przez akropol7 10 Kwi 2007, 13:33
- Kod: Zaznacz wszystko
ComboScan v20070306.20 run by Adam on 2007-04-10 at 13:22:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Adam.exe) ------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 13:22:29, on 2007-04-10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rmctrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Free Download Manager\fdm.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Documents and Settings\Adam\Pulpit\comboscan.exe
C:\DOCUME~1\Adam\Pulpit\Adam.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Steam] "D:\gry\steam\Steam.exe" -silent
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pobierz wszystko z Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Pobierz z Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Pobierz zaznaczenie z Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{722C9F16-1E74-489F-A982-90F2E97DEDB9}: NameServer = 217.30.129.149,217.30.137.200
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
-- Files created between 2007-03-10 and 2007-04-10 -----------------------------
2007-04-09 10:12:06 0 d-------- C:\games
2007-04-08 22:35:37 80 --a------ C:\WINDOWS\gmer_uninstall.cmd<GMER_U~1.CMD>
2007-04-08 10:46:00 0 d-------- C:\fixwareout<FIXWAR~1>
2007-04-07 13:13:23 14848 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys
2007-04-07 13:13:22 34304 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys
2007-04-07 13:13:21 0 d-------- C:\Program Files\AntiVir PersonalEdition Classic<ANTIVI~1>
2007-04-07 09:50:15 0 d-------- C:\Program Files\Lavasoft
2007-04-07 09:49:55 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-04-06 08:23:56 0 d-------- C:\WINDOWS\pss
2007-04-05 09:43:51 36864 --a------ C:\WINDOWS\system32\EGameEncrypt.dll<EGAMEE~1.DLL>
2007-03-30 12:47:51 1233920 -ra------ C:\WINDOWS\system32\msxml4.dll
2007-03-30 12:47:47 329072 -ra------ C:\WINDOWS\system32\drivers\windrvr6.sys
2007-03-30 12:47:46 110592 -ra------ C:\WINDOWS\system32\wd_utils.dll
2007-03-30 12:47:46 82432 -ra------ C:\WINDOWS\system32\msxml4r.dll
2007-03-30 12:47:46 44544 -ra------ C:\WINDOWS\system32\msxml4a.dll
2007-03-30 12:47:46 2129920 --a------ C:\WINDOWS\system32\BCGCBPRO731.dll<BCGCBP~1.DLL>
2007-03-30 12:47:43 290904 -ra------ C:\WINDOWS\system32\vc6-re200l.dll<VC6-RE~1.DLL>
2007-03-30 12:47:43 69632 -ra------ C:\WINDOWS\system32\RWUXThemeS.dll<RWUXTH~1.DLL>
2007-03-30 12:47:43 89088 -ra------ C:\WINDOWS\system32\atl71.dll
2007-03-24 22:24:55 0 d-------- C:\Program Files\Tibia
2007-03-18 23:11:00 0 d-------- C:\Program Files\Common Files\Skype
2007-03-15 12:49:34 180224 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-03-15 12:48:58 180224 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-03-15 12:48:34 0 d-------- C:\NVIDIA
2007-03-13 10:19:25 0 d-------- C:\Program Files\Mozilla Thunderbird<MOZILL~2>
2007-03-10 19:00:16 0 d-------- C:\Program Files\iPod
2007-03-10 18:59:39 0 d-------- C:\Program Files\iTunes
2007-03-10 18:57:38 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
-- Find3M Report ---------------------------------------------------------------
2007-04-10 13:20:31 0 d-------- C:\Documents and Settings\Adam\Dane aplikacji\Free Download Manager<FREEDO~1>
2007-04-10 11:16:20 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-04-09 16:06:21 0 d-------- C:\Program Files\eMule
2007-04-08 10:57:20 0 d-------- C:\Program Files\MegauploadToolbar<MEGAUP~1>
2007-04-07 13:47:11 0 d-------- C:\Program Files\Easy Macro Recorder<EASYMA~1>
2007-04-07 09:50:22 0 d-------- C:\Documents and Settings\Adam\Dane aplikacji\Lavasoft
2007-04-06 22:04:09 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-25 07:49:38 356508 --a----c- C:\WINDOWS\system32\perfh015.dat
2007-03-25 07:49:38 50048 --a----c- C:\WINDOWS\system32\perfc015.dat
2007-03-20 09:18:49 13706 --a----c- C:\WINDOWS\mozver.dat
2007-03-18 23:11:01 0 d-------- C:\Program Files\Skype
2007-03-13 10:19:45 0 d-------- C:\Documents and Settings\Adam\Dane aplikacji\Thunderbird<THUNDE~1>
2007-03-11 15:51:37 0 d-------- C:\Documents and Settings\Adam\Dane aplikacji\GanymedeNet<GANYME~1>
2007-03-10 18:58:50 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-03-05 21:16:29 46080 --a------ C:\WINDOWS\tbuninst2.exe<TBUNIN~1.EXE>
2007-03-03 17:04:31 0 d-------- C:\Program Files\GanymedeNet<GANYME~1>
2007-02-28 00:46:25 0 d-------- C:\Documents and Settings\Adam\Dane aplikacji\MEGAUPLOADTOOLBAR<MEGAUP~1>
2007-02-26 16:14:54 0 d-------- C:\Program Files\Ares
2007-02-25 12:50:18 0 d-------- C:\Program Files\Common
2007-02-25 12:50:12 0 d-------- C:\Program Files\GinBoards<GINBOA~1>
2007-02-25 12:46:40 0 d-------- C:\Program Files\GinMarbles<GINMAR~1>
2007-02-25 12:46:16 0 d-------- C:\Program Files\Temp
2007-02-25 12:46:16 0 d-------- C:\Program Files\Adv
2007-02-24 20:19:56 0 d-------- C:\Documents and Settings\Adam\Dane aplikacji\Skype
2007-02-23 01:31:35 0 d-------- C:\Program Files\Tropico
2007-02-23 01:30:36 0 d-------- C:\Program Files\ChessGenius Classic<CHESSG~1>
2007-02-22 14:34:58 0 d-------- C:\Program Files\Edgard Multimedia<EDGARD~1>
2007-02-20 17:29:02 0 d-------- C:\Program Files\Edgard
2007-02-11 13:19:06 0 d-------- C:\Program Files\Mplayer
2007-02-10 20:12:09 0 d-------- C:\Documents and Settings\Adam\Dane aplikacji\Dev-Cpp
2007-01-15 19:32:07 689280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-01-15 19:23:20 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
-- Registry Dump ---------------------------------------------------------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Free Download Manager"="C:\\Program Files\\Free Download Manager\\fdm.exe -autorun"
"Steam"="\"D:\\gry\\steam\\Steam.exe\" -silent"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RemoteControl"="C:\\WINDOWS\\system32\\rmctrl.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"SoundMan"="SOUNDMAN.EXE"
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ashDisp"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ http://i.gryonline.wp.pl/g_b/pl/billard_9.jpg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
-- End of ComboScan: finished at 2007-04-10 at 13:23:12 ------------------------
[ Dodano: Dzisiaj o 13:35 ] ops, wplepilo sie jeszcze raz ;/
wiec jak naprawic ten blad z explorerem ?:>
