\herehsun.dll

C:\WINDOWS\system32\hhptempy.dll

C:\WINDOWS\system32\hokihiup.exe

C:\WINDOWS\system32\hstnukkf.dll

C:\WINDOWS\system32\hwpbruuc.dll

C:\WINDOWS\system32\ieupdates.exe

C:\WINDOWS\system32\igwbvgme.ini

C:\WINDOWS\system32\ijnbbsor.dll

C:\WINDOWS\system32\isahvnax.dll

C:\WINDOWS\system32\iybieisf.exe

C:\WINDOWS\system32\jdqxxrsy.dll

C:\WINDOWS\system32\jkkIyYOi.dll

C:\WINDOWS\system32\jksjlxje.dll

C:\WINDOWS\system32\juuofpnl.dll

C:\WINDOWS\system32\jvkvlocy.exe

C:\WINDOWS\system32\kfbnxiuy.ini

C:\WINDOWS\system32\khbelkye.exe

C:\WINDOWS\system32\kisswxno.ini

C:\WINDOWS\system32\kjfktmpb.exe

C:\WINDOWS\system32\konjjjhl.exe

C:\WINDOWS\system32\krfjfsqq.exe

C:\WINDOWS\system32\kytohpqd.ini

C:\WINDOWS\system32\lgrweqjf.dll

C:\WINDOWS\system32\lhqsdfto.dll

C:\WINDOWS\system32\lqvdfqua.dll

C:\WINDOWS\system32\lslyvcyo.exe

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\mdguellb.exe

C:\WINDOWS\system32\metxyemp.dll

C:\WINDOWS\system32\mfbyhwrn.dll

C:\WINDOWS\system32\minwfaiw.dll

C:\WINDOWS\system32\mjdaiugg.exe

C:\WINDOWS\system32\mlauatcv.dll

C:\WINDOWS\system32\MnWadMSs.ini

C:\WINDOWS\system32\MnWadMSs.ini2

C:\WINDOWS\system32\ndktcsqw.exe

C:\WINDOWS\system32\nphxnaxb.exe

C:\WINDOWS\system32\nushereh.ini

C:\WINDOWS\system32\oeydjeyg.dll

C:\WINDOWS\system32\opnkljhG.dll

C:\WINDOWS\system32\otkshacp.ini

C:\WINDOWS\system32\otqukuyo.ini

C:\WINDOWS\system32\OUtAbLTv.ini

C:\WINDOWS\system32\OUtAbLTv.ini2

C:\WINDOWS\system32\oypxunlp.dll

C:\WINDOWS\system32\pcahskto.dll

C:\WINDOWS\system32\pmeyxtem.ini

C:\WINDOWS\system32\ppqgkevy.exe

C:\WINDOWS\system32\prvohexe.dll

C:\WINDOWS\system32\ptvjcwgi.exe

C:\WINDOWS\system32\qqjtkeah.dll

C:\WINDOWS\system32\qwilqljt.dll

C:\WINDOWS\system32\racbrejy.dll

C:\WINDOWS\system32\roancmux.exe

C:\WINDOWS\system32\rpuvbpls.ini

C:\WINDOWS\system32\rqsuxspi.dll

C:\WINDOWS\system32\ruaajaoe.ini

C:\WINDOWS\system32\sayehtlg.dll

C:\WINDOWS\system32\sddswjhk.dll

C:\WINDOWS\system32\siqntvsx.dll

C:\WINDOWS\system32\slpbvupr.dll

C:\WINDOWS\system32\smbrivys.exe

C:\WINDOWS\system32\smvjyrby.dll

C:\WINDOWS\system32\smyibylf.ini

C:\WINDOWS\system32\soceymug.ini

C:\WINDOWS\system32\sSMdaWnM.dll

C:\WINDOWS\system32\suuiovrf.ini

C:\WINDOWS\system32\tchduoro.ini

C:\WINDOWS\system32\thvarmue.dll

C:\WINDOWS\system32\tjlqliwq.ini

C:\WINDOWS\system32\uiyttiic.exe

C:\WINDOWS\system32\umrjcsye.ini

C:\WINDOWS\system32\vegqsubf.ini

C:\WINDOWS\system32\vihychxf.ini

C:\WINDOWS\system32\vscxcudh.dll

C:\WINDOWS\system32\vTLbAtUO.dll

C:\WINDOWS\system32\vubdbkjh.dll

C:\WINDOWS\system32\waphrikm.ini

C:\WINDOWS\system32\wGOorBeg.ini

C:\WINDOWS\system32\wGOorBeg.ini2

C:\WINDOWS\system32\winrzf32.dll

C:\WINDOWS\system32\winsrc.dll

C:\WINDOWS\system32\wmgvjmfs.dll

C:\WINDOWS\system32\wuhibgwf.dll

C:\WINDOWS\system32\xnyvrmkt.exe

C:\WINDOWS\system32\xrexybpi.dll

C:\WINDOWS\system32\xufaypra.ini

C:\WINDOWS\system32\xvsleatp.ini

C:\WINDOWS\system32\yawghceh.ini

C:\WINDOWS\system32\ybryjvms.ini

C:\WINDOWS\system32\yeisjaae.ini

C:\WINDOWS\system32\ygjrbbwe.ini

C:\WINDOWS\system32\yqdkqpkx.exe

C:\WINDOWS\system32\ysrxxqdj.ini

C:\WINDOWS\system32\yuwjrxpa.dll


.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.


-------\Legacy_CMDSERVICE

-------\Legacy_NETWORK_MONITOR



((((((((((((((((((((((((( Files Created from 2008-08-07 to 2008-09-07 )))))))))))))))))))))))))))))))

.


2008-08-27 18:03 . 2004-08-04 00:44	10,752	---------	C:\WINDOWS\system32\smtpapi.dll

2008-08-27 18:03 . 2004-08-04 00:44	9,728	---------	C:\WINDOWS\system32\rwnh.dll

2008-08-27 18:02 . 2004-07-17 11:40	19,528	--a------	C:\WINDOWS\[u]0[/u]00001_.tmp

2008-08-21 12:26 . 2008-09-06 12:58	902	--a------	C:\WINDOWS\wininit.ini

2008-08-20 23:36 . 2008-08-21 14:07	54,156	--ah-----	C:\WINDOWS\QTFont.qfn

2008-08-20 23:36 . 2008-08-20 23:36	1,409	--a------	C:\WINDOWS\QTFont.for

2008-08-16 10:40 . 2008-08-27 10:48	




oto log Hijacka, który jednak nadal jest zasyfiony:

[code]Logfile of HijackThis v1.99.1 Scan saved at 20:23:59, on 2008-09-07 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Razer\DeathAdder\razerhid.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Razer\DeathAdder\razertra.exe C:\Program Files\Razer\DeathAdder\razerofa.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe D:\downloads\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O4 - HKLM..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto O4 - HKLM..\Run: [e462467b] rundll32.exe "C:\WINDOWS\system32\gxpvyfbv.dll",b O4 - HKLM..\Run: [BMe75175e7] Rundll32.exe "C:\WINDOWS\system32\cpqiuxqq.dll",s O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe


(Arekmalek) #4

Wpisy w hijacku FIX

Wklej do notatnika

Zapisz jako -> CFScript.txt

Przeciągnij na ikonke combo i daj loga


(Serek X) #5

Oto log:

ComboFix 08-09-05.09 - Sergiusz 2008-09-08 13:10:04.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.623 [GMT 2:00]

Running from: D:\downloads\ComboFix.exe

Command switches used :: D:\downloads\CFScript.txt

 * Created a new restore point


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED [/b][/color]

.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.


C:\WINDOWS\[u]0[/u]00001_.tmp

C:\WINDOWS\BMe75175e7.txt

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\drivers\oreans32.sys

C:\WINDOWS\system32\geBroOGw.dll

C:\WINDOWS\system32\rlibsrmr.ini

C:\WINDOWS\system32\rmrsbilr.dll

C:\WINDOWS\system32\wGOorBeg.ini

C:\WINDOWS\system32\wGOorBeg.ini2


.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.


-------\Legacy_OREANS32

-------\Service_oreans32



((((((((((((((((((((((((( Files Created from 2008-08-08 to 2008-09-08 )))))))))))))))))))))))))))))))

.


2008-09-07 21:02 . 2008-09-07 21:02	0	--a------	C:\WINDOWS\BMe75175e7.xml

2008-08-27 18:03 . 2004-08-04 00:44	10,752	---------	C:\WINDOWS\system32\smtpapi.dll

2008-08-27 18:03 . 2004-08-04 00:44	9,728	---------	C:\WINDOWS\system32\rwnh.dll

2008-08-21 12:26 . 2008-09-06 12:58	902	--a------	C:\WINDOWS\wininit.ini

2008-08-20 23:36 . 2008-08-21 14:07	54,156	--ah-----	C:\WINDOWS\QTFont.qfn

2008-08-20 23:36 . 2008-08-20 23:36	1,409	--a------	C:\WINDOWS\QTFont.for

2008-08-16 10:40 . 2008-08-27 10:48	




I jeszcze Hijack:

[code]Logfile of HijackThis v1.99.1 Scan saved at 13:23:32, on 2008-09-08 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Razer\DeathAdder\razerhid.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Razer\DeathAdder\razertra.exe C:\Program Files\Razer\DeathAdder\razerofa.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe D:\downloads\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto O4 - HKLM..\Run: [e462467b] rundll32.exe "C:\WINDOWS\system32\gxpvyfbv.dll",b O4 - HKLM..\Run: [BMe75175e7] Rundll32.exe "C:\WINDOWS\system32\cpqiuxqq.dll",s O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe


(Kambor4) #6

Wklej do Notatnika :

File::

C:\WINDOWS\BMe75175e7.xml

>>Plik>>Zapisz jako... >>> CFScript

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe

-->cfscriptb5b4me3.gif

Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:**** Qoobox.

================================

K.


(Serek X) #7
ComboFix 08-09-05.09 - Sergiusz 2008-09-08 14:11:48.4 - NTFSx86

(Kambor4) #8

Czysto.

Usuń ręcznie folder C:**** Qoobox,

Usuń instalkę ComboFix z dysku.

Wykonaj optymalizację autostartu

Przeczyść komputer Ccleanerem

Wyłącz i włącz przywracanie systemu na wszystkich dyskach.Instrukcja

Przeskanuj obszar swojego komputera http://www.kaspersky.pl/virusscanner.html ( uruchom przez IE ) Daj raport z niego na forum.

lub

Dr.WEB CureIt!.

==========================

K.


(Spandau) #9

Log z HJT robiłeś po Combofix a tam nadal jest

Dlatego

Wyłącz przywracanie systemu na wszystkich dyskach. Instrukcja

Pobierz Combofix ale nie uruchamiaj wklej do notatnika:

Zapisz plik jako CFScript.txt najlepiej aby ikonka tego pliku znajdowała się obok ikonki ComboFix.exe

Przeciągnij i upuść plik CFScript.txt na ikonkę ComboFix.exe powinno rozpocząć się usuwanie po tym daj log na forum.

Usuń ręcznie folder C:\Qoobox , usuń instalkę Combofix z dysku.


(Leon$) #10

pomyliłeś się

HijackThis Scan saved at 19:29:18 , on 2008-09-07

Combofix 2008-09-08 14:11:48.4

:slight_smile:


(Spandau) #11

Nie Leon$ mnie chodzi o ten trzeci log HJT i drugi log Combofix nie trzeci


(Leon$) #12

HijackThis 13:23:32, on 2008-09-08

tu Combofix był też robiony po Hj i widać w logu że usunął te wpisy

:slight_smile:


(Spandau) #13

Tak przepraszam moja pomyłka powinno być OK. Dzięki za zwrócenie uwagi.

:slight_smile:


(Serek X) #14

Wpisy zostały usunięte, efekt natychmiast odczuwalny, komputer w końcu się wyłącza, bo okazuje się, że error systemowy "STOP c000021a" (viewtopic.php?f=13&t=251232&start=0&st=0&sk=t&sd=a) był właśnie spowodowany tymi błędami. Jedno co mnie nadal interesuje, to to, że Hijack nadal pokazuje mi te błędy, mimo, ze fizycznie ich nie ma. Co więcej w autostarcie też są, i nawet przez rejestr nie da się ich usunąć:

Logfile of HijackThis v1.99.1

Scan saved at 15:41:55, on 2008-09-08

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Razer\DeathAdder\razerhid.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Razer\DeathAdder\razertra.exe

C:\Program Files\Razer\DeathAdder\razerofa.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Thunderbird\thunderbird.exe

C:\Program Files\Mozilla Firefox\firefox.exe

D:\downloads\HijackThis.exe


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKLM\..\Run: [e462467b] rundll32.exe "C:\WINDOWS\system32\gxpvyfbv.dll",b

O4 - HKLM\..\Run: [BMe75175e7] Rundll32.exe "C:\WINDOWS\system32\cpqiuxqq.dll",s

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

Jakkolwiek, dziękuję wszystkim za pomoc, bo sytuacja wydawała mi się już rozpaczliwa, bo i strzeliło google, i system wykazywał critical errory...


(Leon$) #15

pobierz HijackThis v2.o2 a nie HijackThis v1.99.1 i zrób nim log

Pobierz System Repair Engineer

http://www.cybertrash.pl/images/tata/System%20Repair/System%20Repair%20Engineer.html

przeskanuj daj log

:slight_smile:


(Serek X) #16
2008-09-08,16:09:50


System Repair Engineer 2.6.12.1018

Smallfrogs (http://www.KZTechs.com)


Windows XP Professional Dodatek Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed


Follow item(s) have been selected:

    All Boot Items (Including Registry, Startup Folders, Services and so on)

    Browser Add-ons

    Running Processes (Including process model information)

    File Associations

    Winsock Provider

    Autorun.Inf

    HOSTS File

    Process Privileges Scan



Boot Items

Registry

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<; "C:\Program Files\Gadu-Gadu\gg.exe" /tray> [(Verified)Gadu-Gadu sp. z o.o.]
<; C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog> [Time Information Services Ltd.]
<; C:\Program Files\Picasa2\PicasaMediaDetector.exe> [(Verified)Google Inc.]
<; "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized> [(Verified)Skype Technologies SA]
<; C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe> [(Verified)Safer Networking Ltd.]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<; C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto> [(Verified)Microsoft Windows Publisher]
<; "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"]
<; "C:\Program Files\BearShare\BearShare.exe" /pause> [Free Peers, Inc.]
<; C:\Program Files\Razer\DeathAdder\razerhid.exe> []
<; C:\Program Files\HP\HP Software Update\HPWuSchd2.exe> [Hewlett-Packard Co.]
<; "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"> [(Verified)Nero AG]
<; C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe> [(Verified)Nero AG]
<; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<; nwiz.exe /install> []
<; C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup> [Nokia]
<; C:\WINDOWS\system32\\PSDrvCheck.exe> []
<; "C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.]
<; C:\Program Files\GameDeviceDriver\RFPIcon.exe> [Ruling Tec Pte Ltd]
<; RTHDCPL.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<; SkyTel.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [(Verified)"RealNetworks, Inc."]
<; "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"> [Pinnacle Systems GmbH]
<; > [N/A]
  [File is missing]
  [File is missing]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  [(Verified)Microsoft Windows Publisher]
  [(Verified)Microsoft Windows Publisher]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
  [(Verified)Microsoft Corporation]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
  [Microsoft Corporation]


==================================

Startup Folders

N/A


==================================

Services

[avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start]

  <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe">

[avast! Antivirus / avast! Antivirus][Running/Auto Start]

  <"C:\Program Files\Alwil Software\Avast4\ashServ.exe">

[avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start]

  <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service>

[avast! Web Scanner / avast! Web Scanner][Running/Manual Start]

  <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service>

[DVD-RAM_Service / DVD-RAM_Service][Stopped/Disabled]


[Google Updater Service / gusvc][Stopped/Disabled]

  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe">

[MSSQL$PINNACLESYS / MSSQL$PINNACLESYS][Stopped/Disabled]

  <"C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS>

[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]

  <"C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe">

[Nero BackItUp Scheduler 3 / Nero BackItUp Scheduler 3][Running/Auto Start]


[NMIndexingService / NMIndexingService][Stopped/Manual Start]

  <"C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe">

[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]


[Pinnacle Systems Media Service / PinnacleSys.MediaServer][Stopped/Disabled]


[Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Disabled]


[ServiceLayer / ServiceLayer][Stopped/Manual Start]

  <"C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe">

[SQLAgent$PINNACLESYS / SQLAgent$PINNACLESYS][Stopped/Disabled]

  <"C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS>

[StarWind iSCSI Service / StarWindService][Stopped/Disabled]


[UltiDev Cassini Web Server for ASP.NET 2.0 / UltiDev Cassini Web Server for ASP.NET 2.0][Stopped/Disabled]

  <"C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe">


==================================

Drivers

[a347bus / a347bus][Running/Boot Start]

  <\SystemRoot\System32\DRIVERS\a347bus.sys><>

[a347scsi / a347scsi][Running/Boot Start]

  <\SystemRoot\System32\Drivers\a347scsi.sys><>

[ASAPIW2K / ASAPIW2K][Running/Manual Start]


[AsIO / AsIO][Running/System Start]


[aswFsBlk / aswFsBlk][Running/Auto Start]


[atksgt / atksgt][Running/Auto Start]


[catchme / catchme][Running/Manual Start]

  <\??\C:\ComboFix\catchme.sys>

[Port gier dla karty Creative SB Live! / ctljystk][Stopped/Manual Start]


[DeathAdder Mouse / DAdderFltr][Running/Manual Start]


[Dynamic Calibration Service / DynCal][Running/Manual Start]


[Creative SB Live! (WDM) / emu10k][Stopped/Manual Start]


[Sterownik Creative Interface Manager (WDM) / emu10k1][Stopped/Manual Start]


[ENTECH / ENTECH][Stopped/Manual Start]

  <\??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys>

[giveio / giveio][Running/Boot Start]

  <\SystemRoot\system32\giveio.sys>

[Hamachi Network Interface / hamachi][Running/Manual Start]


[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]


[IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start]


[Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start]


[USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start]


[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]


[ITEATAPI_Service_Install / iteatapi][Running/Boot Start]

  <\SystemRoot\System32\DRIVERS\iteatapi.sys>

[lirsgt / lirsgt][Running/Auto Start]


[Pinnacle Marvin Bus / MarvinBus][Running/Manual Start]


[meiudf / meiudf][Running/System Start]


[ATK0110 ACPI UTILITY / MTsensor][Running/Manual Start]
<>

[RCA USB Digital Cable Modem Driver / netrcacm][Running/Manual Start]


[Nokia USB Generic / Nokia USB Generic][Stopped/Manual Start]


[Nokia USB Modem / Nokia USB Modem][Stopped/Manual Start]


[Nokia USB Phone Parent / Nokia USB Phone Parent][Stopped/Manual Start]


[Nokia USB Port / Nokia USB Port][Stopped/Manual Start]


[nv / nv][Running/Manual Start]


[Creative OS Services Driver / ossrv][Stopped/Manual Start]


[PCLEPCI / PCLEPCI][Running/System Start]

  <\??\C:\WINDOWS\system32\drivers\pclepci.sys>

[Sterownik bezpośredniego połączenia kablowego / Ptilink][Running/Manual Start]


[PxHelp20 / PxHelp20][Running/Boot Start]

  <\SystemRoot\System32\Drivers\PxHelp20.sys>

[RivaTuner32 / RivaTuner32][Stopped/Manual Start]

  <\??\C:\Program Files\RivaTuner v2.0 Final Release\RivaTuner32.sys>

[Secdrv / Secdrv][Running/Auto Start]


[StarForce Protection Environment Driver (version 1.x) / sfdrv01][Running/Boot Start]

  <\SystemRoot\System32\drivers\sfdrv01.sys>

[StarForce Protection Helper Driver (version 2.x) / sfhlp02][Running/Boot Start]

  <\SystemRoot\System32\drivers\sfhlp02.sys>

[Sterownik Creative SoundFont Manager (WDM) / sfman][Stopped/Manual Start]


[StarForce Protection Synchronization Driver (version 2.x) / sfsync02][Running/Boot Start]

  <\SystemRoot\System32\drivers\sfsync02.sys>

[StarForce Protection VFS Driver (version 2.x) / sfvfs02][Running/Boot Start]

  <\SystemRoot\System32\drivers\sfvfs02.sys>

[Sterownik filtru USB Sony (SONYPVU1) / SONYPVU1][Stopped/Manual Start]


[speedfan / speedfan][Running/Boot Start]

  <\SystemRoot\system32\speedfan.sys>

[sptd / sptd][Running/Boot Start]

  <\SystemRoot\System32\Drivers\sptd.sys>

[M-Systems DiskOnChip 2000 / tffsport][Running/Boot Start]

  <\SystemRoot\system32\DRIVERS\tffsport.sys>

[VClone / VClone][Stopped/Boot Start]

  <\SystemRoot\system32\DRIVERS\VClone.sys>

[NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller / yukonwxp][Running/Manual Start]



==================================

Browser Add-ons

[Adobe PDF Reader Link Helper]

  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} 

[Spybot-S&D IE Protection]

  {53707962-6F74-2D53-2644-206D7942484F} 

[SSVHelper Class]

  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} 

[Spybot-S&D IE Protection]

  {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} 

[Messenger]

  {FB5F1910-F110-11d2-BB9E-00C04F795683} 

[]

  {00000161-0000-0010-8000-00AA00389B71} <, >

[]

  {33564D57-0000-0010-8000-00AA00389B71} <, >

[Java Plug-in]

  {8AD9C840-044E-11D1-B3E9-00805F499D93} 

[Java Plug-in]

  {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} 

[Java Plug-in 1.5.0_06]

  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} 

[Shockwave Flash Object]

  {D27CDB6E-AE6D-11CF-96B8-444553540000} 

[]

  {00E875CD-539D-4E48-B17B-DA05F50D17EF} <, >

[]

  {0377E90A-273A-48C4-AC5C-4DE4A2DF9822} <, >

[Adobe PDF Reader Link Helper]

  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} 

[Web Browser Applet Control]

  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} 

[]

  {090E4669-7039-4794-8361-C1BB86A85FF5} <, >

[]

  {09465374-FB4D-4AC6-9146-9FB11D5E4840} <, >

[]

  {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <, >

[]

  {12E9DEC4-535B-4B9F-A812-6FC318117482} <, >

[]

  {1445CD81-5029-4CE8-9C76-8654C1C290A2} <, >

[]

  {1607EC24-5463-4A47-AD96-B4350AF606A6} <, >

[]

  {1C14AD3B-2AB7-4AAE-8E5E-BD919EB84E59} <, >

[]

  {1E6F2FB1-C566-4A2A-B9F9-07B4E20D7E18} <, >

[]

  {253D0B09-2C3A-46CC-82C3-D35A3AAA1801} <, >

[]

  {33526566-230C-43C1-93C4-5878BC0232E0} <, >

[]

  {36D1E3CA-0A3E-4944-A46C-58B0253DF7BE} <, >

[]

  {38B01DAB-F627-499F-8921-5B93C57FE237} <, >

[]

  {41BE874F-07B1-4AE9-B97C-2FDD3AFC9B0A} <, >

[]

  {48B8251E-B048-4826-9298-5E5A8E30B75B} <, >

[]

  {4E3A3542-735B-4045-8F90-B9DBA48809D5} <, >

[]

  {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} <, >

[Spybot-S&D IE Protection]

  {53707962-6F74-2D53-2644-206D7942484F} 

[Shell Name Space]

  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\System32\shdocvw.dll, (Signed) N/A>

[]

  {559F6870-6073-4C1F-82FD-031CC1FFB4B6} <, >

[]

  {67BE6F28-E1BD-4944-812F-60E5A56C58AC} <, >

[]

  {69DEA2FC-1468-4F1A-A2D4-E8FF7C667C43} <, >

[Windows Media Player]

  {6BF52A52-394A-11D3-B153-00C04F79FAA6} 

[]

  {6C235114-E74F-4C1E-80CB-99D9B1859E3E} <, >

[Active Desktop Mover]

  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, (Signed) N/A>

[]

  {7496E801-657D-4892-8623-E29C681D3CB5} <, >

[SSVHelper Class]

  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} 

[]

  {7893D715-0888-4D00-9107-992A7ACA0457} <, >

[]

  {79C1D9FD-E942-47DE-8616-50CB32AA96A4} <, >

[]

  {85564A02-B4D2-41E6-B76E-1085A724220E} <, >

[]

  {86A3DF2E-F99F-480A-B0A1-BA3DF47E5394} <, >

[]

  {8E9F0F8C-A503-4C7F-81FF-BBAB3E1BF5EC} <, >

[]

  {9DE032BE-A923-4B10-A4D2-C961D93A06FC} <, >

[]

  {A89442A0-2AAB-48C2-B7D8-88713B8AA3F2} <, >

[SearchAssistantOC]

  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, (Signed) N/A>

[]

  {B462A544-7E7F-46A9-9E71-5275268C17A6} <, >

[]

  {BC48F2CB-8D60-420D-ABC8-384C12E57D43} <, >

[]

  {BE0CAA79-5126-499F-B514-E58171083C87} <, >

[]

  {CBB48863-A2EB-4BF1-B394-471C671CD904} <, >

[]

  {CD96BC8A-7F34-49A4-93A8-E913A6B4B098} <, >

[RealPlayer G2 Control]

  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} 

[Shockwave Flash Object]

  {D27CDB6E-AE6D-11CF-96B8-444553540000} 

[]

  {D947236F-171A-44DB-BED7-7E3A45CE74DD} <, >

[]

  {DBADC52B-D58A-4A48-BC96-18DE8E612C37} <, >

[]

  {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} <, >

[]

  {E3A40EA9-F01E-4C4D-B3BC-CFC628A239F8} <, >

[]

  {E63EE621-3A9A-4573-8BC2-D9F68CD86EE6} <, >

[]

  {E7ACC421-936E-49BB-8619-6F3D14B535EA} <, >

[]

  {FB52AFE4-10EC-4AE5-B365-7C2E9C16D0B8} <, >

[]

  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >


==================================

Running Processes

[PID][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corp., 1.5.0512.0]

    [C] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [Microsoft Corporation, 7.10.3077.0]

    [C] [Microsoft Corporation, 7.10.3052.4]

    [C] [ALWIL Software, 4, 8, 1201, 0]

[PID][C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [Microsoft Corporation, 7.10.3077.0]

    [C] [Microsoft Corporation, 7.10.3052.4]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1195, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Hewlett-Packard Company, 60.051.645.00]

    [C] [N/A,]

    [C] [N/A,]

    [C] [Hewlett-Packard Corporation, 60.051.645.00]

[PID][C] [Nero AG, 3, 1, 0, 0]

    [C] [Nero AG, 3, 1, 0, 0]

    [C] [Nero AG, 8.1.1.0]

    [C] [Nero AG, 3, 1, 0, 0]

    [C] [Nero AG, 3, 1, 0, 0]

[PID][C] [NVIDIA Corporation, 6.14.11.6371]

    [C] [NVIDIA Corporation, 6.14.11.6371]

[PID][C] [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]

[PID][C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [Microsoft Corporation, 7.10.3077.0]

    [C] [Microsoft Corporation, 7.10.3052.4]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1195, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1195, 0]

    [C] [Microsoft Corporation, 7.10.3077.0]

    [C] [ALWIL Software, 4, 8, 1195, 0]

[PID][C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [Microsoft Corporation, 7.10.3077.0]

    [C] [Microsoft Corporation, 7.10.3052.4]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1195, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [ALWIL Software, 4, 8, 1201, 0]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [, 1, 0, 0, 1]

    [C] [, 1, 0, 0, 1]

    [C] [mot, 1, 0, 0, 1]

    [C] [N/A,]

[PID][C] [Gadu-Gadu S.A., 7,6,0,1359]

    [C] [N/A,]

    [C] [sms-express.com, 1, 0, 0, 0]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [Microsoft Corporation, 6.2.0013.1 (DbgBuild.030619-2209)]

    [C] [Gadu-Gadu S.A., 7, 5, 0, 722]

    [C] [n0ne, 1, 0, 0, 2]

    [C] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

    [C] [Adobe Systems, Inc., 9,0,16,0]

[PID][C] [, 1, 0, 0, 1]

    [C] [Razer, Inc., 4, 0, 0, 4]

    [C] [N/A,]

[PID][C] [Razer Inc., 4.0.0.4]

    [C] [N/A,]

[PID][C] [Nullsoft, 5,3,2,1003]

    [C] [Nullsoft, Inc., 7.10.0000]

    [C] [PepeSoftware, 5,3,2,1003]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

    [C] [Nullsoft, 5,3,2,1003]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [Sonic Solutions, 3.2.40.500]

    [C] [Sonic Solutions, 3.2.46.500]

    [C] [Sonic Solutions, 1.01.95a]

    [C] [Sonic Solutions, 3.2.46.500]

    [C] [Sonic Solutions, 3.2.40.500]

    [C] [Sonic Solutions, 3.2.40.500]

    [C] [Sonic Solutions, 3.2.46.500]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [Nero AG, 3, 1, 0, 0]

    [C] [N/A,]

    [C] [Allume Systems, Inc., 9.0.0.21]

    [C] [Microsoft Corporation, 7.10.3077.0]

    [C] [Microsoft Corporation, 7.10.3052.4]

    [C] [Allume Systems, Inc, 9.0.0.21]

    [C] [Microsoft Corporation, 7.10.3077.0]

    [C] [Systweak Inc, 1, 0, 1, 2]

    [C] [Nero AG, 3, 1, 1, 0]

    [C] [Nero AG, 1,1,0, 207]

    [C] [ALWIL Software, 4, 8, 1201, 0]

    [C] [,]

[PID][C] [Mozilla Corporation, 1.8.1.16: 2008070808]

    [C] [Netscape Communications Corporation, 4.0]

    [C] [Netscape Communications Corporation, 4.6.8]

    [C] [Mozilla Foundation, 1.8.1.16: 2008070808]

    [C] [Netscape Communications Corporation, 4.6.8]

    [C] [Netscape Communications Corporation, 4.6.8]

    [C] [Mozilla Foundation, 3.11.9.0 Basic ECC]

    [C] [Mozilla Foundation, 3.11.9.0 Basic ECC]

    [C] [Mozilla Foundation, 3.11.4 Basic ECC]

    [C] [Mozilla Foundation, 3.11.9.0 Basic ECC]

    [C] [N/A,]

    [C] [N/A,]

    [C] [Mozilla Foundation, 1.8.1.16: 2008070808]

    [C] [Mozilla Foundation, 1.8.1.16: 2008070808]

    [C] [Mozilla Foundation, 1.8.1.16: 2008070808]

    [C] [Mozilla Foundation, 1.8.1.9: 2007103104]

    [C] [Full Circle Software, Inc., 2.2.unofficial]

    [C] [N/A,]

    [C] [Mozilla Foundation, 1.8.1.16: 2008070808]

    [C] [Mozilla Foundation, 3.11.4 Basic ECC]

    [C] [Mozilla Foundation, 1.65]

    [C] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

[PID][C] [Safer Networking Limited, 1, 6, 2, 23]

    [C] [Safer Networking Limited, 1, 6, 1, 12]

    [C] [N/A,]

[PID][C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 9.00.00.3250]

    [C] [N/A,]

    [C] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

    [C] [Safer Networking Limited, 1, 6, 0, 12]

    [C] [Microsoft Corporation, 7.10.3052.4]

    [C] [Microsoft Corporation, 7.10.3077.0]

    [C] [Nokia, 6, 81, 46, 1]

    [C] [Nokia, 6, 81, 68, 0]

    [C] [Nokia., 6, 81, 62, 0]

    [C] [Nokia, 6, 81, 29, 0]

    [C] [Nokia, 6, 81, 11, 0]

    [C] [Adobe Systems Incorporated, 8.0.0.2006102200]

    [C] [Nokia, 6, 81, 46, 1]

[PID][C] [Mozilla Corporation, 1.9.0.1]

    [C] [Mozilla Foundation, 1.9.0.1]

    [C] [sqlite.org, 3.5.9]

    [C] [Mozilla Foundation, 8.00.0000]

    [C] [Netscape Communications Corporation, 4.0]

    [C] [Mozilla Foundation, 4.7.1]

    [C] [Mozilla Foundation, 3.12.0.3 Basic ECC]

    [C] [Mozilla Foundation, 3.12.0.3 Basic ECC]

    [C] [Mozilla Foundation, 3.12.0.3 Basic ECC]

    [C] [Mozilla Foundation, 4.7.1]

    [C] [Mozilla Foundation, 4.7.1]

    [C] [Mozilla Foundation, 3.12.0.3 Basic ECC]

    [C] [Mozilla Foundation, 1.9.0.1]

    [C] [Mozilla Foundation, 1.9.0.1]

    [C] [Mozilla Foundation, 3.12.0.3 Basic ECC]

    [C] [Mozilla Foundation, 3.12.0.3 Basic ECC]

    [C] [Mozilla Foundation, 3.12.0.3 Basic ECC]

    [C] [Mozilla Foundation, 1.70]

    [C] [N/A,]

    [C] [Mozilla Foundation, 1.9.0.1]

    [C] [, 1.2]

    [C] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

    [C] [Nero AG, 3, 1, 0, 0]

    [C] [N/A,]

    [C] [Allume Systems, Inc., 9.0.0.21]

    [C] [Microsoft Corporation, 7.10.3077.0]

    [C] [Microsoft Corporation, 7.10.3052.4]

    [C] [Allume Systems, Inc, 9.0.0.21]

    [C] [Microsoft Corporation, 7.10.3077.0]

    [C] [Systweak Inc, 1, 0, 1, 2]

    [C] [Nero AG, 3, 1, 1, 0]

    [C] [Nero AG, 1,1,0, 207]

    [C] [ALWIL Software, 4, 8, 1201, 0]

[PID][C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Adobe Systems Incorporated, 8.0.0.2006102200]

    [C] [Safer Networking Limited, 1, 6, 0, 12]

    [C] [Sun Microsystems, Inc., 5.0.60.5]

    [C] [N/A,]

    [C] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

    [C] [Adobe Systems, Inc., 9,0,16,0]

    [C] [Microsoft Corporation, 5.00.3805]

    [C] [Microsoft Corporation, 5.00.3805]

    [C] [Microsoft Corporation, 5.00.3805]

[PID][C] [Smallfrogs Studio, 2.6.12.1018]

[PID][C] [Smallfrogs Studio, 2.6.12.1018]

    [C] [N/A,]

    [C] [Smallfrogs Studio, 2, 1, 0, 15]


==================================

File Associations

.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]

.EXE OK. ["%1" %*]

.COM OK. ["%1" %*]

.PIF OK. ["%1" %*]

.REG OK. [regedit.exe "%1"]

.BAT OK. ["%1" %*]

.SCR OK. ["%1" /S]

.CHM OK. ["C:\WINDOWS\hh.exe" %1]

.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]

.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]

.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]

.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]

.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]

.LNK OK. [{00021401-0000-0000-C000-000000000046}]


==================================

Winsock Provider

N/A


==================================

Autorun.Inf

N/A


==================================

HOSTS File

127.0.0.1 localhost


==================================

Process Privileges Scan

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2436, C:\PROGRAM FILES\RAZER\DEATHADDER\RAZERHID.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2652, C:\PROGRAM FILES\RAZER\DEATHADDER\RAZERTRA.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2680, C:\PROGRAM FILES\RAZER\DEATHADDER\RAZEROFA.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1800, C:\PROGRAM FILES\WINAMP\WINAMP.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2904, C:\DOCUME~1\SERGIUSZ\USTAWI~1\TEMP\RAR$EX00.406\SRENGLDR.EXE]


==================================

API HOOK

N/A


==================================

Hidden Process

N/A


==================================

(Gutek) #17

Uruchom System Repair Engineer zakładka System Repair >> Browser Add-ons >> odszukaj i usuń

{00000161-0000-0010-8000-00AA00389B71}

{33564D57-0000-0010-8000-00AA00389B71}

{00E875CD-539D-4E48-B17B-DA05F50D17EF} 

{0377E90A-273A-48C4-AC5C-4DE4A2DF9822}

{090E4669-7039-4794-8361-C1BB86A85FF5} 

{09465374-FB4D-4AC6-9146-9FB11D5E4840} 

{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} 

{12E9DEC4-535B-4B9F-A812-6FC318117482} 

{1445CD81-5029-4CE8-9C76-8654C1C290A2} 

{1607EC24-5463-4A47-AD96-B4350AF606A6} 

{1C14AD3B-2AB7-4AAE-8E5E-BD919EB84E59}

{1E6F2FB1-C566-4A2A-B9F9-07B4E20D7E18} 

{253D0B09-2C3A-46CC-82C3-D35A3AAA1801} 

{33526566-230C-43C1-93C4-5878BC0232E0} 

{36D1E3CA-0A3E-4944-A46C-58B0253DF7BE} 

{38B01DAB-F627-499F-8921-5B93C57FE237} 

{41BE874F-07B1-4AE9-B97C-2FDD3AFC9B0A} 

{48B8251E-B048-4826-9298-5E5A8E30B75B} 

{4E3A3542-735B-4045-8F90-B9DBA48809D5} 

{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}

{559F6870-6073-4C1F-82FD-031CC1FFB4B6} 

{67BE6F28-E1BD-4944-812F-60E5A56C58AC}

{69DEA2FC-1468-4F1A-A2D4-E8FF7C667C43}

{6C235114-E74F-4C1E-80CB-99D9B1859E3E}

{7496E801-657D-4892-8623-E29C681D3CB5}

{7893D715-0888-4D00-9107-992A7ACA0457} 

{79C1D9FD-E942-47DE-8616-50CB32AA96A4} 

{85564A02-B4D2-41E6-B76E-1085A724220E} 

{86A3DF2E-F99F-480A-B0A1-BA3DF47E5394} 

{8E9F0F8C-A503-4C7F-81FF-BBAB3E1BF5EC} 

{9DE032BE-A923-4B10-A4D2-C961D93A06FC}

{A89442A0-2AAB-48C2-B7D8-88713B8AA3F2}

{B462A544-7E7F-46A9-9E71-5275268C17A6} 

{BC48F2CB-8D60-420D-ABC8-384C12E57D43} 

{BE0CAA79-5126-499F-B514-E58171083C87} 

{CBB48863-A2EB-4BF1-B394-471C671CD904}

{CD96BC8A-7F34-49A4-93A8-E913A6B4B098}

{D947236F-171A-44DB-BED7-7E3A45CE74DD} 

{DBADC52B-D58A-4A48-BC96-18DE8E612C37} 

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} 

{E3A40EA9-F01E-4C4D-B3BC-CFC628A239F8} 

{E63EE621-3A9A-4573-8BC2-D9F68CD86EE6}

{E7ACC421-936E-49BB-8619-6F3D14B535EA} 

{FB52AFE4-10EC-4AE5-B365-7C2E9C16D0B8} 

{FB5F1910-F110-11D2-BB9E-00C04F795683}

Daj log z ComboFix

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=253052


(Serek X) #18

http://wklejto.pl/9790 oto log Combofixa, natomiast mimo tego zabiegu w Hijacku nadal są wyświetlane te rzeczy:/


(Leon$) #19

Otwórz notatnik i wklej

zapisz jako plik.reg >> wszystkie pliki >> scal z rejestrem >> restart

b57f17008275c957m.jpg

powstanie plik o takiej ikonie

062aec4c9b51c033m.jpg

w który dwa razy klikniesz potwierdzisz chęć dodania do rejestru potem restart

Pobierz CCleaner http://www.filehippo.com/download_ccleaner/

przeskanuj nim i wyczyść rejestr.

zrób optymalizacje uruchamiania

http://cybertrash.netarteria.pl/cyber/i ... 378.0.html

usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html pokaż raport stronę uruchomić przez IE

lub

Dr.WEB CureIt! http://dobreprogramy.pl/index.php?dz=2 ... It!+4.44.5

:slight_smile:

:slight_smile:


(Serek X) #20

http://wklejto.pl/9968 oto log Hijacka, które wpisy mogę spokojnie usunąć?