prosze o sprawdzenie loga

**Posty:** 118 · przez **Pele** 01 Paź 2006, 13:51

mam problem co chwila pojawia mi sie usługa posłaniec z komunikatem
a brzmi on tak: Komunikat od System Alert wysłany

Registry Cleaner Recommended

TO fix system errors please do the following:
1.Download and Install Registry Cleaner from:http://www.msreg.com
2.Run Registry Cleaner
3.Reebot your computer

Failure to scan and repair system errors may result in system malfunction

i to co chwila wyskakuje daje logi do sprawdzenia bo niewiem czy jakiegos smiecia niemam w systemie prosze o pomoc
Kod:

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 13:03:17, on 2006-10-01 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ArcaMicroScanPro\avmon.exe C:\WINDOWS\System32\RunDll32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\System32\mysvcc.exe C:\WINDOWS\System32\svcchost.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\ivo\UniSpiker-2.6\uni_spiker-2.6.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Neostrada TP\NeostradaTP.exe C:\Program Files\Neostrada TP\ComComp.exe C:\Program Files\Neostrada TP\Watch.exe C:\Program Files\Real\RealOne Player\RealPlay.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Sułek\Pulpit\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\Downloaded Program Files\CONFLICT.3\googlenav.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe O4 - HKLM\..\Run: [msvcc25] svcchost.exe O4 - HKLM\..\Run: [ArcaMicroScanPro] "C:\Program Files\ArcaMicroScanPro\arcamicroscanpro.exe" /startup O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - Startup: UniSpiker-2.6.lnk = ? O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\Downloaded Program Files\CONFLICT.3\googlenav.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\Downloaded Program Files\CONFLICT.3\googlenav.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\Downloaded Program Files\CONFLICT.3\googlenav.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\Downloaded Program Files\CONFLICT.3\googlenav.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/wlscbase969.cab O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar1.google.com/data/pl/big/1.1.62-big/GoogleNav.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{38DAEFED-BE8F-45F0-96A3-28141429E5EE}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: ArcaVir Antivirus Monitor Service (ArcaVirMonitor) - ArcaBit - C:\Program Files\ArcaMicroScanPro\avmon.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

przez **Tom@szek** 01 Paź 2006, 13:52

Start do trybu awaryjnego po wyłączeniu przywracania systemu.
Usuwasz wpisy w hijackthis a pogrubione pliki ręcznie z dysku.

C:\WINDOWS\System32\mysvcc.exe
C:\WINDOWS\System32\svcchost.exe
O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe
O4 - HKLM\..\Run: [msvcc25] svcchost.exe
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe

Log po czynnościach do kontroli.

**Posty:** 118 · przez **Pele** 01 Paź 2006, 15:30

jak sie w hijacku te błędne logi usuwa na kturej funkcji bo pierwszy raz to robie a recznie chce usunąc z dysku te wpisy svcchost.exe mysvcc.exe to niemoze znalezc ich wogulle wyszukiwarka

przez **Tom@szek** 01 Paź 2006, 16:22

Wystarczy poczytać ten topic:

http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html

Pele napisał(a):jak sie w hijacku te błędne logi usuwa na kturej funkcji bo pierwszy raz to robie

Zaznaczasz V to co podałem wyżej i klikasz Fix Checked.

Pele napisał(a):recznie chce usunąc z dysku te wpisy svcchost.exe mysvcc.exe to niemoze znalezc ich wogulle wyszukiwarka

Mój komputer -> widok -> opcje folderów -> widok -> zaznacz pokaż wszystkie pliki.

**Posty:** 118 · przez **Pele** 01 Paź 2006, 17:55

daje jeszcze raz log do kontroli jak wszystko wporządku czy jeszcze cos niegra?

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 17:30:57, on 2006-10-01 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Prevx1\PXAgent.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Prevx1\PXConsole.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\ivo\UniSpiker-2.6\uni_spiker-2.6.exe C:\Program Files\Neostrada TP\NeostradaTP.exe C:\Program Files\Neostrada TP\ComComp.exe C:\Program Files\Neostrada TP\Watch.exe C:\Documents and Settings\Sułek\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dane aplikacji\Prevx\pxbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\Downloaded Program Files\CONFLICT.3\googlenav.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe O4 - Startup: UniSpiker-2.6.lnk = ? O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\Downloaded Program Files\CONFLICT.3\googlenav.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\Downloaded Program Files\CONFLICT.3\googlenav.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\Downloaded Program Files\CONFLICT.3\googlenav.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\Downloaded Program Files\CONFLICT.3\googlenav.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/wlscbase969.cab O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar1.google.com/data/pl/big/1.1.62-big/GoogleNav.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{38DAEFED-BE8F-45F0-96A3-28141429E5EE}: NameServer = 194.204.152.34 217.98.63.164 O20 - Winlogon Notify: SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing) O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

**Posty:** 566 · przez **Bieniol** 01 Paź 2006, 18:07

Czysto

Proponuję zainstalować SP2

Wrzuć jeszcze log z Silent Runners (prawy przycisk myszy --> zapisz element docelowy jako --> włączasz --> klikasz NO --> czekasz, aż się pojawi że log jest skończony

przez **Tom@szek** 01 Paź 2006, 18:11

Używasz IE więc
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Wizyta na www.windowsupdate.com i aktualizacja IE.

Zafix-uj jeszcze ten wpis. Reszta OK.

O4 - Startup: UniSpiker-2.6.lnk = ?

Napisz czy jeszcze pokazuje sie ten problem.

**Posty:** 118 · przez **Pele** 01 Paź 2006, 19:49

jest oki tylko tego syfa niemoge usunąc i wyszukiwarka go wogle sytemowa tez niewidzi C:\WINDOWS\System32\mysvcc.exe i tego posłanca to wyłączyc trzeba chyba
[/quote]

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\WINDOWS\System32\mysvcc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Sułek\Pulpit\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dane aplikacji\Prevx\pxbho.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\Downloaded Program Files\CONFLICT.3\googlenav.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\Downloaded Program Files\CONFLICT.3\googlenav.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\Downloaded Program Files\CONFLICT.3\googlenav.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\Downloaded Program Files\CONFLICT.3\googlenav.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\Downloaded Program Files\CONFLICT.3\googlenav.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/wlscbase969.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar1.google.com/data/pl/big/1.1.62-big/GoogleNav.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{38DAEFED-BE8F-45F0-96A3-28141429E5EE}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

przez **Tom@szek** 01 Paź 2006, 19:56

Ściągnij killbox-a http://www.bleepingcomputer.com/files/spyware/KillBox.zip i wklej tą ścieżkę

Kod: Zaznacz wszystko: C:\WINDOWS\System32\mysvcc.exe

i usuń ten plik.
Jeśli posłaniec jest włączony - wyłącz go.

**Posty:** 118 · przez **Pele** 01 Paź 2006, 20:08

ok chyba juz ponin usunołem go kilboxem posłanca wyłączyłem jeszcze w razie czego loga daje
[/code]
Logfile of HijackThis v1.99.1
Scan saved at 19:49:28, on 2006-10-01
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sułek\Pulpit\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dane aplikacji\Prevx\pxbho.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\Downloaded Program Files\CONFLICT.3\googlenav.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\Downloaded Program Files\CONFLICT.3\googlenav.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\Downloaded Program Files\CONFLICT.3\googlenav.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\Downloaded Program Files\CONFLICT.3\googlenav.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\Downloaded Program Files\CONFLICT.3\googlenav.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/wlscbase969.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar1.google.com/data/pl/big/1.1.62-big/GoogleNav.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{38DAEFED-BE8F-45F0-96A3-28141429E5EE}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

**Posty:** 18165 · przez **wojtas** 01 Paź 2006, 21:05

popraw loga a tagi

**Posty:** 118 · przez **Pele** 02 Paź 2006, 11:23

usunołem pliki kilboxem C:\WINDOWS\System32\svcchost.exe i C:\WINDOWS\System32\mysvcc.exe a one przy ponownym podłączeniu do neta sie odnawiają spowrotem co jest grane ?

**Posty:** 8694 · przez **Red** 02 Paź 2006, 11:28

daj logi do kontroli

oprocz hijacka dołącz jeszcze jeden log:

otwierasz link>>> http://www.silentrunners.org/Silent%20Runners.vbs >>zapisujesz jako na pulpicie>>klikasz dwa razy >>masz wybor i wybierasz no>>i czekasz troszke az wygeneruje sie cały log do konca
wrzucasz na forum

**Posty:** 118 · przez **Pele** 02 Paź 2006, 12:06

prubuje zrobic loga z sillent runners to znowu mam takie okienko z błędem: Can't iterate win32 operating sytem
"Silent Runners" cannot use WMI to identify the operating system.
This is caused by corruption of the WMI installation.
WMI is complex and it is recommended that you use a Microsoft
tool, "WMIDiag.vbs,"to diagnose WMI on your system.
Press "OK" to direct your browser to the WMIDiag download site or
"Cancel" to quit.[/quote][/list]

**Posty:** 8694 · przez **Red** 02 Paź 2006, 12:17

to wejdz w ten link i zainstaluj

**Posty:** 118 · przez **Pele** 02 Paź 2006, 12:40

zainstalowałem nie działa:
WMI Diag.1.10 information Error

**Posty:** 8694 · przez **Red** 02 Paź 2006, 12:52

no to log z :
http://download.bleepingcomputer.com/sUBs/combofix.exe

Sciagnij programik ,kliknij dwa razy na niego ,wybierz "Y" i enter.Czekasz na działanie i loga ktory sie wygeneruje,wklejasz go tu na forum do sprawdzenia ...

**Posty:** 118 · przez **Pele** 02 Paź 2006, 13:06

wkurza mnie ze te pliki zawsze musze usuwac po wejciu na net bo sie odradzają spowrotem:C:\WINDOWS\System32\mysvcc.exe
C:\WINDOWS\System32\svcchost.exe
O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe
O4 - HKLM\..\Run: [msvcc25] svcchost.exe
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe
teraz są usunięte kil boxem ale jak znowu wejde na net to sie pewnie odrodzą.
daje log
[/code]
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Suek\Pulpit"

((((((((((((((((((((((((((((((( Files Created from 2006-09-02 to 2006-10-02 ))))))))))))))))))))))))))))))))))

2006-10-01 16:43 11,648 --a------ C:\WINDOWS\system32\drivers\pxscrmbl.sys
2006-10-01 09:27 0 --a------ C:\WINDOWS\system32\directxclick.exe
2006-09-30 15:14 194,133 --a------ C:\WINDOWS\patcher.exe
2006-09-30 14:53 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2006-09-30 14:43 89,984 --a------ C:\WINDOWS\system32\drivers\sptd1981.sys
2006-09-30 14:43 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-09-30 14:06 46,592 --a------ C:\WINDOWS\system32\dxdllreg.exe
2006-09-28 12:50 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-09-21 13:28 545 --a------ C:\WINDOWS\UC.PIF
2006-09-21 13:28 545 --a------ C:\WINDOWS\RAR.PIF
2006-09-21 13:28 545 --a------ C:\WINDOWS\PKZIP.PIF
2006-09-21 13:28 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2006-09-21 13:28 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2006-09-21 13:28 545 --a------ C:\WINDOWS\LHA.PIF
2006-09-21 13:28 545 --a------ C:\WINDOWS\ARJ.PIF
2006-09-14 14:43 95,744 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-09-14 14:43 198,656 --a------ C:\WINDOWS\system32\termsrv.dll
2006-09-14 14:43 113,664 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-09-14 14:36 18,688 --a------ C:\WINDOWS\system32\drivers\irsir.sys
2006-09-14 14:35 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2006-09-14 14:32 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-09-14 14:32 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-09-09 20:14 162,304 --a------ C:\UNWISE.EXE
2006-09-05 19:28 50,688 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-09-05 19:28 45,952 --a------ C:\WINDOWS\system32\drivers\61883.sys
2006-09-05 19:28 35,584 --a------ C:\WINDOWS\system32\drivers\avc.sys
2006-09-03 12:10 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
2006-09-03 12:10 254,976 --a------ C:\WINDOWS\system32\mstask.dll
2006-09-03 12:10 160,256 --a------ C:\WINDOWS\system32\schedsvc.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-10-02 12:39 -------- d-------- C:\Program Files\Neostrada TP
2006-10-02 11:32 -------- d-------- C:\Program Files\XnView
2006-10-01 20:53 -------- d---s---- C:\Documents and Settings\Sulek\Dane aplikacji\Microsoft
2006-10-01 16:09 -------- d-------- C:\Documents and Settings\Sulek\Dane aplikacji\SuperAdBlocker.com
2006-10-01 16:08 -------- d-------- C:\Program Files\Common Files
2006-10-01 12:13 -------- d-------- C:\Program Files\eMule
2006-10-01 11:17 -------- d-------- C:\Documents and Settings\Sulek\Dane aplikacji\ArcaBit
2006-10-01 10:39 -------- d-------- C:\Program Files\DAEMON Tools
2006-10-01 09:53 -------- d-------- C:\Program Files\Registry Repair
2006-10-01 09:41 -------- d-------- C:\Documents and Settings\Sulek\Dane aplikacji\GlarySoft
2006-09-30 18:15 -------- d-------- C:\Program Files\Registry Clean Expert
2006-09-30 16:14 -------- d-------- C:\Program Files\Windows Live Safety Center
2006-09-30 14:10 -------- d-------- C:\Program Files\EA SPORTS
2006-09-29 12:38 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-29 12:37 -------- d-------- C:\Program Files\PowerQuest
2006-09-28 20:14 -------- d-------- C:\Program Files\ivo
2006-09-28 20:12 -------- d-------- C:\Program Files\MarBit
2006-09-28 16:18 -------- d-------- C:\Program Files\DOSBox-0.63
2006-09-27 18:21 -------- d-------- C:\Documents and Settings\Sulek\Dane aplikacji\Help
2006-09-25 19:29 299 --a------ C:\Documents and Settings\Sulek\Dane aplikacji\internaldb1942.dat
2006-09-25 19:25 48 --a------ C:\Documents and Settings\Sulek\Dane aplikacji\internaldb41.dat
2006-09-25 19:25 23 --a------ C:\Documents and Settings\Sulek\Dane aplikacji\inifile41.ini
2006-09-25 17:45 666240 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-09-25 17:40 87424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2006-09-25 17:40 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2006-09-25 17:39 36176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2006-09-25 17:39 16352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2006-09-25 17:37 24560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2006-09-20 19:46 -------- d-------- C:\Program Files\WinUAE
2006-09-15 12:42 -------- d-------- C:\Program Files\NASA
2006-09-14 20:43 -------- d-------- C:\Documents and Settings\Sulek\Dane aplikacji\Google
2006-09-14 20:42 -------- d-------- C:\Program Files\Google
2006-09-14 14:51 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-14 14:46 -------- d-------- C:\Program Files\Windows Media Player
2006-09-14 14:43 -------- d-------- C:\Program Files\Messenger
2006-09-13 17:30 361 --a------ C:\Documents and Settings\Sulek\Dane aplikacji\AutoGK.ini
2006-09-13 14:54 -------- d-------- C:\Program Files\Rockstar Games
2006-09-12 13:38 -------- d-------- C:\Documents and Settings\Sulek\Dane aplikacji\Media Player Classic
2006-09-09 19:15 -------- d-------- C:\Program Files\MyGlobalSearch
2006-09-08 15:18 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-07 21:00 -------- d-------- C:\Program Files\MAME32k
2006-09-03 14:55 -------- d--h----- C:\Program Files\Uninstall Information
2006-09-03 14:55 -------- d-------- C:\Program Files\Internet Explorer
2006-09-03 14:55 -------- d-------- C:\Program Files\Common Files\System
2006-09-03 14:46 -------- d-------- C:\Program Files\Outlook Express
2006-09-03 14:46 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-02 22:49 -------- d-------- C:\Program Files\Lavasoft
2006-09-02 22:49 -------- d-------- C:\Documents and Settings\Sulek\Dane aplikacji\Lavasoft
2006-09-02 15:33 -------- d-------- C:\Documents and Settings\Sulek\Dane aplikacji\Sun
2006-09-02 15:22 -------- d-------- C:\Program Files\Java
2006-09-02 15:17 -------- d-------- C:\Program Files\Common Files\Java
2006-09-01 13:51 -------- d-------- C:\Documents and Settings\Sulek\Dane aplikacji\Macromedia
2006-09-01 12:02 -------- d-------- C:\Documents and Settings\Sulek\Dane aplikacji\Windows Live Safety Center
2006-09-01 11:01 -------- d-------- C:\Program Files\NetMeeting
2006-09-01 10:49 0 --a------ C:\WINDOWS\system32\eraseme_12133.exe
2006-08-31 17:02 -------- d-------- C:\Documents and Settings\Sulek\Dane aplikacji\XnView
2006-08-30 20:13 -------- d-------- C:\Program Files\Alcohol Soft
2006-08-30 19:27 -------- d-------- C:\Program Files\Pinnacle
2006-08-30 17:35 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-08-29 21:50 -------- d-------- C:\Program Files\DkZ Studio
2006-08-29 21:46 737280 --a------ C:\WINDOWS\iun6002.exe
2006-08-29 21:18 -------- d-------- C:\Program Files\KONAMI
2006-08-29 20:37 -------- d-------- C:\Documents and Settings\Sulek\Dane aplikacji\Real
2006-08-29 20:36 -------- d-------- C:\Program Files\Real
2006-08-29 20:36 -------- d-------- C:\Program Files\Common Files\xing shared
2006-08-29 20:36 -------- d-------- C:\Program Files\Common Files\Real
2006-08-29 20:36 -------- d-------- C:\Program Files\aod
2006-08-29 20:31 -------- d-------- C:\Program Files\BitComet
2006-08-29 19:56 -------- d-------- C:\Program Files\WinRAR
2006-08-29 19:23 -------- d-------- C:\Documents and Settings\Sulek\Dane aplikacji\Mozilla
2006-08-29 19:21 -------- d-------- C:\Program Files\K-Lite Codec Pack
2006-08-29 19:17 43668 --a------ C:\WINDOWS\system32\xvid-uninstall.exe
2006-08-29 19:17 -------- d-------- C:\Program Files\AviSynth 2.5
2006-08-29 19:17 -------- d-------- C:\Program Files\AutoGK
2006-08-29 19:16 -------- d-------- C:\Program Files\Gabest
2006-08-29 19:16 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-08-29 19:16 -------- d-------- C:\Program Files\Common Files\ODBC
2006-08-29 19:15 62 --ahs---- C:\Documents and Settings\Sulek\Dane aplikacji\desktop.ini
2006-08-29 18:59 -------- d-------- C:\Program Files\Gadu-Gadu
2006-08-29 18:50 -------- d-------- C:\Program Files\SAGEM
2006-08-29 18:39 -------- d-------- C:\Program Files\Alwil Software
2006-08-29 18:37 -------- d-------- C:\Program Files\C-Media 3D Audio
2006-08-29 18:31 -------- d-------- C:\Documents and Settings\Sulek\Dane aplikacji\Identities
2006-08-29 18:27 0 -rahs---- C:\MSDOS.SYS
2006-08-29 18:27 0 -rahs---- C:\IO.SYS
2006-08-29 18:27 0 --a------ C:\CONFIG.SYS
2006-08-29 18:27 0 --a------ C:\AUTOEXEC.BAT
2006-08-29 18:27 -------- d-------- C:\Program Files\xerox
2006-08-29 18:27 -------- d-------- C:\Program Files\microsoft frontpage
2006-08-29 18:25 -------- d-------- C:\Program Files\Movie Maker
2006-08-29 18:24 -------- d-------- C:\Program Files\Common Files\Services
2006-08-29 18:24 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-08-29 18:23 -------- d-------- C:\Program Files\Windows NT
2006-08-29 18:23 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-08-29 18:23 -------- d-------- C:\Program Files\MSN
2006-08-29 18:23 -------- d-------- C:\Program Files\ComPlus Applications
2006-07-18 14:41 1019094 -rahs---- C:\Program Files\serial.zip
2006-07-18 14:41 1019094 -rahs---- C:\Program Files\serial.tde

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"Gadu-Gadu"="\"C:\\Program Files\\Gadu-Gadu\\gg.exe\" /tray"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"WooCnxMon"="C:\\PROGRA~1\\NEOSTR~1\\CnxMon.exe"
"WOOWATCH"="C:\\PROGRA~1\\NEOSTR~1\\Watch.exe"
"WOOTASKBARICON"="C:\\PROGRA~1\\NEOSTR~1\\TaskbarIcon.exe"
"TkBellExe"="C:\\Program Files\\Common Files\\Real\\Update_OB\\evntsvc.exe -osboot"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"PinnacleDriverCheck"="C:\\WINDOWS\\System32\\PSDrvCheck.exe -CheckReg"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"PrevxOne"="\"C:\\Program Files\\Prevx1\\PXConsole.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Moja bieżąca strona główna"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:95,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At3.job

Completion time: 2006-10-02 12:41:53.63
ComboFix.txt

**Posty:** 8694 · przez **Red** 02 Paź 2006, 13:21

C:\WINDOWS\system32\directxclick.exe

usun jeszcze to hijackiem i sprawdz czy wpisy nie wracają...

**Posty:** 118 · przez **Pele** 02 Paź 2006, 14:09

usunołem kilboxem ten wpis i jeszcze raz loga wrzuce do kontroli

prosze o sprawdzenie loga

prosze o sprawdzenie loga

Kto jest na forum