Zamulanie kompa, prawdopodobnie wirus

PaulPL1 · 21 Marzec 2007 18:00

Kumel przyszedł do mnie z dyskiem i zaraz op wejściu do Windows(z podłączonym jego dyskiem) zaczeły się problemy. Komputer zaczął strasznie mulić. Używam Symantec AntiVirus z aktualną bazą wirusów (po przeskanowaniu nic nie wykryło).

Logi z HijackThis:

Logfile of HijackThis v1.99.1 Scan saved at 19:00:26, on 2007-03-21 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe D:\Programy\3ds Max 8\mentalray\satellite\raysat_3dsmax8server.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Browser MOUSE\mouse32a.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\WINDOWS\system\services.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\wscntfy.exe D:\Programy\AQQ\AQQ.exe C:\Program Files\totalcmd\TOTALCMD.EXE C:\windows\system\scvhost.exe D:\Programy\Xfire\xfire.exe D:\Programy\Opera\Opera.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Messenger\msmsgs.exe D:\Instalki\anty\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kotor2.pl R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ui.skype.com/ui/0/1.4.0.84/pl/download R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe” O4 - HKLM…\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM…\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe” O4 - HKLM…\Run: [services] C:\WINDOWS\system\services.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [FTP Server] D:\Programy\TYPSOF~1\ftpserv.exe O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [iSUSPM Startup] “C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” -startup O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background O4 - HKCU…\Run: [AQQ] D:\Programy\AQQ\AQQ.exe O4 - HKCU…\Run: [Komunikator] D:\Programy\Tlen\tlen.exe O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [EdHTML] D:\Programy\edHTML\EdHTML.exe /none O4 - HKCU…\Run: [_LAN Messenger] D:\Programy\LAN Messenger\LANMsg.exe O4 - HKCU…\Run: [scvhost] c:\windows\system\scvhost.exe O4 - Startup: Xfire.lnk = D:\Programy\Xfire\xfire.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/activex/public_new/nxpm.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedow … in9USA.cab O17 - HKLM\System\CCS\Services\Tcpip…{A928204D-81FD-46E8-ACCC-17A227FE61F8}: NameServer = 194.204.152.34,194.204.159.1 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - D:\Programy\3ds Max 8\mentalray\satellite\raysat_3dsmax8server.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Proszę o pomoc.

Gutek · 21 Marzec 2007 20:19

usuń wpisy HJT

Użyj Pocket Killbox. Zaznaczasz opcję Delete on Reboot oraz All Files i w polu Full Path of File to Delete wklejasz ścieżki

C:\WINDOWS\system\services.exe

c:\windows\system\scvhost.exe[

i naciskasz X czerwony. Program poprosi o reset kompa … czyli resetujesz.

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222

PaulPL1 · 21 Marzec 2007 21:25

Dzięki za pomoc a nazwe tematu już zmieniam.

Gutek · 21 Marzec 2007 21:41

Daj nowe logi HJT + Silent - http://forum.dobreprogramy.pl/viewtopic.php?t=36654

PaulPL1 · 22 Marzec 2007 20:06

HijackThis…

Logfile of HijackThis v1.99.1 Scan saved at 20:30:08, on 2007-03-22 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Browser MOUSE\mouse32a.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe D:\Programy\3ds Max 8\mentalray\satellite\raysat_3dsmax8server.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE D:\Programy\Xfire\xfire.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\totalcmd\TOTALCMD.EXE D:\Programy\Opera\Opera.exe D:\Programy\MoorHunt\MoorHunt.exe D:\Programy\AQQ\AQQ.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\unvise32.exe D:\Instalki\anty\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kotor2.pl R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ui.skype.com/ui/0/1.4.0.84/pl/download R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe” O4 - HKLM…\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM…\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe” O4 - HKLM…\Run: [services] C:\WINDOWS\system\services.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [FTP Server] D:\Programy\TYPSOF~1\ftpserv.exe O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [iSUSPM Startup] “C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” -startup O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background O4 - HKCU…\Run: [AQQ] D:\Programy\AQQ\AQQ.exe O4 - HKCU…\Run: [Komunikator] D:\Programy\Tlen\tlen.exe O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [EdHTML] D:\Programy\edHTML\EdHTML.exe /none O4 - HKCU…\Run: [_LAN Messenger] D:\Programy\LAN Messenger\LANMsg.exe O4 - HKCU…\Run: [scvhost] c:\windows\system\scvhost.exe O4 - Startup: Xfire.lnk = D:\Programy\Xfire\xfire.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/activex/public_new/nxpm.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedow … in9USA.cab O17 - HKLM\System\CCS\Services\Tcpip…{A928204D-81FD-46E8-ACCC-17A227FE61F8}: NameServer = 194.204.152.34,194.204.159.1 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - D:\Programy\3ds Max 8\mentalray\satellite\raysat_3dsmax8server.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

SilentRunners…

Niestety nie udało mi się uruchomić pliku *.vbs (Błąd podczas wykonywania programu)

I mam jeszcze jeden problem: Coś mi strasznie zaśmieca partycję C:\

Po chwili mam 0k wolnego miejsca.

Zauważyłem że to miejsce zajmuje ten plik:C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP0.exe

Nie wiem co to za plik, ale czasami wykrywa mi wirusa W32.Jeefro (mam złe przeżycia z nim-format całego dysku) i nie jest napisane który plik jest nim skażony, nie da się go usunąć ani poddać kwarantannie.

adam9870 · 22 Marzec 2007 20:14

Ściągasz program KillBox, zaznaczasz Delete on reboot , w polu full path of file wklej ścieżki:

C:\WINDOWS\system\services.exe

c:\windows\system\scvhost.exe

Po wklejeniu każdej ścieżki z osobna klikasz na czerwonego iksa, ale dopiero po wklejeniu ostatniej zgadzasz się na restart.

Usuń wpisy HJT.

Po wykonaniu wklej log z ComboScan.

PaulPL1 · 28 Marzec 2007 16:31

Sory za opóźnienie ale jakoś nia miałem za bardzo czasu.

Oto logi:

ComboScan v20070306.20 run by Paweł & Michał B on 2007-03-28 at 18:30:06 Computer is in Normal Mode. -------------------------------------------------------------------------------- – System Restore -------------------------------------------------------------- Successfully created ComboScan Restore Point. – Last 5 Restore Point(s) – 7: 2007-03-28 16:30:11 UTC - RP180 - ComboScan Restore Point 6: 2007-03-28 16:02:01 UTC - RP179 - Punkt kontrolny systemu 5: 2005-01-27 15:33:04 UTC - RP178 - Installed Test Drive Unlimited 4: 2005-01-27 15:32:02 UTC - RP177 - Zainstalowano Windows Installer KB893803v2. 3: 2005-01-26 18:42:06 UTC - RP176 - Installed Macromedia Dreamweaver 8 – First Restore Point – 1: 2007-03-23 08:30:34 UTC - RP174 - Punkt kontrolny systemu Performed disk cleanup. – HijackThis (run as Paweł & Michał B.exe) ------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 18:30:17, on 2007-03-28 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Browser MOUSE\mouse32a.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe D:\Programy\3ds Max 8\mentalray\satellite\raysat_3dsmax8server.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE D:\Programy\Xfire\xfire.exe C:\Program Files\MSN Messenger\usnsvc.exe D:\Programy\AQQ\AQQ.exe D:\Programy\Opera\Opera.exe C:\Program Files\totalcmd\TOTALCMD.EXE D:\Instalki\anty\comboscan.exe D:\Instalki\anty\Paweł & Michał B.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kotor2.pl R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ui.skype.com/ui/0/1.4.0.84/pl/download R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe” O4 - HKLM…\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM…\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe” O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [FTP Server] D:\Programy\TYPSOF~1\ftpserv.exe O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [iSUSPM Startup] “C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” -startup O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background O4 - HKCU…\Run: [AQQ] D:\Programy\AQQ\AQQ.exe O4 - HKCU…\Run: [Komunikator] D:\Programy\Tlen\tlen.exe O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [EdHTML] D:\Programy\edHTML\EdHTML.exe /none O4 - HKCU…\Run: [_LAN Messenger] D:\Programy\LAN Messenger\LANMsg.exe O4 - Startup: Xfire.lnk = D:\Programy\Xfire\xfire.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/activex/public_new/nxpm.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedow … in9USA.cab O17 - HKLM\System\CCS\Services\Tcpip…{A928204D-81FD-46E8-ACCC-17A227FE61F8}: NameServer = 194.204.152.34,194.204.159.1 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - D:\Programy\3ds Max 8\mentalray\satellite\raysat_3dsmax8server.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe – HijackThis Fixed Entries (D:\Instalki\anty\backups) ------------------------ backup-20070321-183258-483 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) backup-20070322-223132-235 O4 - HKCU…\Run: [scvhost] c:\windows\system\scvhost.exe backup-20070322-223132-456 O4 - HKLM…\Run: [services] C:\WINDOWS\system\services.exe – File Associations ----------------------------------------------------------- .bat - batfile - “%1” %* .chm - chm.file - “C:\WINDOWS\hh.exe” %1 .cmd - cmdfile - “%1” %* .com - comfile - “%1” %* .exe - exefile - “%1” %* .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1 .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1 .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1 .js - JSFile - %SystemRoot%\System32\WScript.exe “%1” %* .lnk - lnkfile - {00021401-0000-0000-C000-000000000046} .pif - piffile - “%1” %* .reg - regfile - regedit.exe “%1” .scr - scrfile - “%1” /S .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1 .vbs - EdHTMLFile_8 - “D:\Programy\edHTML\EdHTML.exe” “%1” – Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 3R ALCXWDM (Service for Realtek AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS 1R AmdK8 (Sterownik procesora AMD) - C:\WINDOWS\system32\drivers\AmdK8.sys 2R atksgt - C:\WINDOWS\system32\drivers\atksgt.sys 1R BANTExt (Belarc SMBios Access) - C:\WINDOWS\system32\drivers\BANTExt.sys 3S dtscsi - C:\WINDOWS\system32\Drivers\dtscsi.sys (not found) 1R eeCtrl (Symantec Eraser Control driver) - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 2R enodpl - C:\WINDOWS\system32\drivers\enodpl.sys 3S ESISTEMA53 - D:\Image\Gunz\RuanEngine\sistema32.sys (not found) 3R ezplay (VSO Software ezplay) - C:\WINDOWS\system32\drivers\ezplay.sys 3S GVCplDrv - C:\WINDOWS\system32\drivers\GVCplDrv.sys 3S hamachi (Hamachi Network Interface) - C:\WINDOWS\system32\drivers\hamachi.sys 3S HidUsb (Sterownik Microsoft klasy HID) - C:\WINDOWS\system32\drivers\hidusb.sys 4R InCDfs (InCD File System) - C:\WINDOWS\system32\drivers\InCDfs.sys 1R InCDPass - C:\WINDOWS\system32\drivers\InCDPass.sys 1R incdrm (InCD Reader) - C:\WINDOWS\system32\drivers\InCDRm.sys 2R irda (Protokół IrDA) - C:\WINDOWS\system32\drivers\irda.sys 2R lirsgt - C:\WINDOWS\system32\drivers\lirsgt.sys 3S MA-620 (Mobile Action MA-620 USB Infrared Adapter) - C:\WINDOWS\system32\drivers\MA-620.sys 3S MSIRCOMM (Microsoft IR Communications Driver) - C:\WINDOWS\system32\drivers\MSIRCOMM.sys 3R NAVENG - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070326.020\NAVENG.SYS 3R NAVEX15 - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070326.020\NAVEX15.SYS 1R NPPTNT2 - C:\WINDOWS\system32\npptNT2.sys 3S NTProcDrv (Process creation detector for NT.) - D:\fgj\NtProcDrv.sys (not found) 3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys 0R nvata - C:\WINDOWS\system32\drivers\nvata.sys 3R NVENETFD (NVIDIA nForce Networking Controller Driver) - C:\WINDOWS\system32\drivers\NVENETFD.sys 3R nvnetbus (NVIDIA Network Bus Enumerator) - C:\WINDOWS\system32\drivers\nvnetbus.sys 1R oreans32 - C:\WINDOWS\system32\drivers\oreans32.sys 3R pcouffin (VSO Software pcouffin) - C:\WINDOWS\system32\drivers\pcouffin.sys 1R PQNTDrv - C:\WINDOWS\system32\drivers\PQNTDRV.sys 0R PxHelp20 - C:\WINDOWS\system32\drivers\PxHelp20.sys 3R Rasirda (WAN Miniport (IrDA)) - C:\WINDOWS\system32\drivers\rasirda.sys 1R SAVRT - C:\Program Files\Symantec AntiVirus\savrt.sys 1R SAVRTPEL - C:\Program Files\Symantec AntiVirus\Savrtpel.sys 3S SPBBCDrv - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 0R sptd - C:\WINDOWS\system32\drivers\sptd.sys 3S spuce1 - D:\Image\Gunz\spuce\spuce.sys (not found) 3R SymEvent - C:\Program Files\Symantec\SYMEVENT.SYS 3S SYMREDRV - C:\WINDOWS\system32\drivers\symredrv.sys 1R SYMTDI - C:\WINDOWS\system32\drivers\symtdi.sys 2R tandpl - C:\WINDOWS\system32\drivers\tandpl.sys 3R usbehci (Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft) - C:\WINDOWS\system32\drivers\usbehci.sys 3R usbohci (Sterownik Miniport otwartego kontrolera hosta USB Microsoft) - C:\WINDOWS\system32\drivers\usbohci.sys 3S USBSTOR (Sterownik magazynu masowego USB) - C:\WINDOWS\system32\drivers\USBSTOR.SYS 3S vaxscsi - C:\WINDOWS\system32\drivers\vaxscsi.sys 4S WS2IFSL (Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0) - C:\WINDOWS\system32\drivers\ws2ifsl.sys 3S XTrapD12 - C:\WINDOWS\system32\XTrapD12.sys (not found) – Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- 3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 2R Autodesk Licensing Service - “C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe” 2R ccEvtMgr (Symantec Event Manager) - “C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe” 3S ccPwdSvc (Symantec Password Validation) - “C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe” 2R ccSetMgr (Symantec Settings Manager) - “C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe” 3S clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 2R DefWatch (Symantec AntiVirus Definition Watcher) - “C:\Program Files\Symantec AntiVirus\DefWatch.exe” 3S IDriverT (InstallDriver Table Manager) - “C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe” 2R InCDsrv (InCD Helper) - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe 2R Irmon (Monitor podczerwieni) - C:\WINDOWS\system32\svchost.exe -k netsvcs 2R mi-raysat_3dsmax8 (RaySat_3dsmax8 Server) - “D:\Programy\3ds Max 8\mentalray\satellite\raysat_3dsmax8server.exe” 2R NVSvc (NVIDIA Display Driver Service) - C:\WINDOWS\system32\nvsvc32.exe 3S SavRoam - “C:\Program Files\Symantec AntiVirus\SavRoam.exe” 3S SNDSrvc (Symantec Network Drivers Service) - “C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe” 3S SPBBCSvc (Symantec SPBBCSvc) - “C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe” 2R Symantec AntiVirus - “C:\Program Files\Symantec AntiVirus\Rtvscan.exe” 2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe 3R usnjsvc (Usługa Messenger Sharing Folders USN Journal Reader) - “C:\Program Files\MSN Messenger\usnsvc.exe” 3S usprserv (User Privilege Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs – Files created between 2007-02-28 and 2007-03-28 ----------------------------- – Find3M Report --------------------------------------------------------------- 2007-03-28 13:40:14 458022 --a------ C:\WINDOWS\system32\perfh015.dat 2007-03-28 13:40:14 79408 --a------ C:\WINDOWS\system32\perfc015.dat 2007-03-28 13:37:12 0 d-------- C:\Documents and Settings\Paweł & Michał B\Dane aplikacji\Skype 2007-03-28 13:36:30 0 d-------- C:\Program Files\Symantec AntiVirus 2007-03-18 21:48:45 0 d–h----- C:\Program Files\InstallShield Installation Information 2007-03-18 18:11:05 0 d-------- C:\Documents and Settings\Paweł & Michał B\Dane aplikacji\Ahead 2007-03-17 17:05:20 0 d-------- C:\Documents and Settings\Paweł & Michał B\Dane aplikacji\Gearbox Software 2007-03-14 20:54:04 0 d-------- C:\Program Files\Common Files\Ahead 2007-03-14 20:48:39 0 d-------- C:\Program Files\Nero 2007-03-13 09:33:42 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-03-08 11:55:39 0 d-------- C:\Documents and Settings\Paweł & Michał B\Dane aplikacji\Macromedia 2007-03-07 19:56:13 0 d-------- C:\Documents and Settings\Paweł & Michał B\Dane aplikacji\fretsonfire 2007-03-03 16:02:13 0 d-------- C:\Program Files\MSN Messenger 2007-03-02 19:24:27 0 d-------- C:\Program Files\Java 2007-02-27 19:55:35 0 d—s---- C:\Documents and Settings\Paweł & Michał B\Dane aplikacji\Microsoft 2007-02-26 20:29:01 0 d-------- C:\Documents and Settings\Paweł & Michał B\Dane aplikacji\Hamachi 2007-02-26 19:56:54 0 d-------- C:\Program Files\K-Lite Codec Pack 2007-02-18 17:16:21 0 d-------- C:\Documents and Settings\Paweł & Michał B\Dane aplikacji\GetRightToGo 2007-02-15 10:42:45 0 d-------- C:\Documents and Settings\Paweł & Michał B\Dane aplikacji\InstallShield 2007-02-13 20:50:14 0 d-------- C:\Program Files\Przeglądarka migawek 2007-02-13 20:48:41 0 d-------- C:\Documents and Settings\Paweł & Michał B\Dane aplikacji\Microsoft Web Folders 2007-02-13 20:48:23 0 d-------- C:\Program Files\microsoft frontpage 2007-02-10 11:20:19 552 --a------ C:\WINDOWS\system32\d3d8caps.dat 2007-02-08 20:44:26 0 d-------- C:\Documents and Settings\Paweł & Michał B\Dane aplikacji\MegauploadToolbar 2007-02-04 20:16:32 0 d-------- C:\Program Files\Nexon 2007-02-04 14:50:38 0 d-------- C:\Program Files\Winamp 2007-02-01 21:02:59 0 d-------- C:\Program Files\MegauploadToolbar 2007-02-01 09:07:49 0 d-------- C:\Program Files\ReflexiveArcade 2007-02-01 04:17:06 915216 --a------ C:\WINDOWS\nmconew.dll 2007-01-25 00:19:16 112400 --a------ C:\WINDOWS\restrictdata.dll 2007-01-23 12:13:40 796672 --a----c- C:\WINDOWS\GPInstall.exe 2007-01-19 13:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll 2007-01-05 09:26:35 98304 --a------ C:\WINDOWS\system32CmdLineExt.dll 2007-01-04 22:34:52 8234 --a------ C:\clean.bat 2006-12-30 11:49:30 5120 --a------ C:\WINDOWS\system32\ff_vfw.dll 2006-12-29 19:23:08 62 --a----c- C:\WINDOWS\popcinfo.dat – Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” “MsnMsgr”="“C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background" “AQQ”=“D:\Programy\AQQ\AQQ.exe” “Komunikator”=“D:\Programy\Tlen\tlen.exe” “Skype”="“C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized" “EdHTML”=“D:\Programy\edHTML\EdHTML.exe /none” “LAN Messenger”="" “_LAN Messenger”=“D:\Programy\LAN Messenger\LANMsg.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “SoundMan”=“SOUNDMAN.EXE” “NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” “nwiz”=“nwiz.exe /install” “NvMediaCenter”=“RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” “ccApp”="“C:\Program Files\Common Files\Symantec Shared\ccApp.exe”" “vptray”=“C:\PROGRA~1\SYMANT~1\VPTray.exe” “FLMOFFICE4DMOUSE”=“C:\Program Files\Browser MOUSE\mouse32a.exe” “SunJavaUpdateSched”="“C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe”" “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” “FTP Server”=“D:\Programy\TYPSOF~1\ftpserv.exe” “RemoteControl”="“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”" “ISUSPM Startup”="“C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” -startup" “ISUSScheduler”="“C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start" “DAEMON Tools”="“C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033" “InCD”=“C:\Program Files\Nero\Nero 7\InCD\InCD.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “NoChange”=“1” “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_ERASERUTILDRVI1 – End of ComboScan: finished at 2007-03-28 at 18:30:42 ------------------------

Już nie ma tych objawów co wcześniej więc chyba już wszystko jest OK

adam9870 · 28 Marzec 2007 18:25

Ściągasz program KillBox, zaznaczasz Delete on reboot , w polu full path of file wklej ścieżkę:

C:\WINDOWS\GPInstall.exe

Klikasz X czerwony i restart kompa.