jeszcze jeden problem z adir.dll

**Posty:** 47 · przez **bialy7** 04 Gru 2006, 19:06

Mam problem z adir.dll i podobnie jak w poscie który jest juz na forum, avast wykrywa mi go przy wlaczaniu kompa razem z jakims innym trojanem, ale nie da rady ich usunac bo zawsze jest to samo. A do tego w trayu cały czas jest jakis czerwony X przypominajacy ze mam zainfekowany komputer. Nie wiem czy powinienem zrobic to samo co jest w poprzednim poscie o adir.dll, czy moze inaczej. Prosze o pomoc bo mi net zaczal zamulac razem z kompem. Z gory dzieki

przez **Tom@szek** 04 Gru 2006, 19:09

Wklej log z hijackthis.

Autor postu otrzymał pochwałę

**Posty:** 47 · przez **bialy7** 04 Gru 2006, 19:13

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 16:21:34, on 2006-12-04 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\acs.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\UAService7.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TP-LINK\TWCU\TWCU.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\nvraidservice.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\ymssmsgs.exe C:\WINDOWS\System32\mssecure.exe C:\Program Files\PWN\Definicje\Bin\Starter.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\WINDOWS\System32\svcchost.exe C:\WINDOWS\System32\testtestt.exe C:\WINDOWS\System32\spoolsvv.exe C:\WINDOWS\System32\inet.exe C:\WINDOWS\System32\nordsys.exe C:\WINDOWS\system32\winsrcv.exe C:\WINDOWS\system32\lmdm.exe C:\Program Files\Messenger\msmsgs.exe c:\exe.exe C:\WINDOWS\system32\mnewwinc4.exe C:\WINDOWS\system32\mnewwinc1.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\lssrvc.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\Windows\xpupdate.exe C:\WINDOWS\System32\taskdir.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Kalendarz XP\Kalendarz.exe C:\WINDOWS\System32\wbem\unsecapp.exe C:\Program Files\ivo\UniSpiker-2.6\uni_spiker-2.6.exe C:\Documents and Settings\Michał\V317J63.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\se.exe.exe F:\hijackthis\HijackThis.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE

przez **Tom@szek** 04 Gru 2006, 19:15

Może tak wstawiłbyś całego log-a.

**Posty:** 47 · przez **bialy7** 04 Gru 2006, 19:23

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 16:21:34, on 2006-12-04 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\acs.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\UAService7.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TP-LINK\TWCU\TWCU.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\nvraidservice.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\ymssmsgs.exe C:\WINDOWS\System32\mssecure.exe C:\Program Files\PWN\Definicje\Bin\Starter.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\WINDOWS\System32\svcchost.exe C:\WINDOWS\System32\testtestt.exe C:\WINDOWS\System32\spoolsvv.exe C:\WINDOWS\System32\inet.exe C:\WINDOWS\System32\nordsys.exe C:\WINDOWS\system32\winsrcv.exe C:\WINDOWS\system32\lmdm.exe C:\Program Files\Messenger\msmsgs.exe c:\exe.exe C:\WINDOWS\system32\mnewwinc4.exe C:\WINDOWS\system32\mnewwinc1.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\lssrvc.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\Windows\xpupdate.exe C:\WINDOWS\System32\taskdir.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Kalendarz XP\Kalendarz.exe C:\WINDOWS\System32\wbem\unsecapp.exe C:\Program Files\ivo\UniSpiker-2.6\uni_spiker-2.6.exe C:\Documents and Settings\Michał\V317J63.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\se.exe.exe F:\hijackthis\HijackThis.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE

[ Dodano: Dzisiaj o 18:02 ]
czy ten jest dobry?

przez **Tom@szek** 04 Gru 2006, 19:27

Nie - popatrz jak wyglądaja logi innych userów.

**Posty:** 47 · przez **bialy7** 04 Gru 2006, 19:44

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 17:23:56, on 2006-12-04 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\acs.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\UAService7.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TP-LINK\TWCU\TWCU.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\nvraidservice.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\ymssmsgs.exe C:\WINDOWS\System32\mssecure.exe C:\Program Files\PWN\Definicje\Bin\Starter.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\WINDOWS\System32\svcchost.exe C:\WINDOWS\System32\testtestt.exe C:\WINDOWS\System32\spoolsvv.exe C:\WINDOWS\System32\inet.exe C:\WINDOWS\System32\nordsys.exe C:\WINDOWS\system32\winsrcv.exe C:\WINDOWS\system32\lmdm.exe C:\Program Files\Messenger\msmsgs.exe c:\exe.exe C:\WINDOWS\system32\mnewwinc4.exe C:\WINDOWS\system32\mnewwinc1.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\lssrvc.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\Windows\xpupdate.exe C:\WINDOWS\System32\taskdir.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Kalendarz XP\Kalendarz.exe C:\WINDOWS\System32\wbem\unsecapp.exe C:\Program Files\ivo\UniSpiker-2.6\uni_spiker-2.6.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE F:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Mario Forever Toolbar Helper - {8036D4D7-AAD3-4793-AB49-329E437155A8} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll (file missing) O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1045 O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [YhooUapdates] C:\WINDOWS\system32\ymssmsgs.exe O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe O4 - HKLM\..\Run: [secures23] mssecure.exe O4 - HKLM\..\Run: [ScheduleSync.Siemens.SmartSync.5.2.exe] "C:\Program Files\Mobile Phone Manager\SmartSync\ScheduleSync.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Microsoft Directxsp] directxbt.exe O4 - HKLM\..\Run: [DemonStarter] "C:\Program Files\PWN\Definicje\Bin\Starter.exe" O4 - HKLM\..\Run: [3DNADesktop] "C:\Program Files\3DNA\Resources\3dnasys.exe" -open O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [msvcc25] svcchost.exe O4 - HKLM\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe" /waitservice O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall 1.0\feedback.exe" /dump:os_startup O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\testtestt.exe O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\System32\spoolsvv.exe O4 - HKLM\..\Run: [System64] C:\WINDOWS\System32\inet.exe O4 - HKLM\..\Run: [Nord] C:\WINDOWS\System32\nordsys.exe O4 - HKLM\..\RunServices: [secures23] mssecure.exe O4 - HKLM\..\RunServices: [Microsoft Directxsp] directxbt.exe O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\testtestt.exe O4 - HKLM\..\RunServices: [SystemTools32] C:\WINDOWS\System32\inet.exe O4 - HKCU\..\Run: [Organizer] "C:\Program Files\Organizer\Organizer.exe" t O4 - HKCU\..\Run: [vssl2] C:\WINDOWS\system32\winsrcv.exe O4 - HKCU\..\Run: [ssvl1] C:\WINDOWS\system32\lmdm.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [mlrnew1c4] C:\WINDOWS\system32\mnewwinc4.exe O4 - HKCU\..\Run: [mlrnew1c1] C:\WINDOWS\system32\mnewwinc1.exe O4 - HKCU\..\Run: [chsr] C:\WINDOWS\system32\lssrvc.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe O4 - HKCU\..\Run: [Nord] C:\WINDOWS\System32\nordsys.exe O4 - HKCU\..\Run: [con] C:\WINDOWS\System32\dlh9jkd1q2.exe O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\RunServices: [Microsoft Directxsp] directxbt.exe O4 - Startup: Outpost Firewall.lnk = C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe O4 - Startup: UniSpiker-2.6.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll O9 - Extra button: Szybkie dostosowywanie programu Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall 1.0\Plugins\BrowserBar\ie_bar.dll (file missing) O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O20 - AppInit_DLLs: c:\program files\agnitum\outpost firewall 1.0\wl_hook.dll c:\progra~1\agnitum\outpos~1.0\wl_hook.dll O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe

**Posty:** 18165 · przez **wojtas** 04 Gru 2006, 19:50

usuwasz wszystko z wylaczonym przywracaniem systemu w trybie awaryjnym

c:\exe.exe
O4 - HKLM\..\Run: [YhooUapdates] C:\WINDOWS\system32\ymssmsgs.exe
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [secures23] mssecure.exe
O4 - HKLM\..\Run: [Microsoft Directxsp] directxbt.exe
O4 - HKLM\..\Run: [msvcc25] svcchost.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\testtestt.exe
O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\System32\spoolsvv.exe
O4 - HKLM\..\Run: [System64] C:\WINDOWS\System32\inet.exe
O4 - HKLM\..\Run: [Nord] C:\WINDOWS\System32\nordsys.exe
O4 - HKLM\..\RunServices: [secures23] mssecure.exe
O4 - HKLM\..\RunServices: [Microsoft Directxsp] directxbt.exe
O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\testtestt.exe
O4 - HKLM\..\RunServices: [SystemTools32] C:\WINDOWS\System32\inet.exe
O4 - HKCU\..\Run: [vssl2] C:\WINDOWS\system32\winsrcv.exe
O4 - HKCU\..\Run: [ssvl1] C:\WINDOWS\system32\lmdm.exe
O4 - HKCU\..\Run: [mlrnew1c4] C:\WINDOWS\system32\mnewwinc4.exe
O4 - HKCU\..\Run: [mlrnew1c1] C:\WINDOWS\system32\mnewwinc1.exe
O4 - HKCU\..\Run: [chsr] C:\WINDOWS\system32\lssrvc.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe
O4 - HKCU\..\Run: [Nord] C:\WINDOWS\System32\nordsys.exe
O4 - HKCU\..\Run: [con] C:\WINDOWS\System32\dlh9jkd1q2.exe
O4 - HKCU\..\RunServices: [Microsoft Directxsp] directxbt.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll

najpierw wpisy w hijacku poprzez fix checked potem szukasz pogrubionych i wywalasz do kosza po zabiegu nowy log

przez **Tom@szek** 04 Gru 2006, 19:51

Skan kompa antywirusem on-line http://www.kaspersky.pl/virusscanner.html + www.ewido.com i wracasz z logiem.

**Posty:** 47 · przez **bialy7** 04 Gru 2006, 20:47

cos mi chyba nie wyszlo, bo avast dalej wykrywa te dwa wirusy, i czerwony x w trayu nie zniknal. A skad konkretnie mam usunac te pliki co sa pogrubiona czcionka?

**Posty:** 18165 · przez **wojtas** 04 Gru 2006, 20:49

te pliki co sa pogrubiona czcionka?

poszukaj ich na kompe daj start.wyszukaj>wklejasz kazdego nazwe i kasujesz

**Posty:** 47 · przez **bialy7** 04 Gru 2006, 21:37

wiekszosci plikow nie moze znalesc, a jak juz to jest odmowa dostepu i nie mozna ich usunac, ja juz nie wiem co mam zrobic, ale jeszcze sprobuje skan tym antivirem on-line

**Posty:** 18165 · przez **wojtas** 04 Gru 2006, 21:48

bialy7 napisał(a):jest odmowa dostepu i nie mozna ich usunac

a robisz to z:

wojtas19162 napisał(a):wylaczonym przywracaniem systemu w trybie awaryjnym

Autor postu otrzymał pochwałę

**Posty:** 47 · przez **bialy7** 04 Gru 2006, 22:57

Nareszcie

, a juz myslalem ze nic nie da rady z tym virusem zrobic! Wielkie dzieki za pomoc i za poswiecony czas! A juz myslalem ze czeka mnie format

Jeszcze raz dziekuje i rispekcik dla was

**Posty:** 935 · przez **Aqui** 04 Gru 2006, 22:59

Daj kontrolne logi :wink:

**Posty:** 47 · przez **bialy7** 04 Gru 2006, 23:02

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 22:01:17, on 2006-12-04 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\acs.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\UAService7.exe C:\Program Files\TP-LINK\TWCU\TWCU.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\nvraidservice.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\ymssmsgs.exe C:\WINDOWS\System32\mssecure.exe C:\Program Files\PWN\Definicje\Bin\Starter.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\WINDOWS\System32\svcchost.exe C:\WINDOWS\system32\winsrcv.exe C:\WINDOWS\system32\lmdm.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\mnewwinc4.exe C:\WINDOWS\system32\mnewwinc1.exe C:\WINDOWS\system32\lssrvc.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Kalendarz XP\Kalendarz.exe C:\Program Files\ivo\UniSpiker-2.6\uni_spiker-2.6.exe C:\WINDOWS\System32\wbem\unsecapp.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE F:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Mario Forever Toolbar Helper - {8036D4D7-AAD3-4793-AB49-329E437155A8} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll (file missing) O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1045 O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [YhooUapdates] C:\WINDOWS\system32\ymssmsgs.exe O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe O4 - HKLM\..\Run: [secures23] mssecure.exe O4 - HKLM\..\Run: [ScheduleSync.Siemens.SmartSync.5.2.exe] "C:\Program Files\Mobile Phone Manager\SmartSync\ScheduleSync.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Microsoft Directxsp] directxbt.exe O4 - HKLM\..\Run: [DemonStarter] "C:\Program Files\PWN\Definicje\Bin\Starter.exe" O4 - HKLM\..\Run: [3DNADesktop] "C:\Program Files\3DNA\Resources\3dnasys.exe" -open O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [msvcc25] svcchost.exe O4 - HKLM\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe" /waitservice O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall 1.0\feedback.exe" /dump:os_startup O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\testtestt.exe O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\System32\spoolsvv.exe O4 - HKLM\..\Run: [System64] C:\WINDOWS\System32\inet.exe O4 - HKLM\..\Run: [Nord] C:\WINDOWS\System32\nordsys.exe O4 - HKLM\..\RunServices: [secures23] mssecure.exe O4 - HKLM\..\RunServices: [Microsoft Directxsp] directxbt.exe O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\testtestt.exe O4 - HKLM\..\RunServices: [SystemTools32] C:\WINDOWS\System32\inet.exe O4 - HKCU\..\Run: [Organizer] "C:\Program Files\Organizer\Organizer.exe" t O4 - HKCU\..\Run: [vssl2] C:\WINDOWS\system32\winsrcv.exe O4 - HKCU\..\Run: [ssvl1] C:\WINDOWS\system32\lmdm.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [mlrnew1c4] C:\WINDOWS\system32\mnewwinc4.exe O4 - HKCU\..\Run: [mlrnew1c1] C:\WINDOWS\system32\mnewwinc1.exe O4 - HKCU\..\Run: [chsr] C:\WINDOWS\system32\lssrvc.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe O4 - HKCU\..\Run: [Nord] C:\WINDOWS\System32\nordsys.exe O4 - HKCU\..\Run: [con] C:\WINDOWS\System32\dlh9jkd1q2.exe O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\RunServices: [Microsoft Directxsp] directxbt.exe O4 - Startup: Outpost Firewall.lnk = C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe O4 - Startup: UniSpiker-2.6.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll O9 - Extra button: Szybkie dostosowywanie programu Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall 1.0\Plugins\BrowserBar\ie_bar.dll (file missing) O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab O20 - AppInit_DLLs: c:\program files\agnitum\outpost firewall 1.0\wl_hook.dll c:\progra~1\agnitum\outpos~1.0\wl_hook.dll O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe

[ Dodano: Dzisiaj o 21:41 ]
jest pewnie jeszcze pare wirusow ale jestem w trakcie skanowania

**Posty:** 935 · przez **Aqui** 04 Gru 2006, 23:21

Skoncz skanowanie bo jest poprostu syffffff totalny
Przeskanuj tym co podal Tom@szek i daj nowe logi..

**Posty:** 47 · przez **bialy7** 05 Gru 2006, 18:43

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 17:35:36, on 2006-12-05 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\acs.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\UAService7.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\TP-LINK\TWCU\TWCU.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\nvraidservice.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\PWN\Definicje\Bin\Starter.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Kalendarz XP\Kalendarz.exe C:\Program Files\ivo\UniSpiker-2.6\uni_spiker-2.6.exe C:\WINDOWS\System32\wbem\unsecapp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\eMule\eMule.exe C:\WINDOWS\System32\ctfmon.exe F:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Mario Forever Toolbar Helper - {8036D4D7-AAD3-4793-AB49-329E437155A8} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll (file missing) O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1045 O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [ScheduleSync.Siemens.SmartSync.5.2.exe] "C:\Program Files\Mobile Phone Manager\SmartSync\ScheduleSync.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DemonStarter] "C:\Program Files\PWN\Definicje\Bin\Starter.exe" O4 - HKLM\..\Run: [3DNADesktop] "C:\Program Files\3DNA\Resources\3dnasys.exe" -open O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe" /waitservice O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall 1.0\feedback.exe" /dump:os_startup O4 - HKCU\..\Run: [Organizer] "C:\Program Files\Organizer\Organizer.exe" t O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - Startup: Outpost Firewall.lnk = C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe O4 - Startup: UniSpiker-2.6.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll O9 - Extra button: Szybkie dostosowywanie programu Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall 1.0\Plugins\BrowserBar\ie_bar.dll (file missing) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O20 - AppInit_DLLs: c:\program files\agnitum\outpost firewall 1.0\wl_hook.dll c:\progra~1\agnitum\outpos~1.0\wl_hook.dll O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe

Wydaje mi sie ze juz jest czysty, ale pewny nie jestem, jak cos jeszcze trzeba usunac to prosze o informacje. Ale przynajmniej mi komp nie zamula juz :lol:

**Posty:** 18165 · przez **wojtas** 05 Gru 2006, 18:48

usuwasz wszystko z wylaczonym przywracaniem systemu w trybie awaryjnym

sciagnij killbox`a:

http://www.wiruskill.pl/forum/viewtopic.php?t=58

Odpalasz Killboxa zaznacz opcję Delete on Reboot następnie w polu Full Path of File to Delete wklej ścieżkę :

C:\WINDOWS\system32\rpcc.dll

i nacisnij x
Program będzie pytał o restart (oczywiście zgadzasz się)

potem kasujesz

O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll

i nowy log

**Posty:** 47 · przez **bialy7** 05 Gru 2006, 19:01

ale wszystko to dokladnie co znaczy?

jeszcze jeden problem z adir.dll

jeszcze jeden problem z adir.dll

Kto jest na forum