Windows security alert - wyskakujace okna


(Barylkaq) #1

Proszę o przejrzenie loga bo mam problem z wyskakującymi oknami winodws security alert

Logfile of HijackThis v1.99.1

Scan saved at 18:48:02, on 2008-02-16

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\MagicDisc\MagicDisc.exe

C:\Program Files\Opera\Opera.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\Baryla\USTAWI~1\Temp\Rar$EX00.188\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: SXG Advisor - {D79A1DFF-DF93-4AE0-851C-A1F8CA9C78F5} - C:\WINDOWS\dmdvpnkgn.dll

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM..\Run: [sBI] C:\Documents and Settings\Baryla\Ustawienia lokalne\Temporary Internet Files\Content.IE5\ST0FGX87\install_sbd_en[1].exe

O4 - HKLM..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus ... nicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: bdmanager - {3161590E-4E7C-412F-ACB8-E8FD59CC7985} - C:\WINDOWS\bdmanager.dll

O21 - SSODL: admgcx - {E8BE3212-CB57-4A59-9994-EC02A0D83D57} - C:\WINDOWS\admgcx.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE


(Enter6000) #2

Przeczytaj: http://forum.dobreprogramy.pl/viewtopic.php?f=16&t=213350


(Dmirecki) #3

Użyj SmitFraudFix z opcji 2, w trybie awaryjnym. Potem daj to co wykaże + log z ComboFix. opis


(Leon$) #4

wpisy

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2

O2 - BHO: SXG Advisor - {D79A1DFF-DF93-4AE0-851C-A1F8CA9C78F5} - C:\WINDOWS\dmdvpnkgn.dll

O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Baryla\Ustawienia lokalne\Temporary Internet Files\Content.IE5\ST0FGX87\install_sbd_en[1].exe

O21 - SSODL: bdmanager - {3161590E-4E7C-412F-ACB8-E8FD59CC7985} - C:\WINDOWS\bdmanager.dll

O21 - SSODL: admgcx - {E8BE3212-CB57-4A59-9994-EC02A0D83D57} - C:\WINDOWS\admgcx.dll

usuń HijackThisem >> Fix checked Pobierz Combofix ale nie włączaj otwórz notatnik i wklej

File::

C:\WINDOWS\dmdvpnkgn.dll

C:\Documents and Settings\Baryla\Ustawienia lokalne\Temporary Internet Files\Content.IE5\ST0FGX87\install_sbd_en[1].exe

C:\WINDOWS\bdmanager.dll

C:\WINDOWS\admgcx.dll

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri ... iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania

:slight_smile:


(Barylkaq) #5

ok, usunąłem te logi z hijack i combofix, poskanowalem system antywirusami i okienka juz nie wyskakuja, dla pewnosci podaje log do sprawdzenia czy jest czysty:

ComboFix 08-02-16.2 - Baryla 2008-02-16 19:53:34.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1648 [GMT 1:00]

Running from: C:\Documents and Settings\Baryla\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\Baryla\Pulpit\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

FILE

C:\Documents and Settings\Baryla\Ustawienia lokalne\Temporary Internet Files\Content.IE5\ST0FGX87\install_sbd_en[1].exe

C:\WINDOWS\admgcx.dll

C:\WINDOWS\bdmanager.dll

C:\WINDOWS\dmdvpnkgn.dll

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat

C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat

C:\WINDOWS\admgcx.dll

C:\WINDOWS\dat.txt

C:\WINDOWS\rs.txt

----- BITS: Possible infected sites -----

hxxp://softworldnetwork.com

.

((((((((((((((((((((((((( Files Created from 2008-01-16 to 2008-02-16 )))))))))))))))))))))))))))))))

.

2008-02-16 19:14 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe

2008-02-16 19:14 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx

2008-02-16 19:14 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2008-02-16 19:14 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2008-02-16 19:14 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2008-02-16 19:14 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2008-02-16 19:14 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2008-02-16 19:14 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2008-02-16 18:22 . 2008-02-16 18:22

2008-02-16 18:08 . 2008-02-16 18:08

2008-02-16 18:08 . 2008-02-16 18:09

2008-02-16 18:07 . 2008-02-16 18:07

2008-02-16 17:46 . 2008-02-16 17:46

2008-02-16 17:32 . 2008-02-16 19:35

2008-02-16 17:31 . 2008-02-16 17:31

2008-02-16 17:21 . 2008-02-16 17:21

2008-02-16 13:03 . 2008-02-16 13:03 118 --a------ C:\WINDOWS\system32\MRT.INI

2008-02-16 12:52 . 2008-02-16 12:52

2008-02-16 12:43 . 2008-02-16 12:43

2008-02-16 12:39 . 2008-02-16 12:39

2008-02-16 12:39 . 2006-09-22 14:06 92,160 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys

2008-02-16 12:29 . 2008-02-16 05:22 81,920 --a------ C:\WINDOWS\fsxloqf.exe

2008-02-16 12:21 . 2008-02-16 12:34

2008-02-16 12:15 . 2008-02-16 13:14

2008-02-14 17:28 . 2008-02-14 17:28

2008-02-14 17:28 . 2008-02-16 18:16

2008-02-14 17:25 . 2008-02-14 17:25

2008-02-14 17:11 . 2008-02-14 17:11

2008-02-14 17:10 . 2008-02-14 17:10

2008-02-14 17:10 . 2008-02-14 17:10 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-02-14 16:39 . 2008-02-14 16:39

2008-02-14 16:31 . 2008-02-14 16:36

2008-02-14 16:31 . 2008-02-14 16:31

2008-02-14 16:26 . 2008-02-14 16:26

2008-02-14 16:15 . 2008-02-14 16:15

2008-02-14 16:14 . 2008-02-14 16:14

2008-02-14 16:07 . 2008-02-14 16:07

2008-02-14 16:01 . 2008-02-14 16:01

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-16 11:35 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-02-14 14:49 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-02-14 14:42 --------- d-----w C:\Program Files\totalcmd

2008-02-14 14:35 --------- d-----w C:\Program Files\Gadu-Gadu

2008-02-14 14:25 --------- d-----w C:\Program Files\MSECache

2008-02-14 14:25 --------- d-----w C:\Program Files\CyberLink

2008-02-14 14:25 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Dell

2008-02-14 14:25 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\CyberLink

2008-02-14 14:24 --------- d-----w C:\Program Files\Dell

2008-02-14 14:15 5 ----a-w C:\WINDOWS\system32\drivers\DELL_XPS_Vostro 1400 .MRK

2008-02-14 14:15 5 ----a-w C:\WINDOWS\system32\drivers\1028_DELL_XPS_Vostro 1400 .MRK

2008-02-14 14:14 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-02-14 14:14 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf

2008-02-14 14:13 --------- d-----w C:\Program Files\DellTPad

2008-02-14 14:12 --------- d-----w C:\Program Files\Modem Diagnostic Tool

2008-02-14 14:11 --------- d-----w C:\Program Files\Digital Line Detect

2008-02-14 14:11 --------- d-----w C:\Program Files\CONEXANT

2008-02-14 14:10 --------- d-----w C:\Program Files\SigmaTel

2008-02-14 14:06 --------- d-----w C:\Documents and Settings\Baryla\Dane aplikacji\InstallShield

2008-02-14 14:06 --------- d-----w C:\Documents and Settings\Baryla\Dane aplikacji\Dell

2008-02-14 14:01 --------- d-----w C:\Program Files\Broadcom

2008-02-14 13:58 --------- d-----w C:\Program Files\Intel

2008-02-14 13:37 --------- d-----w C:\Program Files\microsoft frontpage

2008-02-14 13:35 --------- d-----w C:\Program Files\Usługi online

2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll

2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys

2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2007-12-07 01:08 662,016 ----a-w C:\WINDOWS\system32\wininet.dll

2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE

2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44 15360]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 11:54 2131392]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 00:09 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-08-01 13:15 8466432]

"nwiz"="nwiz.exe" [2007-08-01 13:15 1626112 C:\WINDOWS\system32\nwiz.exe]

"NVHotkey"="nvHotkey.dll" [2007-08-01 13:15 67584 C:\WINDOWS\system32\nvhotkey.dll]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-08-01 13:15 81920]

"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-03-16 18:10 1392640]

"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-09-07 17:49 1236992]

"SigmatelSysTrayApp"="stsystra.exe" [2007-05-06 17:10 405504 C:\WINDOWS\stsystra.exe]

"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-07-02 13:29 159744]

"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-11-01 15:39 189736]

"SBI"="C:\Documents and Settings\Baryla\Ustawienia lokalne\Temporary Internet Files\Content.IE5\ST0FGX87\install_sbd_en[1].exe" []

"avast!"="E:\Programy\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360]

C:\Documents and Settings\Baryla\Menu Start\Programy\Autostart\

MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-02-16 12:39:51 534016]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-02-14 15:11:34 50688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"admgcx"= {06B9D297-E0D8-449D-A372-5496481763E6} - C:\WINDOWS\admgcx.dll []

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-16 19:54:20

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SBI = C:\Documents and Settings\Baryla\Ustawienia lokalne\Temporary Internet Files\Content.IE5\ST0FGX87\install_sbd_en[1].exe? ???"???????????4?b???|??b??%?|????t?p??B??????????????????)??|\?6~???????????????| ?b???????7~??7~@???????????????????t?p???b?x?@?@??????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-02-16 19:54:42

ComboFix-quarantined-files.txt 2008-02-16 18:54:34

ComboFix2.txt 2008-02-16 18:12:54

ComboFix3.txt 2008-02-16 18:08:32

.

2008-02-16 12:14:23 --- E O F ---

Logfile of HijackThis v1.99.1

Scan saved at 19:56:09, on 2008-02-16

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

E:\Programy\Avast4\aswUpdSv.exe

E:\Programy\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

E:\Programy\Avast4\ashMaiSv.exe

E:\Programy\Avast4\ashWebSv.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

E:\Programy\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\MagicDisc\MagicDisc.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Opera\Opera.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\Baryla\USTAWI~1\Temp\Rar$EX00.141\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM..\Run: [sBI] C:\Documents and Settings\Baryla\Ustawienia lokalne\Temporary Internet Files\Content.IE5\ST0FGX87\install_sbd_en[1].exe

O4 - HKLM..\Run: [avast!] E:\Programy\Avast4\ashDisp.exe

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus ... nicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O21 - SSODL: admgcx - {06B9D297-E0D8-449D-A372-5496481763E6} - C:\WINDOWS\admgcx.dll (file missing)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Programy\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - E:\Programy\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - E:\Programy\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - E:\Programy\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE


(Barylkaq) #6

sorry za duzo razy mi sie kliknęło


(Barylkaq) #7

...


(Leon$) #8

otwórz notatnik i wklej

Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SBI"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"admgcx"=-

zapisz jako plik.reg >> wszystkie pliki >> scal z rejestrem >> restart

b57f17008275c957m.jpg

powstanie plik o takiej ikonie

062aec4c9b51c033m.jpg

w który dwa razy klikniesz potwierdzisz chęć dodania do rejestru potem restart

skasuj te błędne posty

:slight_smile:


(Barylkaq) #9

ok zrobilem juz tak jak pisałes i juz ok.

PS: tylko 1 post moglem skasowac