potrzebna pomoc w wirusach

**Posty:** 12 · przez **martini99** 10 Lis 2007, 23:37

Witam mam problem z avastem wykrywa mi 4 wirusy
C:\DOCUME~1\M@rcin\USTAWI~1\Temp\ac8zt2\main_uninstaller.exe
C:\DOCUME~1\M@rcin\USTAWI~1\Temp\ac8zt2\msmdev.dll
C:\DOCUME~1\M@rcin\USTAWI~1\Temp\ac8zt2\nsduo.dll
C:\DOCUME~1\M@rcin\USTAWI~1\Temp\ac8zt2\rmv.exe

mysle że kłopot tkwi w logach tylko ja sie na tym nieznam więc prosze was o pomoc

przez **jeff** 10 Lis 2007, 23:38

wejdz w tryb awaryjny i opróżnij folder temp

**Posty:** 12 · przez **martini99** 10 Lis 2007, 23:55

niestety problem wciąż jest co mam dalej robić

**Posty:** 7838 · przez **Lukesh** 11 Lis 2007, 00:16

Zmien nazwe tematu na taka, ktora bedzie zgodna z regulaminem =>> http://forum.programosy.pl/rules.php

A jak juz to zrobisz:

:arrow:

Zastosuj sie do wskazowek z tematu: http://forum.programosy.pl/bad-generic-host-process-for-win32-services-vt79489.html
:arrow:

Zrob skan on-line www.ewido.com
:arrow:

Pokaz log z ComboFix: http://www.programosy.pl/program,combofix.html
:arrow:

na sam koniec wstaw CALE logi wg opisu: http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html

**Posty:** 12 · przez **martini99** 11 Lis 2007, 00:50

niestety nie potrafie zmienić tematu...a oto log z ComboFix

Kod: Zaznacz wszystko: ComboFix 07-11-08.1 - M@rcin 2007-11-10 23:32:50.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.1.1250.1.1045.18.54 [GMT 1:00] Running from: C:\Documents and Settings\M@rcin\Pulpit\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\msmhost.dll . ((((((((((((((((((((((((( Files Created from 2007-10-10 to 2007-11-10 ))))))))))))))))))))))))))))))) . 2007-11-10 20:35 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-10 19:00 <DIR> d-------- C:\Program Files\Power Video Converter 2007-11-10 19:00 <DIR> d-------- C:\movies 2007-11-10 18:48 <DIR> d-------- C:\WINDOWS\system32\windows media 2007-11-10 18:48 <DIR> d--h----- C:\WINDOWS\msdownld.tmp 2007-11-10 18:48 <DIR> d-------- C:\Program Files\Windows Media Components 2007-11-10 18:30 294,912 --a------ C:\WINDOWS\ipwyptfg.dll 2007-11-10 18:30 274,432 --a------ C:\WINDOWS\neobus.dll 2007-11-10 18:30 188,416 --a------ C:\WINDOWS\bonrep.dll 2007-11-10 18:30 112,128 --a------ C:\WINDOWS\qdertu.exe 2007-11-10 18:29 <DIR> d-------- C:\Program Files\RichVideoCodec 2007-11-10 18:20 <DIR> d-------- C:\VideoOutput 2007-11-10 18:17 <DIR> d-------- C:\Program Files\Allok AVI to DVD SVCD VCD Converter 2007-11-10 13:49 <DIR> d-------- C:\Program Files\OpenVideoConverter 2007-11-10 13:32 <DIR> d-------- C:\Program Files\NO1 Video Converter 2007-11-10 12:51 406,016 --a------ C:\WINDOWS\system32\PSDrvCheck.exe 2007-11-10 12:51 19,456 --a------ C:\WINDOWS\system32\asapi.dll 2007-11-10 12:51 11,264 --a------ C:\WINDOWS\system32\drivers\asapiW2k.sys 2007-11-10 12:50 61,440 --a------ C:\WINDOWS\system32\pclepim1.dll 2007-11-10 12:50 49,152 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll 2007-11-10 12:37 <DIR> d-------- C:\Program Files\Pinnacle 2007-11-10 12:37 14,165 --------- C:\WINDOWS\system32\drivers\Pclepci.sys 2007-11-10 12:26 90,112 --a------ C:\WINDOWS\unvise32.exe 2007-11-10 12:02 <DIR> d-------- C:\Documents and Settings\M@rcin\Dane aplikacji\GetRightToGo 2007-11-09 23:54 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Pinnacle 2007-11-09 18:42 <DIR> d-------- C:\Program Files\eMule 2007-11-09 17:55 <DIR> d-------- C:\Program Files\Common Files\DirectX 2007-11-02 21:27 297,472 --a------ C:\WINDOWS\uninst.exe 2007-11-02 21:02 <DIR> d-------- C:\Program Files\Kalendarz XP 2007-10-31 19:19 <DIR> d-------- C:\Program Files\Electronic Arts 2007-10-31 19:08 292,864 --a--c--- C:\WINDOWS\system32\dllcache\ddraw.dll 2007-10-31 19:08 292,864 --a------ C:\WINDOWS\system32\ddraw.dll 2007-10-31 19:04 2,828 --a------ C:\WINDOWS\system32\sdbackup.reg 2007-10-30 19:37 <DIR> d-------- C:\Program Files\7-Zip 2007-10-28 16:54 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2007-10-27 11:27 <DIR> d-------- C:\Program Files\Fifa Master 2007-10-26 20:52 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\ConeXware 2007-10-26 19:40 <DIR> d-------- C:\WINDOWS\system32\URTTemp 2007-10-22 14:36 <DIR> d-------- C:\Documents and Settings\M@rcin\Dane aplikacji\Winamp 2007-10-22 14:34 <DIR> d-------- C:\Program Files\Winamp Toolbar 2007-10-22 14:34 <DIR> d-------- C:\Program Files\Winamp Remote 2007-10-22 14:34 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Winamp Toolbar 2007-10-22 14:34 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\OrbNetworks 2007-10-21 20:17 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP 2007-10-21 20:16 <DIR> d-------- C:\Fraps 2007-10-17 07:51 94,208 --a------ C:\WINDOWS\system32\vbpng1.dll 2007-10-17 07:51 53,248 --a------ C:\WINDOWS\system32\zlib.dll 2007-10-15 12:17 <DIR> d-------- C:\Documents and Settings\M@rcin\Dane aplikacji\InternetCalls 2007-10-15 06:10 <DIR> d-------- C:\Program Files\Skype 2007-10-15 06:10 <DIR> d-------- C:\Program Files\Common Files\Skype 2007-10-12 17:20 <DIR> d-------- C:\Program Files\Opera 2007-10-10 16:34 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-10 22:35 233,472 ---ha-w C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\NTUSER.DAT 2007-11-10 22:35 233,472 ---ha-w C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\NTUSER.DAT 2007-11-10 22:35 233,472 ---ha-w C:\Documents and Settings\LocalService.ZARZąDZANIE NT\NTUSER.DAT 2007-11-10 22:35 233,472 ---ha-w C:\Documents and Settings\LocalService.ZARZąDZANIE NT\NTUSER.DAT 2007-11-10 21:48 --------- d-----w C:\Documents and Settings\M@rcin\Dane aplikacji\Skype 2007-11-10 20:33 --------- d-s---w C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Dane aplikacji\Microsoft 2007-11-10 12:27 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-11-09 14:50 99,904 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2007-11-06 17:47 --------- d-----w C:\Program Files\ACE Mega CoDecS Pack 2007-11-06 16:22 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-11-02 19:58 --------- d-----w C:\Program Files\SopCast 2007-10-31 18:19 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-28 12:57 --------- d-----w C:\Program Files\Steam 2007-10-22 13:36 --------- d-----w C:\Program Files\Winamp 2007-10-15 05:10 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Skype 2007-10-10 15:57 --------- d-----w C:\Documents and Settings\M@rcin\Dane aplikacji\MSN6 2007-10-06 07:44 --------- d-----w C:\Documents and Settings\M@rcin\Dane aplikacji\Microsoft Games 2007-10-06 07:44 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Microsoft Games 2007-10-05 10:28 --------- d-----w C:\Program Files\BitComet 2007-10-02 15:51 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-10-02 15:51 --------- d--h--r C:\Documents and Settings\M@rcin\Dane aplikacji\SecuROM 2007-10-01 17:41 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\MSN6 2007-10-01 14:06 20,480 ----a-w C:\WINDOWS\system32\H@tKeysH@@k.DLL 2007-09-26 15:16 --------- d-----w C:\Program Files\Tlumacz Komputerowy - Niemiecki 2007-09-25 12:51 --------- d-----w C:\Documents and Settings\M@rcin\Dane aplikacji\OTVREG 2007-09-25 12:50 --------- d-----w C:\Program Files\concept design 2007-09-25 12:39 --------- d-----w C:\Documents and Settings\M@rcin\Dane aplikacji\concept design 2007-09-25 12:32 --------- d-----w C:\Documents and Settings\M@rcin\Dane aplikacji\WebCompiler3 2007-09-23 13:10 --------- d-----w C:\Documents and Settings\M@rcin\Dane aplikacji\Ahead 2007-09-19 10:45 --------- d-----w C:\Documents and Settings\M@rcin\Dane aplikacji\Leadertech 2007-09-11 09:17 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll 2007-09-09 15:09 167,936 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe 2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr 2007-08-24 16:32 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2007-08-23 18:43 98,304 ----a-w C:\WINDOWS\system32\qttask.exe 2004-07-22 08:51 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB 2004-07-19 20:58 1,156,363 ----a-w C:\Program Files\BDANT.cab 2004-07-19 20:53 976,020 ----a-w C:\Program Files\BDAXP.cab 2004-07-09 12:17 13,265,040 ----a-w C:\Program Files\dxnt.cab 2004-07-09 07:13 703,080 ----a-w C:\Program Files\BDA.cab 2004-07-09 07:13 15,493,481 ----a-w C:\Program Files\DirectX.cab 2004-07-09 02:08 472,576 ----a-w C:\Program Files\dxsetup.exe 2004-07-09 02:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll 2004-07-09 01:03 62,976 ----a-w C:\Program Files\DSETUP.dll . ((((((((((((((((((((((((((((( snapshot@2007-11-10_20.39.27.07 ))))))))))))))))))))))))))))))))))))))))) . - 2007-10-28 07:26:02 52,900 ----a-w C:\WINDOWS\system32\perfc009.dat + 2007-11-10 19:40:08 52,900 ----a-w C:\WINDOWS\system32\perfc009.dat - 2007-10-28 07:26:02 67,298 ----a-w C:\WINDOWS\system32\perfc015.dat + 2007-11-10 19:40:08 67,298 ----a-w C:\WINDOWS\system32\perfc015.dat - 2007-10-28 07:26:02 380,486 ----a-w C:\WINDOWS\system32\perfh009.dat + 2007-11-10 19:40:08 380,486 ----a-w C:\WINDOWS\system32\perfh009.dat - 2007-10-28 07:26:02 436,322 ----a-w C:\WINDOWS\system32\perfh015.dat + 2007-11-10 19:40:08 436,322 ----a-w C:\WINDOWS\system32\perfh015.dat + 2007-11-10 22:35:53 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_51c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3C33240D-D292-4E3C-BB5C-3EC6541B0480}] 2007-11-10 16:25 294912 --a------ C:\WINDOWS\ipwyptfg.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968] "{17943327-95B1-4F8B-9534-8F82C2497211}"= C:\WINDOWS\bonrep.dll [2007-11-10 16:25 188416] [HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CLASSES_ROOT\CLSID\{17943327-95B1-4F8B-9534-8F82C2497211}] [HKEY_CLASSES_ROOT\bonrep.ToolBar.1] [HKEY_CLASSES_ROOT\TypeLib\{BDE718BD-CC74-4BE6-B637-42D382FA475F}] [HKEY_CLASSES_ROOT\bonrep.ToolBar] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968] [HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [2007-08-23 19:43] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 16:05] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 14:21 C:\WINDOWS\system32\HdAShCut.exe] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 02:11] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-09-07 14:35] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-10-10 14:49] "nwiz"="nwiz.exe" [2005-10-10 14:49 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-10-10 14:49] "TWCU"="C:\Program Files\TP-LINK\TWCU\TWCU.exe" [2006-03-29 15:12] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40] "BearFlix"="C:\Program Files\BearFlix\BearFlix.exe" [] "BearShare"="C:\Program Files\BearShare\BearShare.exe" [2006-08-01 16:04] "WinampAgent"="D:\Winamp\winampa.exe" [2007-10-10 06:28] "PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2004-03-10 15:21] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GoD"="C:\Program Files\GoD\GoD.exe" [] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 08:39] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 10:28] "BitComet"="C:\Program Files\BitComet\BitComet.exe" [] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 15:08] "InternetCalls"="C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe" [] "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2007-10-08 01:18] "Zegarynka"="C:\Documents and Settings\M@rcin\Pulpit\Zegarynka.exe" [2005-02-25 23:02] C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 13:44:06] Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2007-11-02 21:02:01] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "kbdctrl"= {BC882F1F-0E14-4B42-A3F6-FCB0B4EBC392} - C:\WINDOWS\kbdctrl.dll [ ] "neobus"= {432AD1F1-B0CF-453D-8D93-02EE5CA4EEBA} - C:\WINDOWS\neobus.dll [2007-11-10 16:25 274432] . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-10 23:36:23 Windows 5.1.2600 Dodatek Service Pack. 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2007-11-10 23:38:00 - machine was rebooted C:\ComboFix2.txt ... 2007-11-10 20:40 . --- E O F ---

**Posty:** 7838 · przez **Lukesh** 11 Lis 2007, 00:58

niestety nie potrafie zmienić tematu

nazwe tematu zmienisz klikajac na:

przy swoim pierwszym poscie.

Edytuj rowniez poprzedni post obejmujac log z combofix'a tagami [Code] lub [Quote] tak, jak jest to opisane tutaj: http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html

**Posty:** 12 · przez **martini99** 11 Lis 2007, 01:52

Scan hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 00:49:55, on 2007-11-11
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\qttask.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\TP-LINK\TWCU\TWCU.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Winamp\winampa.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\M@rcin\Pulpit\Zegarynka.exe
C:\Program Files\Kalendarz XP\Kalendarz.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: MSVPS System - {3C33240D-D292-4E3C-BB5C-3EC6541B0480} - C:\WINDOWS\ipwyptfg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: The bonrep - {17943327-95B1-4F8B-9534-8F82C2497211} - C:\WINDOWS\bonrep.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [GoD] "C:\Program Files\GoD\GoD.exe" /tray
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [InternetCalls] "C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Zegarynka] C:\Documents and Settings\M@rcin\Pulpit\Zegarynka.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: kbdctrl - {BC882F1F-0E14-4B42-A3F6-FCB0B4EBC392} - C:\WINDOWS\kbdctrl.dll (file missing)
O21 - SSODL: neobus - {432AD1F1-B0CF-453D-8D93-02EE5CA4EEBA} - C:\WINDOWS\neobus.dll
O21 - SSODL: msmhost - {16E43E6F-ECD3-4848-B5B6-1F979D0B86D5} - C:\WINDOWS\msmhost.dll
O21 - SSODL: msmdev - {9BE57026-9674-499B-A9A3-D5004332C600} - C:\WINDOWS\msmdev.dll (file missing)
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\System32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

**Posty:** 1290 · przez **Xfire** 11 Lis 2007, 03:11

martini99 przy swoim poście daj EDYTUJ po czym zaznacz CAŁEGO loga i naciśnij przycisk Quote lub Code (przyciski znajdują się po prawej stronie od tekstu).

**Posty:** 12 · przez **martini99** 11 Lis 2007, 09:26

martini99 napisał(a):Scan hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 00:49:55, on 2007-11-11
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\qttask.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\TP-LINK\TWCU\TWCU.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Winamp\winampa.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\M@rcin\Pulpit\Zegarynka.exe
C:\Program Files\Kalendarz XP\Kalendarz.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: MSVPS System - {3C33240D-D292-4E3C-BB5C-3EC6541B0480} - C:\WINDOWS\ipwyptfg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: The bonrep - {17943327-95B1-4F8B-9534-8F82C2497211} - C:\WINDOWS\bonrep.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [GoD] "C:\Program Files\GoD\GoD.exe" /tray
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [InternetCalls] "C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Zegarynka] C:\Documents and Settings\M@rcin\Pulpit\Zegarynka.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: kbdctrl - {BC882F1F-0E14-4B42-A3F6-FCB0B4EBC392} - C:\WINDOWS\kbdctrl.dll (file missing)
O21 - SSODL: neobus - {432AD1F1-B0CF-453D-8D93-02EE5CA4EEBA} - C:\WINDOWS\neobus.dll
O21 - SSODL: msmhost - {16E43E6F-ECD3-4848-B5B6-1F979D0B86D5} - C:\WINDOWS\msmhost.dll
O21 - SSODL: msmdev - {9BE57026-9674-499B-A9A3-D5004332C600} - C:\WINDOWS\msmdev.dll (file missing)
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\System32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

[ Dodano: Dzisiaj o 8:27 ]

martini99 napisał(a):
martini99 napisał(a):Scan hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 00:49:55, on 2007-11-11
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\qttask.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\TP-LINK\TWCU\TWCU.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Winamp\winampa.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\M@rcin\Pulpit\Zegarynka.exe
C:\Program Files\Kalendarz XP\Kalendarz.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: MSVPS System - {3C33240D-D292-4E3C-BB5C-3EC6541B0480} - C:\WINDOWS\ipwyptfg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: The bonrep - {17943327-95B1-4F8B-9534-8F82C2497211} - C:\WINDOWS\bonrep.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [GoD] "C:\Program Files\GoD\GoD.exe" /tray
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [InternetCalls] "C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Zegarynka] C:\Documents and Settings\M@rcin\Pulpit\Zegarynka.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: kbdctrl - {BC882F1F-0E14-4B42-A3F6-FCB0B4EBC392} - C:\WINDOWS\kbdctrl.dll (file missing)
O21 - SSODL: neobus - {432AD1F1-B0CF-453D-8D93-02EE5CA4EEBA} - C:\WINDOWS\neobus.dll
O21 - SSODL: msmhost - {16E43E6F-ECD3-4848-B5B6-1F979D0B86D5} - C:\WINDOWS\msmhost.dll
O21 - SSODL: msmdev - {9BE57026-9674-499B-A9A3-D5004332C600} - C:\WINDOWS\msmdev.dll (file missing)
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\System32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

[ Dodano: Dzisiaj o 8:33 ]
powiedźcie co mam teraz co mam zrobic ciągle wyskakują mi te wirusy a do tego wyskoczyło mi na pulpicie z napisem Your Privancy is in danger....już kiedyś mialem ten problem i sformatowałem kompa ale tym razem niemoge bo mam bardzo ważne i potrzebne pliki i programy a pozatym gdzy sformatuje kompa nie bede mial neta...który tez jest niezbedny.

**Posty:** 18165 · przez **wojtas** 11 Lis 2007, 10:13

zastosuj:

smitfraudfix z opcji 2

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz z hijacka

**Posty:** 12 · przez **martini99** 11 Lis 2007, 10:14

Kod: Zaznacz wszystko: --------------------------------------------------------- AVG Anti-Spyware - report o výsledku scanování --------------------------------------------------------- + Vytvořen v: 09:12:00 2007-11-11 + Výsledek scanování: C:\Documents and Settings\M@rcin\Ustawienia lokalne\Temp\BIT120.tmp/ac8zt2/msmdev.dll -> Downloader.Agent.dag : Vyčištěno. C:\Documents and Settings\M@rcin\Ustawienia lokalne\Temp\BIT126.tmp/ac8zt2/msmdev.dll -> Downloader.Agent.dag : Vyčištěno. C:\Documents and Settings\M@rcin\Ustawienia lokalne\Temp\BIT1AF.tmp/ac8zt2/msmdev.dll -> Downloader.Agent.dag : Vyčištěno. C:\Documents and Settings\M@rcin\Ustawienia lokalne\Temp\BIT20.tmp/ac8zt2/msmdev.dll -> Downloader.Agent.dag : Vyčištěno. C:\Documents and Settings\M@rcin\Ustawienia lokalne\Temp\BIT209.tmp/ac8zt2/msmdev.dll -> Downloader.Agent.dag : Vyčištěno. C:\Documents and Settings\M@rcin\Ustawienia lokalne\Temp\BIT84.tmp/ac8zt2/msmdev.dll -> Downloader.Agent.dag : Vyčištěno. C:\Documents and Settings\M@rcin\Ustawienia lokalne\Temp\BITD4.tmp/ac8zt2/msmdev.dll -> Downloader.Agent.dag : Vyčištěno. C:\Documents and Settings\M@rcin\Ustawienia lokalne\Temp\BIT120.tmp/ac8zt2/main_uninstaller.exe -> Downloader.Zlob.cpx : Vyčištěno. C:\Documents and Settings\M@rcin\Ustawienia lokalne\Temp\BIT126.tmp/ac8zt2/main_uninstaller.exe -> Downloader.Zlob.cpx : Vyčištěno. C:\Documents and Settings\M@rcin\Ustawienia lokalne\Temp\BIT126.tmp/ac8zt2/rmv.exe -> Downloader.Zlob.cpx : Vyčištěno. C:\Documents and Settings\M@rcin\Ustawienia lokalne\Temp\BIT13E.tmp/ac8zt2/main_uninstaller.exe -> Downloader.Zlob.cpx : Vyčištěno. C:\Documents and Settings\M@rcin\Ustawienia lokalne\Temp\BIT172.tmp/ac8zt2/main_uninstaller.exe -> Downloader.Zlob.cpx : Vyčištěno. C:\Documents and Settings\M@rcin\Ustawienia lokalne\Temp\BIT19F.tmp/ac8zt2/main_uninstaller.exe -> Downloader.Zlob.cpx : Vyčištěno. C:\Documents and Settings\M@rcin\Ustawienia lokalne\Temp\BIT1AF.tmp/ac8zt2/main_uninstaller.exe -> Downloader.Zlob.cpx : Vyčištěno. C:\Documents and Settings\M@rcin\Ustawienia lokalne\Temp\BIT1AF.tmp/ac8zt2/rmv.exe -> Downloader.Zlob.cpx : Vyčištěno. C:\Documents and Settings\M@rcin\Ustawienia lokalne\Temp\BIT1C5.tmp/ac8zt2/main_uninstaller.exe -> Downloader.Zlob.cpx : Vyčištěno. C:\Documents and Settings\M@rcin\Ustawienia lokalne\Temp\BIT20.tmp/ac8zt2/main_uninstaller.exe -> Downloader.Zlob.cpx : Vyčištěno. C:\Documents and Settings\M@rcin\Ustawienia lokalne\Temp\BIT20.tmp/ac8zt2/rmv.exe -> Downloader.Zlob.cpx : Vyčištěno. C:\Documents and Settings\M@rcin\Ustawienia lokalne\Temp\BIT209.tmp/ac8zt2/main_uninstaller.exe -> Downloader.Zlob.cpx : Vyčištěno. C:\Documents and Settings\M@rcin\Ustawienia lokalne\Temp\BIT84.tmp/ac8zt2/main_uninstaller.exe -> Downloader.Zlob.cpx : Vyčištěno. C:\Documents and Settings\M@rcin\Ustawienia lokalne\Temp\BIT84.tmp/ac8zt2/rmv.exe -> Downloader.Zlob.cpx : Vyčištěno. C:\Documents and Settings\M@rcin\Ustawienia lokalne\Temp\BITD4.tmp/ac8zt2/main_uninstaller.exe -> Downloader.Zlob.cpx : Vyčištěno. C:\Documents and Settings\M@rcin\Ustawienia lokalne\Temp\BITD4.tmp/ac8zt2/rmv.exe -> Downloader.Zlob.cpx : Vyčištěno. C:\Documents and Settings\Marcin\Cookies\marcin@2o7[2].txt -> TrackingCookie.2o7 : Vyčištěno. :mozilla.35:C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\69lfk074.default\cookies.txt -> TrackingCookie.Adbrite : Vyčištěno. :mozilla.36:C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\69lfk074.default\cookies.txt -> TrackingCookie.Adbrite : Vyčištěno. :mozilla.37:C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\69lfk074.default\cookies.txt -> TrackingCookie.Adbrite : Vyčištěno. C:\Documents and Settings\Marcin\Cookies\marcin@adbrite[2].txt -> TrackingCookie.Adbrite : Vyčištěno. C:\Documents and Settings\Marcin\Cookies\marcin@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Vyčištěno. :mozilla.18:C:\Documents and Settings\M@rcin\Dane aplikacji\Mozilla\Firefox\Profiles\rt97h0aj.default\cookies.txt -> TrackingCookie.Adtech : Vyčištěno. C:\Documents and Settings\Marcin\Cookies\marcin@atdmt[2].txt -> TrackingCookie.Atdmt : Vyčištěno. :mozilla.136:C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\69lfk074.default\cookies.txt -> TrackingCookie.Connextra : Vyčištěno. :mozilla.137:C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\69lfk074.default\cookies.txt -> TrackingCookie.Connextra : Vyčištěno. C:\Documents and Settings\Marcin\Cookies\marcin@doubleclick[1].txt -> TrackingCookie.Doubleclick : Vyčištěno. :mozilla.15:C:\Documents and Settings\M@rcin\Dane aplikacji\Mozilla\Firefox\Profiles\rt97h0aj.default\cookies.txt -> TrackingCookie.Fastclick : Vyčištěno. :mozilla.16:C:\Documents and Settings\M@rcin\Dane aplikacji\Mozilla\Firefox\Profiles\rt97h0aj.default\cookies.txt -> TrackingCookie.Fastclick : Vyčištěno. :mozilla.17:C:\Documents and Settings\M@rcin\Dane aplikacji\Mozilla\Firefox\Profiles\rt97h0aj.default\cookies.txt -> TrackingCookie.Fastclick : Vyčištěno. :mozilla.7:C:\Documents and Settings\M@rcin\Dane aplikacji\Mozilla\Firefox\Profiles\rt97h0aj.default\cookies.txt -> TrackingCookie.Fastclick : Vyčištěno. :mozilla.8:C:\Documents and Settings\M@rcin\Dane aplikacji\Mozilla\Firefox\Profiles\rt97h0aj.default\cookies.txt -> TrackingCookie.Fastclick : Vyčištěno. :mozilla.9:C:\Documents and Settings\M@rcin\Dane aplikacji\Mozilla\Firefox\Profiles\rt97h0aj.default\cookies.txt -> TrackingCookie.Fastclick : Vyčištěno. C:\Documents and Settings\Marcin\Cookies\marcin@fastclick[2].txt -> TrackingCookie.Fastclick : Vyčištěno. :mozilla.86:C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\69lfk074.default\cookies.txt -> TrackingCookie.Hitslink : Vyčištěno. C:\Documents and Settings\Marcin\Cookies\marcin@ivwbox[1].txt -> TrackingCookie.Ivwbox : Vyčištěno. C:\Documents and Settings\Marcin\Cookies\marcin@stat.onestat[2].txt -> TrackingCookie.Onestat : Vyčištěno. :mozilla.38:C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\69lfk074.default\cookies.txt -> TrackingCookie.Real : Vyčištěno. :mozilla.39:C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\69lfk074.default\cookies.txt -> TrackingCookie.Real : Vyčištěno. :mozilla.40:C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\69lfk074.default\cookies.txt -> TrackingCookie.Real : Vyčištěno. C:\Documents and Settings\Marcin\Cookies\marcin@real[2].txt -> TrackingCookie.Real : Vyčištěno. C:\Documents and Settings\Marcin\Cookies\marcin@realguide.real[2].txt -> TrackingCookie.Real : Vyčištěno. C:\Documents and Settings\Marcin\Cookies\marcin@show.real[2].txt -> TrackingCookie.Real : Vyčištěno. C:\Documents and Settings\Marcin\Cookies\marcin@skype[1].txt -> TrackingCookie.Skype : Vyčištěno. :mozilla.44:C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\69lfk074.default\cookies.txt -> TrackingCookie.Statcounter : Vyčištěno. :mozilla.45:C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\69lfk074.default\cookies.txt -> TrackingCookie.Statcounter : Vyčištěno. :mozilla.6:C:\Documents and Settings\M@rcin\Dane aplikacji\Mozilla\Firefox\Profiles\rt97h0aj.default\cookies.txt -> TrackingCookie.Statcounter : Vyčištěno. C:\Documents and Settings\Marcin\Cookies\marcin@statcounter[2].txt -> TrackingCookie.Statcounter : Vyčištěno. :mozilla.24:C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\69lfk074.default\cookies.txt -> TrackingCookie.Tradedoubler : Vyčištěno. :mozilla.25:C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\69lfk074.default\cookies.txt -> TrackingCookie.Tradedoubler : Vyčištěno. C:\Documents and Settings\M@rcin\Cookies\m@rcin@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Vyčištěno. C:\Documents and Settings\Marcin\Cookies\marcin@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Vyčištěno. ::Konec reportu

[ Dodano: Dzisiaj o 9:40 ]
log z SDFixa

SDFix: Version 1.114

Run by M@rcin on 2007-11-11 at 09:32

Microsoft Windows XP [Wersja 5.1.2600]

Running From: C:\SDFix\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value

Rebooting...

Normal Mode:
Checking Files:

Trojan Files Found:

C:\Program Files\RichVideoCodec\install.ico - Deleted
C:\Program Files\RichVideoCodec\RichVideoCodec.ocx - Deleted
C:\Program Files\RichVideoCodec\Uninstall.exe - Deleted
C:\WINDOWS\IPWYPTFG.DLL - Deleted

Folder C:\Program Files\RichVideoCodec - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-11 09:35:19
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
"khjeh"=hex:20,02,00,00,16,92,2b,04,49,39,ce,1b,72,49,2c,28,b9,49,f6,85,f3,..
"hj34z0"=hex:59,15,ce,48,dd,14,3a,5c,bd,04,e1,f1,62,58,f6,29,a2,47,71,6b,9d,..
"hj34z1"=hex:c6,15,ce,48,a5,14,3a,5c,bc,04,e0,f1,63,58,f6,29,a2,47,71,6b,51,..
"hj34z2"=hex:c6,15,ce,48,a5,14,3a,5c,bc,04,e0,f1,63,58,f6,29,a2,47,71,6b,51,..
"hj34z3"=hex:c6,15,ce,48,a5,14,3a,5c,bc,04,e0,f1,63,58,f6,29,a2,47,71,6b,51,..
"hj34z4"=hex:c6,15,ce,48,a5,14,3a,5c,bc,04,e0,f1,63,58,f6,29,a2,47,71,6b,51,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41]
"khjeh"=hex:20,02,00,00,16,92,2b,04,26,9e,57,d0,72,49,2c,28,bb,49,f6,85,f3,..
"hj34z0"=hex:5b,15,ce,48,dd,14,3a,5c,bd,04,e1,f1,62,58,f6,29,a2,47,71,6b,ef,..
"hj34z1"=hex:c6,15,ce,48,a5,14,3a,5c,bc,04,e0,f1,63,58,f6,29,a2,47,71,6b,51,..
"hj34z2"=hex:c6,15,ce,48,a5,14,3a,5c,bc,04,e0,f1,63,58,f6,29,a2,47,71,6b,51,..
"hj34z3"=hex:c6,15,ce,48,a5,14,3a,5c,bc,04,e0,f1,63,58,f6,29,a2,47,71,6b,51,..
"hj34z4"=hex:c6,15,ce,48,a5,14,3a,5c,bc,04,e0,f1,63,58,f6,29,a2,47,71,6b,51,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:c1,6b,2e,01,0c,05,07,1b,0c,ba,03,c5,bc,d1,7f,c5,17,8a,8c,29,29,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:c1,6b,2e,01,0c,05,07,1b,0c,ba,03,c5,bc,d1,7f,c5,17,8a,8c,29,29,..

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sat 17 Feb 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 29 Jun 2007 400 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.bla.bak"
Fri 29 Jun 2007 48 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.sec.bak"
Sun 26 Aug 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak"
Sun 19 Aug 2007 3,858,985 A..H. --- "C:\Documents and Settings\Sylwusia\Pulpit\eMule0.48a-Installer.exe"

Finished!

Kod: Zaznacz wszystko

[ Dodano: Dzisiaj o 9:54 ]
http://up.wklej.org/download.php?id=c57168a952f5d46724cf35dfc3d48a7f

[ Dodano: Dzisiaj o 9:54 ]
http://up.wklej.org/download.php?id=c57168a952f5d46724cf35dfc3d48a7f

**Posty:** 18165 · przez **wojtas** 11 Lis 2007, 19:19

sciagnij ATF_Cleaner
zaznacz
Windows Temp
Temporary internet files
i wcisnij EMPTY SELECTED

skasuj te wpisy w hijacku + pogrubiony wywal do kosza:

O2 - BHO: MSVPS System - {3C33240D-D292-4E3C-BB5C-3EC6541B0480} - C:\WINDOWS\ipwyptfg.dll (file missing)
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O3 - Toolbar: The bonrep - {17943327-95B1-4F8B-9534-8F82C2497211} - C:\WINDOWS\bonrep.dll (file missing)
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause

**Posty:** 12 · przez **martini99** 11 Lis 2007, 21:44

Już dalem rade temu dziadostwu...A mam zrobić to co mi wskazałeś???

**Posty:** 18165 · przez **wojtas** 11 Lis 2007, 21:46

tak wykonaj to

**Posty:** 12 · przez **martini99** 11 Lis 2007, 22:47

A więc tak chcialem podziekować za waszą pomoc...choć niewiem jak usunąć do kosza w Hijackthis...tamte pliki usunołem

**Posty:** 18165 · przez **wojtas** 11 Lis 2007, 22:49

Uruchamiasz HijackThis => klikasz Do a system scan only => pokaże się lista wpisów => stawiasz ptaszek przy wpisach, które wymieniłem => klikasz Fix checked i potwierdzasz usunięcie. nie chodzi tu zeby wpisy usunac do kosza

**Posty:** 12 · przez **martini99** 11 Lis 2007, 23:04

ok tak własnie zrobiłem wtedy tylko niewiedzialem co bearemflix..Jeszcze raz WIELKIE dzieki ....super forum jak ci dac pozytywa???

potrzebna pomoc w wirusach

Potrzebna pomoc w wirusach

co dalej???

oto log z ComboFix

Scan zrobiony i to skan hijacthis

Re: Scan zrobiony i to skan hijacthis

a to scan z AVG Anti-Spyware

Już wszystko chodzi znakomicie....

Dziękuje za fachową pomoc....

ok

Kto jest na forum