system nie może znaleść copy.exe

[mopserdak]

Witam. Mam problem z dyskiem nie moge na niego wejść bo wyskakuje że windows nie może znaleść copy.exe. Na dysk można wejść ale tylko przez total commandera. Problem zaczął sie po tym jak zaczął szaleć mi antyvir po tym dysku ostatnio jeszcze znalazło kilka innych wormów.

[Okocza]

daj loga z hijackthis i sillentrunners.

jak zaczął Ci szaleć po dysku w jakim sensie

[Lukesh]

To wina wirusa.

Zastosuj sie do wskazowek z tematu: http://forum.programosy.pl/bad-generic-host-process-for-win32-services-vt79489.html
Zrob skan on-line www.ewido.com
Pokaz log z ComboFix: http://www.programosy.pl/program,combofix.html
na sam koniec wstaw CALE logi wg opisu: http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html

[mopserdak]

Błąd z copy.exe został usunięty przez combofixa ale prosze jeszcze prewencyjnie o sprawdzenie

log z combofixa

Kod: Zaznacz wszystko

ComboFix 07-11-01.1 - MOPSERDAK 2007-11-02 16:12:23.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.524 [GMT 1:00]
Running from: D:\Folder Tymczasowy\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
G:\Autorun.inf

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\nm


(((((((((((((((((((((((((   Files Created from 2007-10-02 to 2007-11-02  )))))))))))))))))))))))))))))))
.

2007-11-02 16:14   <DIR>   d--------   C:\WINDOWS\system32\xircom
2007-11-02 16:14   <DIR>   d--------   C:\Program Files\microsoft frontpage
2007-11-02 16:12   51,200   --a------   C:\WINDOWS\NirCmd.exe
2007-11-01 19:20   <DIR>   d--------   C:\Program Files\Nero
2007-11-01 19:20   2,605,056   --a------   C:\WINDOWS\system32\BCGCBPRO800u.dll
2007-11-01 19:20   2,600,960   --a------   C:\WINDOWS\system32\BCGCBPRO800.dll
2007-11-01 19:20   1,568,768   --a------   C:\WINDOWS\system32\imagX7.dll
2007-11-01 19:20   476,320   --a------   C:\WINDOWS\system32\imagXpr7.dll
2007-11-01 19:20   471,040   --a------   C:\WINDOWS\system32\imagXRA7.dll
2007-11-01 19:20   364,544   --a------   C:\WINDOWS\system32\TwnLib4.dll
2007-11-01 19:20   262,144   --a------   C:\WINDOWS\system32\imagXR7.dll
2007-11-01 19:20   32,768   --a------   C:\WINDOWS\system32\BCGPOleAcc.dll
2007-10-31 00:04   4,682   --a------   C:\WINDOWS\system32\npptNT2.sys
2007-10-28 17:00   416,256   --a------   C:\WINDOWS\system\glide3x.dll
2007-10-28 16:22   360,576   --a--c---   C:\WINDOWS\system32\dllcache\TCPIP.SYS
2007-10-26 10:20   68,224   -ra------   C:\WINDOWS\system32\drivers\nvraid.sys
2007-10-26 10:20   18,432   --a------   C:\WINDOWS\system32\nvraidco.dll
2007-10-25 19:53   <DIR>   d--------   C:\Program Files\Marvell
2007-10-25 14:17   <DIR>   d--------   C:\Program Files\AC Tool
2007-10-24 18:28   683,472   -ra------   C:\WINDOWS\system32\drivers\cfosspeed.sys
2007-10-24 18:28   281,552   --a------   C:\WINDOWS\system32\cfosspeed.dll
2007-10-23 10:44   <DIR>   d--------   C:\Documents and Settings\MOPSERDAK\Dane aplikacji\Amju Super Cool Pool
2007-10-22 10:08   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\InstallShield
2007-10-22 10:02   <DIR>   d--------   C:\Program Files\directx
2007-10-18 16:15   <DIR>   d--------   C:\Documents and Settings\MOPSERDAK\Dane aplikacji\Talkback
2007-10-18 15:45   0   --a------   C:\WINDOWS\nsreg.dat
2007-10-17 16:59   <DIR>   d--------   C:\Program Files\IZArc
2007-10-16 17:08   <DIR>   d--------   C:\Documents and Settings\MOPSERDAK\Dane aplikacji\teamspeak2
2007-10-16 13:53   <DIR>   d--------   C:\Program Files\Teamspeak2_RC2
2007-10-16 09:03   <DIR>   d--------   C:\Documents and Settings\MOPSERDAK\Dane aplikacji\TwoWorldsCP
2007-10-15 22:24   <DIR>   d--------   C:\WINDOWS\help
2007-10-15 17:13   <DIR>   d--------   C:\WINDOWS\system32\AGEIA
2007-10-15 17:13   <DIR>   d--------   C:\Program Files\AGEIA Technologies
2007-10-14 16:55   <DIR>   d--------   C:\Program Files\GameSpy Arcade
2007-10-10 18:08   89,360   --a------   C:\WINDOWS\system32\VB5DB.DLL
2007-10-10 18:08   69,632   --a------   C:\WINDOWS\system32\xmltok.dll
2007-10-10 18:08   36,864   --a------   C:\WINDOWS\system32\xmlparse.dll
2007-10-10 18:08   26,096   --a------   C:\WINDOWS\system32\xmlinst.exe
2007-10-10 11:37   <DIR>   d--------   C:\Program Files\uTorrent
2007-10-09 20:00   <DIR>   d--------   C:\Program Files\Konnekt
2007-10-08 18:30   <DIR>   d--------   C:\Program Files\Lavasoft
2007-10-08 18:27   <DIR>   d--------   C:\Program Files\Alwil Software
2007-10-08 18:27   801,144   --a------   C:\WINDOWS\system32\aswBoot.exe
2007-10-08 18:27   95,608   --a------   C:\WINDOWS\system32\AvastSS.scr
2007-10-08 18:27   94,416   --a------   C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-08 18:27   92,848   --a------   C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-08 18:27   42,912   --a------   C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-08 18:27   26,624   --a------   C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-08 18:27   23,152   --a------   C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-08 17:20   <DIR>   d--------   C:\Program Files\Copy Handler
2007-10-05 21:09   <DIR>   d--------   C:\Program Files\DAEMON Tools
2007-10-05 20:37   <DIR>   d--------   C:\Documents and Settings\MOPSERDAK\Dane aplikacji\Bioshock
2007-10-04 15:46   593,920   ---------   C:\WINDOWS\system32\ati2sgag.exe
2007-10-04 13:45   3,497,832   --a------   C:\WINDOWS\system32\d3dx9_34.dll
2007-10-04 13:45   3,495,784   --a------   C:\WINDOWS\system32\d3dx9_33.dll
2007-10-04 13:45   1,124,720   --a------   C:\WINDOWS\system32\D3DCompiler_34.dll
2007-10-04 13:45   1,123,696   --a------   C:\WINDOWS\system32\D3DCompiler_33.dll
2007-10-04 13:45   443,752   --a------   C:\WINDOWS\system32\d3dx10_34.dll
2007-10-04 13:45   443,752   --a------   C:\WINDOWS\system32\d3dx10_33.dll
2007-10-04 13:45   266,088   --a------   C:\WINDOWS\system32\xactengine2_8.dll
2007-10-04 13:45   261,480   --a------   C:\WINDOWS\system32\xactengine2_7.dll
2007-10-04 13:45   18,280   --a------   C:\WINDOWS\system32\x3daudio1_2.dll
2007-10-04 13:44   255,848   --a------   C:\WINDOWS\system32\xactengine2_6.dll
2007-10-03 22:18   <DIR>   d--------   C:\Program Files\A4Tech
2007-10-03 22:18   36,864   --a------   C:\WINDOWS\system32\Amhooker.dll
2007-10-03 22:18   10,240   --a------   C:\WINDOWS\system32\drivers\Amusbprt.sys
2007-10-03 22:18   9,984   --a------   C:\WINDOWS\system32\drivers\Amps2prt.sys
2007-10-03 22:18   7,424   --a------   C:\WINDOWS\system32\drivers\Arfumftr.sys
2007-10-03 22:18   5,120   --a------   C:\WINDOWS\system32\drivers\Amfilter.sys
2007-10-03 15:55   <DIR>   d--------   C:\Documents and Settings\MOPSERDAK\Dane aplikacji\Corel
2007-10-03 15:29   <DIR>   d--------   C:\Program Files\Common Files\DirectX
2007-10-03 11:47   <DIR>   d--------   C:\Program Files\Audacity
2007-10-03 11:11   <DIR>   d--------   C:\Documents and Settings\MOPSERDAK\Dane aplikacji\uTorrent

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-02 15:15   ---------   d-----w   C:\Program Files\AutoConnect
2007-11-02 15:14   ---------   d-----w   C:\Program Files\cFosSpeed
2007-11-01 18:20   ---------   d-----w   C:\Program Files\Common Files\Ahead
2007-10-28 15:22   360,576   ----a-w   C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2007-10-28 15:22   360,576   ----a-w   C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-10-22 09:08   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-10-16 08:03   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2007-10-09 13:52   ---------   d-----w   C:\Program Files\iDesk
2007-10-05 08:58   ---------   d-----w   C:\Program Files\Ashampoo
2007-10-03 11:50   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2007-10-01 10:59   ---------   d-----w   C:\Documents and Settings\MOPSERDAK\Dane aplikacji\ATI
2007-09-27 16:39   ---------   d-----w   C:\Program Files\Thomson
2007-09-27 13:32   ---------   d-----w   C:\Program Files\Multimedia Keyboard Driver
2007-09-26 22:40   ---------   d-----w   C:\Program Files\SubEdit-Player
2007-09-26 21:02   ---------   d-----w   C:\Documents and Settings\MOPSERDAK\Dane aplikacji\Spik
2007-09-25 15:19   685,816   ----a-w   C:\WINDOWS\system32\drivers\sptd.sys
2007-09-24 16:27   ---------   d-----w   C:\Documents and Settings\MOPSERDAK\Dane aplikacji\Desktop Sidebar
2007-09-22 17:04   10,944   ----a-w   C:\WINDOWS\BYEFISH.EXE
2007-09-22 14:32   ---------   d-----w   C:\Program Files\Switch Off
2007-09-19 09:17   ---------   d-----w   C:\Documents and Settings\MOPSERDAK\Dane aplikacji\Download Master
2007-09-19 09:03   ---------   d-----w   C:\Program Files\Opera
2007-09-15 20:08   ---------   d-----w   C:\Documents and Settings\MOPSERDAK\Dane aplikacji\Hamachi
2007-09-15 18:57   ---------   d-----w   C:\Documents and Settings\MOPSERDAK\Dane aplikacji\Xfire
2007-09-13 23:24   106,496   ----a-w   C:\WINDOWS\DIIUnin.exe
2007-09-13 21:24   ---------   d-----w   C:\Program Files\Hamachi
2007-09-13 21:23   25,544   ----a-w   C:\WINDOWS\system32\drivers\hamachi.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Copy Handler"="C:\Program Files\Copy Handler\ch.exe" [2005-01-31 15:18]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19]
"WireLessKeyboard"="C:\Program Files\Multimedia Keyboard Driver\StartAutorun.exe" [2005-11-30 11:48]
"WheelMouse"="C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" [2004-08-25 05:35]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [2007-06-22 16:31]
"Ashampoo FireWall"="C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2007-04-05 13:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2004-08-28 19:27]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24]
"Konnekt"="C:\Program Files\Konnekt\konnekt.exe" [2005-05-24 22:41]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
PowerMenu.lnk - C:\Program Files\PowerMenu\PowerMenu.exe [2007-07-29 20:05:02]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"=0 (0x0)
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"MemCheckBoxInRunDlg"=0 (0x0)
"NoAutoTrayNotify"=0 (0x0)
"NoResolveTrack"=0 (0x0)
"NoResolveSearch"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)
"NoRecentDocsNetHood"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoSharedDocuments"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^MOPSERDAK^Menu Start^Programy^Autostart^hamachi.lnk]
path=C:\Documents and Settings\MOPSERDAK\Menu Start\Programy\Autostart\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ]
C:\PROGRA~1\AQQ\AQQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Download Master]
C:\Program Files\Download Master\dmaster.exe -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\Program Files\Free Download Manager\fdm.exe -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
"C:\Program Files\Gadu-Gadu\gg.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Komunikator]
C:\Program Files\Tlen\tlen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SIDEBAR]
"C:\Program Files\Desktop Sidebar\dsidebar.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
"C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update]
C:\WINDOWS\system32\svhosti.exe

R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
R2 ACEDRV09;ACEDRV09;\??\C:\WINDOWS\system32\drivers\ACEDRV09.sys
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys
R3 msloop;Sterownik karty Microsoft Loopback;C:\WINDOWS\system32\DRIVERS\loop.sys
S3 dump_wmimmc;dump_wmimmc;\??\D:\Flyff\GameGuard\dump_wmimmc.sys
S3 merger;merger;"C:\Program Files\Microsoft Application Compatibility Toolkit\Application Analyzer\merger.exe"
S3 NTProcDrv;Process creation detector for NT.;\??\D:\Folder Tymczasowy\silk\isro\sroboten1.70\NtProcDrv.sys
S3 pgfilter;pgfilter;\??\C:\Program Files\PeerGuardian2\pgfilter.sys
S3 RadProbe;Radeon Probe Driver;C:\WINDOWS\system32\DRIVERS\RadProbe.sys
S3 SkLaggProtocol;Marvell Link Aggregation Protocol (LAGG) Support;C:\WINDOWS\system32\DRIVERS\yk51lagg.sys
S3 SkVlanProtocol;Marvell Virtual LAN (VLAN) Support;C:\WINDOWS\system32\DRIVERS\skvlan.sys
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys
S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\C:\WINDOWS\system32\ZDCndis5.SYS

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-02 16:15:03
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-02 16:15:47 - machine was rebooted
.
   --- E O F ---


log z hijackthis

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:17:10, on 02-11-07
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Copy Handler\ch.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\Multimedia Keyboard Driver\PS2USBKbdDrv.exe
C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Konnekt\konnekt.exe
C:\Program Files\PowerMenu\PowerMenu.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
D:\Folder Tymczasowy\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [Copy Handler] C:\Program Files\Copy Handler\ch.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Multimedia Keyboard Driver\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Konnekt] "C:\Program Files\Konnekt\konnekt.exe" /autostart
O4 - Global Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save with Download Manager... - D:\playery\media juke box\DMDownload.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{C30AA850-37C1-4DBC-95E2-508C196C1945}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

--
End of file - 5033 bytes


[Mike]

NTF => Bezpieczeństwo

[wojtas]

wklej do notatnika

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update]

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....

skasuj te wpisy w hijacku"

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O9 - Extra button: (no name) - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - (no file)