Nienawidze tych badziewi :( !!! HELP.....!
Cała przygoda z moim kompem znowu zatoczyła koło, wiec jestem tutaj z wami i prosze o pomoc moze sie to kiedys skonczy hapy endem ale nawet sobie nie daje nadziei bo one zawsze wracaja (Virusy:). OPIS PROBLEMU: Weszlem na stronke mi nieznana w celu znalezienia seriala do gry, i w tym momencie zaczeły sie kłopociki teraz sa juz kłopoty nie wiem co bedzie za jakis chwile wiec czas działa na moja niekorzysc:>. Wiec robal zaczaił na pulpicie w postaci ikonki na pasu z dopiskiem infekt ( small eng:) no i zanipokojony wlaczyłem wszytskie programuy, nie na raz lecz w kolejnosci ad–awere, poczym avasta skan, na koniec przelecialem SSD, no i wykrylo to i owo jednak pousunieciu wcale nie chcialy sie ze mna pozegnac te paskudztwa. Koncowy epizod jest taki ze ikona (infekt) dała sobie luz a strona startowa zmieniala sie nie do przerobienia przezemnie jeszcze kilka pomniejszych problemow ale poki co zamieszczam log bo po analizie calego fora na ten temat wiem ze to jedyne wyjscie.
Bardzo Prosze o pomoc ziomki i przyjaciele walczymy w tej samej druzynie czy nie??:D POzdrwiam !!
Logfile of HijackThis v1.99.1
Scan saved at 15:27:15, on 2006–01–23
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\SOUNDMAN.EXE
C:\windows\System32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\D–Tools\daemon.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\windows\System32\paytime.exe
C:\windows\smss.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\OpenOffice.ux.pl 2.0\program\soffice.exe
C:\Program Files\OpenOffice.ux.pl 2.0\program\soffice.BIN
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\System32\nvsvc32.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\System32\lxcccoms.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\windows\explorer.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Boss\USTAWI~1\Temp\Rar$EX12.7907\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: – {1E6CE4CD–161B–4847–B8BF–E2EF72299D69} – (no file)
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 – BHO: SSVHelper Class – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar2.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar2.dll
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [NVRTCLK] C:\WINDOWS\System32\NVRTCLK\NVRTClk.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 – HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 – HKLM\..\Run: [PayTime] C:\windows\System32\paytime.exe
O4 – HKLM\..\Run: [winsysupd] C:\windows\winsysupd.exe
O4 – HKLM\..\Run: [winsysban] C:\windows\winsysban.exe
O4 – HKLM\..\Run: [Microsoft Windows Session Manager Subsystem] C:\windows\smss.exe
O4 – HKLM\..\Run: [LXCCCATS] rundll32 C:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 – HKLM\..\Run: [Microsoft Windows Logon Process] C:\windows\winlogon.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [dlmMgr] "C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe" restart=1
O4 – HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 – Startup: OpenOffice.ux.pl 2.0.lnk = C:\Program Files\OpenOffice.ux.pl 2.0\program\quickstart.exe
O8 – Extra context menu item: &Google Search – res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 – Extra context menu item: &Translate English Word – res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 – Extra context menu item: Backward Links – res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 – Extra context menu item: Similar Pages – res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 – Extra context menu item: Translate Page into English – res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 – DPF: {0A5FD7C5–A45C–49FC–ADB5–9952547D5715} (Creative Software AutoUpdate) – http://creative.com/su/ocx/15015/CTSUEng.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136640661060
O16 – DPF: {6E32070A–766D–4EE6–879C–DC1FA91D2FC3} (MUWebControl Class) – http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136983488077
O16 – DPF: {83AFB5CA–ED35–11D4–A452–0080C8D85045} (GameDesire Poker Games) – http://67.15.101.3/g_bin/pl/poker_2_0_0_39.cab
O16 – DPF: {E55FD215–A32E–43FE–A777–A7E8F165F551} (Flatcast Viewer 4.15) – http://data.flatcast.com/NpFv415.dll
O16 – DPF: {ECEAD8AE–01D6–11D5–9A39–0080C8D85044} (GameDesire Slots 80th) – http://67.15.101.3/g_bin/pl/slots80_2_0_0_26.cab
O16 – DPF: {F6ACF75C–C32C–447B–9BEF–46B766368D29} (Creative Software AutoUpdate Support Package) – http://creative.com/su/ocx/15016/CTPID.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/pl/snooker_2_0_0_24.cab
O20 – Winlogon Notify: msctl32.dll – C:\windows\
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: lxcc_device – Lexmark International, Inc. – C:\WINDOWS\System32\lxcccoms.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\windows\System32\nvsvc32.exeBardzo Prosze o pomoc ziomki i przyjaciele walczymy w tej samej druzynie czy nie??:D POzdrwiam !!
Odpowiedzi: 7
A nie pomyślałeś, źeby zaktualizowac swojego XPka. Firewalle i antywiry to nie wszystko, a ty nawet nie masz service pack 1, nie wspominająć o 2 która wyszła jakies 2 lata temu. Moźe warto o tym pomyśleć. pozdro
OSTATECZNA WERSJA MOJEGO LOGA:
Logfile of HijackThis v1.99.1
Scan saved at 22:59:03, on 2006–01–23
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\windows\SOUNDMAN.EXE
C:\windows\System32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\D–Tools\daemon.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\Program Files\OpenOffice.ux.pl 2.0\program\soffice.exe
C:\Program Files\OpenOffice.ux.pl 2.0\program\soffice.BIN
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\System32\nvsvc32.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\lxcccoms.exe
E:\Champion\fm.exe
C:\DOCUME~1\Boss\USTAWI~1\Temp\~e5.0001
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Boss\USTAWI~1\Temp\Rar$EX00.343\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 – BHO: SSVHelper Class – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar2.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar2.dll
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [NVRTCLK] C:\WINDOWS\System32\NVRTCLK\NVRTClk.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 – HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 – HKLM\..\Run: [LXCCCATS] rundll32 C:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – Startup: OpenOffice.ux.pl 2.0.lnk = C:\Program Files\OpenOffice.ux.pl 2.0\program\quickstart.exe
O8 – Extra context menu item: &Google Search – res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 – Extra context menu item: &Translate English Word – res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 – Extra context menu item: Backward Links – res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 – Extra context menu item: Similar Pages – res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 – Extra context menu item: Translate Page into English – res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 – DPF: {0A5FD7C5–A45C–49FC–ADB5–9952547D5715} (Creative Software AutoUpdate) – http://creative.com/su/ocx/15015/CTSUEng.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136640661060
O16 – DPF: {6E32070A–766D–4EE6–879C–DC1FA91D2FC3} (MUWebControl Class) – http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136983488077
O16 – DPF: {83AFB5CA–ED35–11D4–A452–0080C8D85045} (GameDesire Poker Games) – http://67.15.101.3/g_bin/pl/poker_2_0_0_39.cab
O16 – DPF: {E55FD215–A32E–43FE–A777–A7E8F165F551} (Flatcast Viewer 4.15) – http://data.flatcast.com/NpFv415.dll
O16 – DPF: {ECEAD8AE–01D6–11D5–9A39–0080C8D85044} (GameDesire Slots 80th) – http://67.15.101.3/g_bin/pl/slots80_2_0_0_26.cab
O16 – DPF: {F6ACF75C–C32C–447B–9BEF–46B766368D29} (Creative Software AutoUpdate Support Package) – http://creative.com/su/ocx/15016/CTPID.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/pl/snooker_2_0_0_24.cab
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: lxcc_device – Lexmark International, Inc. – C:\WINDOWS\System32\lxcccoms.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\windows\System32\nvsvc32.exe
Nie wiem czy tak mozna jeden post pod drugim jak cos z góry przepraszam :) "Jeśli nie wyświadczyłeś nikomu nic za darmo, przyszłośc twoja widze marno..." yol :wink:
Logfile of HijackThis v1.99.1
Scan saved at 22:59:03, on 2006–01–23
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\windows\SOUNDMAN.EXE
C:\windows\System32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\D–Tools\daemon.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\Program Files\OpenOffice.ux.pl 2.0\program\soffice.exe
C:\Program Files\OpenOffice.ux.pl 2.0\program\soffice.BIN
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\System32\nvsvc32.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\lxcccoms.exe
E:\Champion\fm.exe
C:\DOCUME~1\Boss\USTAWI~1\Temp\~e5.0001
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Boss\USTAWI~1\Temp\Rar$EX00.343\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 – BHO: SSVHelper Class – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar2.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar2.dll
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [NVRTCLK] C:\WINDOWS\System32\NVRTCLK\NVRTClk.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 – HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 – HKLM\..\Run: [LXCCCATS] rundll32 C:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – Startup: OpenOffice.ux.pl 2.0.lnk = C:\Program Files\OpenOffice.ux.pl 2.0\program\quickstart.exe
O8 – Extra context menu item: &Google Search – res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 – Extra context menu item: &Translate English Word – res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 – Extra context menu item: Backward Links – res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 – Extra context menu item: Similar Pages – res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 – Extra context menu item: Translate Page into English – res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 – DPF: {0A5FD7C5–A45C–49FC–ADB5–9952547D5715} (Creative Software AutoUpdate) – http://creative.com/su/ocx/15015/CTSUEng.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136640661060
O16 – DPF: {6E32070A–766D–4EE6–879C–DC1FA91D2FC3} (MUWebControl Class) – http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136983488077
O16 – DPF: {83AFB5CA–ED35–11D4–A452–0080C8D85045} (GameDesire Poker Games) – http://67.15.101.3/g_bin/pl/poker_2_0_0_39.cab
O16 – DPF: {E55FD215–A32E–43FE–A777–A7E8F165F551} (Flatcast Viewer 4.15) – http://data.flatcast.com/NpFv415.dll
O16 – DPF: {ECEAD8AE–01D6–11D5–9A39–0080C8D85044} (GameDesire Slots 80th) – http://67.15.101.3/g_bin/pl/slots80_2_0_0_26.cab
O16 – DPF: {F6ACF75C–C32C–447B–9BEF–46B766368D29} (Creative Software AutoUpdate Support Package) – http://creative.com/su/ocx/15016/CTPID.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/pl/snooker_2_0_0_24.cab
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: lxcc_device – Lexmark International, Inc. – C:\WINDOWS\System32\lxcccoms.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\windows\System32\nvsvc32.exe
Nie wiem czy tak mozna jeden post pod drugim jak cos z góry przepraszam :) "Jeśli nie wyświadczyłeś nikomu nic za darmo, przyszłośc twoja widze marno..." yol :wink:
Kto by pomyslal ze mi sie uda :lol: nic z tych rzeczy to była głównie wasza zasługa za co bardzo dziekuje, postaram sie juz nie przysparzac kłopotow :oops: a tak od siebie dla innych amatorów nabywania nieporzadanych szkodników, moj program antyvirusowy AVAST to totalna porazka w ostatnim czasy nabawilem sie virow ktore w zaden sposob nie byly zabezpieczone przez tego "anty–virusa", a mialem jeszcze taki z nim problem choc to subiektywna ocena ze podczas instalacji Avasta z automatu nabawialem sie virusa dll przez co format był powtarzany 5 razy, nie wiem czy to była wyłacznie wina Avasta czy tez moja zasŁUa. Ogolnie nie polecam tego programu, choc teraz mam dylemat co w takim razie zabezpieczy mnie (???) przed całym złem naszego "najleprzego" przyjaciela internetu :wink: JESZCZE RAZ BARDZO DZIEKUJE ZA POMOC !!! PS nigdy wam tego nie zapomne, pewnie jeszcze nie raz sie spotkamy obym nastepnym razem to ja był Wam pomocny 8) POZDRAWIAM
Jeszcze
Natomist:
Rownieź do ubicia, systemowy smss siedzi w system32.
O4 – HKLM\..\Run: [PayTime] C:\windows\System32\paytime.exe
O20 – Winlogon Notify: msctl32.dll – C:\windows\
Natomist:
O4 – HKLM\..\Run: [Microsoft Windows Session Manager Subsystem] C:\windows\smss.exe
Rownieź do ubicia, systemowy smss siedzi w system32.
sprawdz to
usun to
C:\windows\smss.exe
usun to
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
O4 – HKLM\..\Run: [Microsoft Windows Logon Process] C:\windows\winlogon.exe
Po zastosowaniu wskazowek co do usuniecia robali o nazwie podanej przez gierasa nastapila poprawa ale niestety tylko w tym wzgledzie ze teraz nie wykrywa wirusow ad–avare i to jedyna poprawa... :cry:
Logfile of HijackThis v1.99.1
Scan saved at 20:16:32, on 2006–01–23
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\windows\SOUNDMAN.EXE
C:\windows\System32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\D–Tools\daemon.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\windows\System32\paytime.exe
C:\windows\smss.exe
C:\Program Files\OpenOffice.ux.pl 2.0\program\soffice.exe
C:\Program Files\OpenOffice.ux.pl 2.0\program\soffice.BIN
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\System32\nvsvc32.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\lxcccoms.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Boss\USTAWI~1\Temp\Rar$EX00.641\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 – BHO: SSVHelper Class – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar2.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar2.dll
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [NVRTCLK] C:\WINDOWS\System32\NVRTCLK\NVRTClk.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 – HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 – HKLM\..\Run: [PayTime] C:\windows\System32\paytime.exe
O4 – HKLM\..\Run: [Microsoft Windows Session Manager Subsystem] C:\windows\smss.exe
O4 – HKLM\..\Run: [LXCCCATS] rundll32 C:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 – HKLM\..\Run: [Microsoft Windows Logon Process] C:\windows\winlogon.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – Startup: OpenOffice.ux.pl 2.0.lnk = C:\Program Files\OpenOffice.ux.pl 2.0\program\quickstart.exe
O8 – Extra context menu item: &Google Search – res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 – Extra context menu item: &Translate English Word – res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 – Extra context menu item: Backward Links – res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 – Extra context menu item: Similar Pages – res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 – Extra context menu item: Translate Page into English – res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 – DPF: {0A5FD7C5–A45C–49FC–ADB5–9952547D5715} (Creative Software AutoUpdate) – http://creative.com/su/ocx/15015/CTSUEng.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136640661060
O16 – DPF: {6E32070A–766D–4EE6–879C–DC1FA91D2FC3} (MUWebControl Class) – http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136983488077
O16 – DPF: {83AFB5CA–ED35–11D4–A452–0080C8D85045} (GameDesire Poker Games) – http://67.15.101.3/g_bin/pl/poker_2_0_0_39.cab
O16 – DPF: {E55FD215–A32E–43FE–A777–A7E8F165F551} (Flatcast Viewer 4.15) – http://data.flatcast.com/NpFv415.dll
O16 – DPF: {ECEAD8AE–01D6–11D5–9A39–0080C8D85044} (GameDesire Slots 80th) – http://67.15.101.3/g_bin/pl/slots80_2_0_0_26.cab
O16 – DPF: {F6ACF75C–C32C–447B–9BEF–46B766368D29} (Creative Software AutoUpdate Support Package) – http://creative.com/su/ocx/15016/CTPID.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/pl/snooker_2_0_0_24.cab
O20 – Winlogon Notify: msctl32.dll – C:\windows\
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: lxcc_device – Lexmark International, Inc. – C:\WINDOWS\System32\lxcccoms.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\windows\System32\nvsvc32.exe
moze cos jeszcze da sie z tym zrobic ?? Bede wdzieczny za pomoc :)
Logfile of HijackThis v1.99.1
Scan saved at 20:16:32, on 2006–01–23
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\windows\SOUNDMAN.EXE
C:\windows\System32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\D–Tools\daemon.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\windows\System32\paytime.exe
C:\windows\smss.exe
C:\Program Files\OpenOffice.ux.pl 2.0\program\soffice.exe
C:\Program Files\OpenOffice.ux.pl 2.0\program\soffice.BIN
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\System32\nvsvc32.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\lxcccoms.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Boss\USTAWI~1\Temp\Rar$EX00.641\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 – BHO: SSVHelper Class – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar2.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar2.dll
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [NVRTCLK] C:\WINDOWS\System32\NVRTCLK\NVRTClk.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 – HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 – HKLM\..\Run: [PayTime] C:\windows\System32\paytime.exe
O4 – HKLM\..\Run: [Microsoft Windows Session Manager Subsystem] C:\windows\smss.exe
O4 – HKLM\..\Run: [LXCCCATS] rundll32 C:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 – HKLM\..\Run: [Microsoft Windows Logon Process] C:\windows\winlogon.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – Startup: OpenOffice.ux.pl 2.0.lnk = C:\Program Files\OpenOffice.ux.pl 2.0\program\quickstart.exe
O8 – Extra context menu item: &Google Search – res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 – Extra context menu item: &Translate English Word – res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 – Extra context menu item: Backward Links – res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 – Extra context menu item: Similar Pages – res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 – Extra context menu item: Translate Page into English – res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 – DPF: {0A5FD7C5–A45C–49FC–ADB5–9952547D5715} (Creative Software AutoUpdate) – http://creative.com/su/ocx/15015/CTSUEng.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136640661060
O16 – DPF: {6E32070A–766D–4EE6–879C–DC1FA91D2FC3} (MUWebControl Class) – http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136983488077
O16 – DPF: {83AFB5CA–ED35–11D4–A452–0080C8D85045} (GameDesire Poker Games) – http://67.15.101.3/g_bin/pl/poker_2_0_0_39.cab
O16 – DPF: {E55FD215–A32E–43FE–A777–A7E8F165F551} (Flatcast Viewer 4.15) – http://data.flatcast.com/NpFv415.dll
O16 – DPF: {ECEAD8AE–01D6–11D5–9A39–0080C8D85044} (GameDesire Slots 80th) – http://67.15.101.3/g_bin/pl/slots80_2_0_0_26.cab
O16 – DPF: {F6ACF75C–C32C–447B–9BEF–46B766368D29} (Creative Software AutoUpdate Support Package) – http://creative.com/su/ocx/15016/CTPID.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/pl/snooker_2_0_0_24.cab
O20 – Winlogon Notify: msctl32.dll – C:\windows\
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: lxcc_device – Lexmark International, Inc. – C:\WINDOWS\System32\lxcccoms.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\windows\System32\nvsvc32.exe
moze cos jeszcze da sie z tym zrobic ?? Bede wdzieczny za pomoc :)
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
O2 – BHO: – {1E6CE4CD–161B–4847–B8BF–E2EF72299D69} – (no file)
O4 – HKLM\..\Run: [winsysupd] C:\windows\winsysupd.exe
O4 – HKLM\..\Run: [winsysban] C:\windows\winsysban.exe
O4 – HKLM\..\Run: [Microsoft Windows Logon Process] C:\windows\winlogon.exe
O4 – HKCU\..\Run: [dlmMgr] "C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe" restart=1
O4 – HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
Strona 1 / 1