http://img89.imageshack.us/my.php?image=scr1ow3.png
EDIT.
znalazłem jeszcze jeden błąd... jezeli chce otworzyc pliki jakiegokolwiek dysku wyskakuje taki blad:
http://img100.imageshack.us/my.php?image=scr2gl1.jpg
Jak to naprawić?
Z góry dzięki.
Aktualizacje na programosy.pl:
TubeDigger • Eusing Free Registry Cleaner • Syncovery • Free YouTube to MP3 Converter • Argente Utilities • Chromium • Kaspersky Rescue Disk • Vim • reaConverter Lite
-
- Ogłoszenie:
z svchost.exe przy uruchamianiu systemu
10 posty(ów) • Strona 1 z 1
z svchost.exe przy uruchamianiu systemu
przez Tiger_92 23 Lut 2008, 16:31
http://img89.imageshack.us/my.php?image=scr1ow3.png
EDIT.
znalazłem jeszcze jeden błąd... jezeli chce otworzyc pliki jakiegokolwiek dysku wyskakuje taki blad:
http://img100.imageshack.us/my.php?image=scr2gl1.jpg
Jak to naprawić?
Z góry dzięki.
intel core 2 quad 2,4 q6600 ||| 4gb ddr2 geile ||| geforce 8800gtx 768 mb 384 bit ||| asus p4kse
- Tiger_92
- ~user
- Posty: 112
- Dołączenie: 30 Wrz 2006, 17:43
przez kahoona 23 Lut 2008, 16:41
Wyleczyć z wirusów, które tam są.
Zacznij od tego:
http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html
Poproś jeszcze "kogoś z rodziny", żeby sobie oczyścił z wirusów pendrive - i zrezygnował z Avasta.
Zacznij od tego:
http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html
Poproś jeszcze "kogoś z rodziny", żeby sobie oczyścił z wirusów pendrive - i zrezygnował z Avasta.
...no to żegnam... i kropka.
- kahoona
- ~user
- Posty: 5637
- Dołączenie: 24 Kwi 2006, 10:19
- Pochwały: 475
przez Tiger_92 23 Lut 2008, 16:48
Prosze, oto log:
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:47:44, on 2008-02-23
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
c:\program files\winamp toolbar\WinampTbServer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
c:\program files\avira\antivir personaledition classic\avscan.exe
C:\Documents and Settings\User\Pulpit\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/runonce2.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SYSTRAN Web Translator 5.0 - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Program Files\SYSTRAN\5.0\Personal\IEPlugIn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2C55887-C7E7-43C4-A1C9-0E4498B99717}: NameServer = 194.204.159.1,194.204.152.34
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
--
End of file - 8952 bytes
intel core 2 quad 2,4 q6600 ||| 4gb ddr2 geile ||| geforce 8800gtx 768 mb 384 bit ||| asus p4kse
- Tiger_92
- ~user
- Posty: 112
- Dołączenie: 30 Wrz 2006, 17:43
-
przez Dzi@dek 23 Lut 2008, 17:48
Na razie usuwasz wpisy w hijackthis:
Daj nowe logi z Combofix oraz Hijackthis.
Przenosze do działu bezpieczeństwo.
F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
Daj nowe logi z Combofix oraz Hijackthis.
Przenosze do działu bezpieczeństwo.
- Dzi@dek
- ^zasłużony
- Posty: 3854
- Dołączenie: 11 Gru 2006, 20:18
- Miejscowość: Warszawa
- Pochwały: 210
-
przez Tiger_92 23 Lut 2008, 18:35
HijackThis:
Combofix:
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:28:37, on 2008-02-23
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\User\Pulpit\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SYSTRAN Web Translator 5.0 - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Program Files\SYSTRAN\5.0\Personal\IEPlugIn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [BearShare] "D:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2C55887-C7E7-43C4-A1C9-0E4498B99717}: NameServer = 194.204.159.1,194.204.152.34
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
--
End of file - 7663 bytes
Combofix:
- Kod: Zaznacz wszystko
ComboFix 08-02-23.2 - User 2008-02-23 17:30:57.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.797 [GMT 1:00]
Running from: C:\Documents and Settings\User\Pulpit\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL
C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]04C5C37
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]04C79A3
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]04C7E56.bin
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]04C84BE.bin
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]04C8952.bin
C:\Program Files\myglobalsearch\bar\Cache\files.ini
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm
C:\svchost.exe
C:\WINDOWS\autorun.inf
D:\Autorun.inf
E:\Autorun.inf
----- BITS: Possible infected sites -----
hxxp://au.download.windowsupdate.cőj
.
((((((((((((((((((((((((( Files Created from 2008-01-23 to 2008-02-23 )))))))))))))))))))))))))))))))
.
2008-02-23 17:20 . 2007-05-09 14:00 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-02-23 17:20 . 2007-05-09 14:00 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2008-02-23 17:20 . 2007-05-09 12:09 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2008-02-23 17:20 . 2007-05-09 14:00 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2008-02-23 17:20 . 2007-05-09 14:00 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2008-02-23 17:20 . 2007-05-09 14:00 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-02-23 17:20 . 2007-05-09 14:00 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2008-02-23 16:52 . 2008-02-23 16:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-23 16:52 . 2008-02-23 16:52 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-21 18:15 . 2008-02-21 18:15 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-02-21 18:14 . 2008-02-21 18:14 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-02-21 18:14 . 2008-02-21 18:15 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-02-20 18:21 . 2008-02-20 18:21 1,409 --a------ C:\WINDOWS\system32\tmp150B4.FOT
2008-02-20 18:20 . 2008-02-07 20:15 11,042 --a------ C:\SVCHOST.EXE-16C7D411.pf
2008-02-13 09:12 . 2008-02-13 09:12 <DIR> d-------- C:\Program Files\Winamp Toolbar
2008-02-13 09:12 . 2008-02-13 09:12 <DIR> d-------- C:\Program Files\Winamp Remote
2008-02-13 09:12 . 2008-02-13 09:12 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar
2008-02-13 09:12 . 2008-02-13 09:12 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks
2008-02-13 09:08 . 2008-02-13 09:13 <DIR> d-------- C:\Program Files\Winamp
2008-02-13 09:08 . 2008-02-13 09:14 <DIR> d-------- C:\Documents and Settings\User\Dane aplikacji\Winamp
2008-02-13 09:07 . 2008-02-13 09:07 9,347,728 --a------ C:\winamp552_full_emusic-7plus_pl-pl.exe
2008-02-09 21:50 . 2008-02-23 16:07 <DIR> d-------- C:\Documents and Settings\User\Dane aplikacji\skypePM
2008-02-09 21:50 . 2008-02-09 21:50 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-02-09 21:46 . 2008-02-23 16:53 <DIR> d-------- C:\Documents and Settings\User\Dane aplikacji\Skype
2008-02-09 21:45 . 2008-02-09 21:45 <DIR> d-------- C:\Program Files\Skype
2008-02-09 21:45 . 2008-02-09 21:45 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-02-09 21:45 . 2008-02-09 21:45 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-02-09 21:44 . 2008-02-09 21:44 22,589,736 --a------ C:\SkypeSetup.exe
2008-02-09 20:42 . 2008-02-09 20:42 <DIR> d-------- C:\Program Files\Google
2008-02-09 12:54 . 2008-02-09 12:54 <DIR> d-------- C:\Documents and Settings\User\Dane aplikacji\Gadu-Gadu
2008-02-09 12:48 . 2008-02-09 12:48 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-02-09 12:48 . 2008-02-23 16:37 <DIR> d-------- C:\Documents and Settings\User\Gadu-Gadu
2008-02-09 12:47 . 2008-02-09 12:47 4,349,168 --a------ C:\gg77.exe
2008-02-09 10:47 . 2008-02-09 10:47 <DIR> d--hs---- C:\Documents and Settings\User\UserData
2008-02-09 10:46 . 2008-02-09 10:46 <DIR> d-------- C:\Program Files\Avira
2008-02-09 10:46 . 2008-02-09 10:46 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Avira
2008-02-09 10:29 . 2008-02-09 10:29 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-02-09 10:29 . 2008-02-09 10:29 <DIR> d-------- C:\Program Files\RALINK
2008-02-09 10:29 . 2006-05-04 19:02 380,928 --a------ C:\WINDOWS\system32\drivers\rt61.sys
2008-02-09 10:29 . 2005-12-15 10:38 315,392 --a------ C:\WINDOWS\system32\AegisI5.exe
2008-02-09 10:29 . 2006-05-15 16:25 295,028 --a------ C:\WINDOWS\system32\Install6x.dll
2008-02-09 10:29 . 2008-02-09 10:29 21,275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-02-09 10:29 . 2006-04-06 13:15 8,192 --a------ C:\WINDOWS\system32\drivers\RT2661.bin
2008-02-09 10:29 . 2006-04-06 13:15 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561s.bin
2008-02-09 10:29 . 2006-04-06 13:15 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561.bin
2008-02-09 10:29 . 2006-03-10 15:33 78 --a------ C:\WINDOWS\filespec6x
2008-02-01 15:22 . 2008-02-01 15:22 <DIR> d-------- C:\Program Files\Blackthrone
2008-01-31 13:15 . 2008-01-31 13:15 <DIR> d-------- C:\Program Files\TameStorm
2008-01-30 17:56 . 2008-01-30 17:56 1,409 --a------ C:\WINDOWS\system32\tmp821C1.FOT
2008-01-26 21:46 . 2008-01-26 21:46 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\NVIDIA
2008-01-26 10:58 . 2008-01-27 20:33 1 --a------ C:\s_pov.bin
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-09 09:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-24 16:29 --------- d-----w C:\Program Files\TAXI MADNESS USA
2008-01-22 09:05 --------- d-----w C:\Program Files\nfsunderground 2
2008-01-22 09:04 --------- d-----w C:\Program Files\Nowy folder
2008-01-20 11:35 --------- d-----w C:\Program Files\EA GAMES
2008-01-20 11:16 --------- d-----w C:\Program Files\EA SPORTS
2008-01-18 16:01 --------- d-----w C:\Program Files\nfs carbon
2008-01-17 10:41 --------- d-----w C:\Program Files\Double
2008-01-14 12:08 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Creative
2008-01-14 12:03 --------- d-----w C:\Program Files\Creative
2008-01-14 11:50 --------- d-----w C:\Program Files\Common Files\YDP
2008-01-12 13:12 --------- d-----w C:\Program Files\Tennis Elbow 2005
2008-01-12 13:11 --------- d-----w C:\Program Files\Ice Cream Tycoon Deluxe
2008-01-12 12:08 --------- d-----w C:\Program Files\SubEdit-Player
2008-01-12 10:21 --------- d-----w C:\Program Files\Insane
2008-01-08 13:24 --------- d-----w C:\Program Files\Warlords Battlecry II Demo
2008-01-06 11:13 --------- d-----w C:\Program Files\ICE-Land2 Demo
2008-01-04 20:20 --------- d-----w C:\Program Files\Fishtank Interactive
2008-01-04 20:19 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-04 12:36 --------- d-----w C:\Program Files\FOX Jones
2008-01-03 20:14 --------- d-----w C:\Program Files\Managed DirectX (0901)
2008-01-02 16:51 --------- d-----w C:\Program Files\Kubus3D
2008-01-02 16:32 --------- d-----w C:\Program Files\Cartall
2008-01-02 16:32 --------- d-----w C:\Program Files\Borland
2008-01-02 16:28 --------- d-----w C:\Program Files\Prawo Jazdy 2004
2008-01-02 16:20 --------- d-----w C:\Program Files\InterActive Vision
2007-12-28 20:33 --------- d-----w C:\Program Files\Disney Interactive
2007-12-24 16:18 --------- d-----w C:\Program Files\Bob Buduje Park
2007-12-07 02:14 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-12-13 17:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A5899B52-3AF9-4F56-85FE-AD7B3BE8490F}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
{37B85A29-692B-4205-9CAD-2626E4993404}
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 17:49 1185120]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 17:05 143360]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CamTray.exe" [2005-10-27 11:00 299008]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 11:54 2131392]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-09 20:42 171448]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-12 15:25 21686568]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 21:02 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-27 03:47 16208384 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 14:43 7630848]
"nwiz"="nwiz.exe" [2006-08-11 14:43 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 14:43 86016]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 14:10 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 21:55 54832]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40 155648]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 09:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 13:25 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 13:45 40960]
"SetDefPrt"="C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 17:02 49152]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 16:42 933888]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-29 08:24 282624]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-09 11:01 249896]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 23:54 37376]
"BearShare"="D:\Program Files\BearShare\BearShare.exe" [2006-08-01 17:04 3313664]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Digimax Viewer 2.1.lnk - C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe [2007-05-11 17:20:22 634880]
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2008-02-09 10:29:58 614400]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2007-06-03 20:00:58 802816]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\\system32\\sessmgr.exe:@xpsp2res.dll,-22019
"C:\\Program Files\\Codemasters\\ToCA Race Driver 2\\RD2.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"=
"C:\\Program Files\\WadiBasher\\WadiBasher.exe"=
"C:\\Program Files\\EA GAMES\\Need for Speed Underground 2\\speed2.exe"=
"C:\\Program Files\\Insane\\Game.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"=
"C:\\Program Files\\LucasArts\\Star Wars JK II Jedi Outcast\\GameData\\jk2mp.exe"=
"C:\\Documents and Settings\\User\\Pulpit\\nasze ulubione gry\\fifa2005.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\\Network Diagnostic\\xpnetdiag.exe:@xpsp3res.dll,-20000
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"D:\\Program Files\\BearShare\\BearShare.exe"=
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 13:46]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 11:50]
S3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-03 23:45]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 17:33:44
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-23 17:34:01
ComboFix-quarantined-files.txt 2008-02-23 16:33:59
.
2008-02-22 07:04:43 --- E O F ---
intel core 2 quad 2,4 q6600 ||| 4gb ddr2 geile ||| geforce 8800gtx 768 mb 384 bit ||| asus p4kse
- Tiger_92
- ~user
- Posty: 112
- Dołączenie: 30 Wrz 2006, 17:43
-
przez kahoona 23 Lut 2008, 18:44
Pobierz i uruchom
tytułem wstępu. Dziwne, że Avira pozwoliła na dokonanie wpisów.
fix w HJ!
Folder
usuń w trybie awaryjnym z wyłączonym przywracaniem systemu.
tytułem wstępu. Dziwne, że Avira pozwoliła na dokonanie wpisów.
- Kod: Zaznacz wszystko
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\[color=red]MyGlobalSearch[/color]\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\[color=red]MyGlobalSearch[/color]\bar\1.bin\MGSBAR.DLL
fix w HJ!
Folder
- Kod: Zaznacz wszystko
C:\Program Files\MyGlobalSearch
usuń w trybie awaryjnym z wyłączonym przywracaniem systemu.
Ostatnio edytowany przez kahoona, 23 Lut 2008, 18:52, edytowano w sumie 1 raz
...no to żegnam... i kropka.
- kahoona
- ~user
- Posty: 5637
- Dołączenie: 24 Kwi 2006, 10:19
- Pochwały: 475
-
przez Dzi@dek 23 Lut 2008, 18:49
Zastosuj:
http://forum.programosy.pl/bad-generic-host-process-for-win32-services-vt79489.html
Usun wpisy w hijackthis:
Otwórz notatnik i wklej:
Plik
Zapisz jako... CFScript - najlepiej jeśli zapiszesz w
takiej lokalizacji, by ikona CFScript.txt znalazła się obok ikony ComboFix.exe
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe 
Potwierdz zresetuje sie komputer.
Jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER. Rozpocznie się proces usuwania.
Daj nowe logi z Combofix oraz Hijackthis.
http://forum.programosy.pl/bad-generic-host-process-for-win32-services-vt79489.html
Usun wpisy w hijackthis:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/pl/
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
Otwórz notatnik i wklej:
File::
C:\SVCHOST.EXE-16C7D411.pf
C:\WINDOWS\system32\tmp821C1.FOT
Plik
Zapisz jako... CFScript - najlepiej jeśli zapiszesz w
takiej lokalizacji, by ikona CFScript.txt znalazła się obok ikony ComboFix.exe
Przeciągnij i upuść plik CFScript.txt na plik
ComboFix.exe
Potwierdz
zresetuje sie komputer.
Jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER. Rozpocznie się proces usuwania.
Daj nowe logi z Combofix oraz Hijackthis.
- Dzi@dek
- ^zasłużony
- Posty: 3854
- Dołączenie: 11 Gru 2006, 20:18
- Miejscowość: Warszawa
- Pochwały: 210
-
przez Tiger_92 23 Lut 2008, 19:05
Combofix:
HijackThis:
- Kod: Zaznacz wszystko
ComboFix 08-02-23.2 - User 2008-02-23 18:02:08.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.801 [GMT 1:00]
Running from: C:\Documents and Settings\User\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Pulpit\CFScript.txt
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\SVCHOST.EXE-16C7D411.pf
C:\WINDOWS\system32\tmp821C1.FOT
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\SVCHOST.EXE-16C7D411.pf
C:\WINDOWS\system32\tmp821C1.FOT
.
((((((((((((((((((((((((( Files Created from 2008-01-23 to 2008-02-23 )))))))))))))))))))))))))))))))
.
2008-02-23 17:20 . 2008-02-23 17:34 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-02-23 17:20 . 2007-05-09 14:00 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2008-02-23 17:20 . 2007-05-09 12:09 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2008-02-23 17:20 . 2007-05-09 14:00 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2008-02-23 17:20 . 2007-05-09 14:00 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2008-02-23 17:20 . 2007-05-09 14:00 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-02-23 17:20 . 2007-05-09 14:00 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2008-02-23 16:52 . 2008-02-23 16:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-23 16:52 . 2008-02-23 16:52 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-21 18:15 . 2008-02-21 18:15 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-02-21 18:14 . 2008-02-21 18:14 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-02-21 18:14 . 2008-02-21 18:15 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-02-20 18:21 . 2008-02-20 18:21 1,409 --a------ C:\WINDOWS\system32\tmp150B4.FOT
2008-02-13 09:12 . 2008-02-13 09:12 <DIR> d-------- C:\Program Files\Winamp Toolbar
2008-02-13 09:12 . 2008-02-13 09:12 <DIR> d-------- C:\Program Files\Winamp Remote
2008-02-13 09:12 . 2008-02-13 09:12 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar
2008-02-13 09:12 . 2008-02-13 09:12 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks
2008-02-13 09:08 . 2008-02-13 09:13 <DIR> d-------- C:\Program Files\Winamp
2008-02-13 09:08 . 2008-02-13 09:14 <DIR> d-------- C:\Documents and Settings\User\Dane aplikacji\Winamp
2008-02-13 09:07 . 2008-02-13 09:07 9,347,728 --a------ C:\winamp552_full_emusic-7plus_pl-pl.exe
2008-02-09 21:50 . 2008-02-23 17:38 <DIR> d-------- C:\Documents and Settings\User\Dane aplikacji\skypePM
2008-02-09 21:50 . 2008-02-09 21:50 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-02-09 21:46 . 2008-02-23 17:49 <DIR> d-------- C:\Documents and Settings\User\Dane aplikacji\Skype
2008-02-09 21:45 . 2008-02-09 21:45 <DIR> d-------- C:\Program Files\Skype
2008-02-09 21:45 . 2008-02-09 21:45 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-02-09 21:45 . 2008-02-09 21:45 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-02-09 21:44 . 2008-02-09 21:44 22,589,736 --a------ C:\SkypeSetup.exe
2008-02-09 20:42 . 2008-02-09 20:42 <DIR> d-------- C:\Program Files\Google
2008-02-09 12:54 . 2008-02-09 12:54 <DIR> d-------- C:\Documents and Settings\User\Dane aplikacji\Gadu-Gadu
2008-02-09 12:48 . 2008-02-09 12:48 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-02-09 12:48 . 2008-02-23 16:37 <DIR> d-------- C:\Documents and Settings\User\Gadu-Gadu
2008-02-09 12:47 . 2008-02-09 12:47 4,349,168 --a------ C:\gg77.exe
2008-02-09 10:47 . 2008-02-09 10:47 <DIR> d--hs---- C:\Documents and Settings\User\UserData
2008-02-09 10:46 . 2008-02-09 10:46 <DIR> d-------- C:\Program Files\Avira
2008-02-09 10:46 . 2008-02-09 10:46 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Avira
2008-02-09 10:29 . 2008-02-09 10:29 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-02-09 10:29 . 2008-02-09 10:29 <DIR> d-------- C:\Program Files\RALINK
2008-02-09 10:29 . 2006-05-04 19:02 380,928 --a------ C:\WINDOWS\system32\drivers\rt61.sys
2008-02-09 10:29 . 2005-12-15 10:38 315,392 --a------ C:\WINDOWS\system32\AegisI5.exe
2008-02-09 10:29 . 2006-05-15 16:25 295,028 --a------ C:\WINDOWS\system32\Install6x.dll
2008-02-09 10:29 . 2008-02-09 10:29 21,275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-02-09 10:29 . 2006-04-06 13:15 8,192 --a------ C:\WINDOWS\system32\drivers\RT2661.bin
2008-02-09 10:29 . 2006-04-06 13:15 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561s.bin
2008-02-09 10:29 . 2006-04-06 13:15 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561.bin
2008-02-09 10:29 . 2006-03-10 15:33 78 --a------ C:\WINDOWS\filespec6x
2008-02-01 15:22 . 2008-02-01 15:22 <DIR> d-------- C:\Program Files\Blackthrone
2008-01-31 13:15 . 2008-01-31 13:15 <DIR> d-------- C:\Program Files\TameStorm
2008-01-26 21:46 . 2008-01-26 21:46 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\NVIDIA
2008-01-26 10:58 . 2008-01-27 20:33 1 --a------ C:\s_pov.bin
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-09 09:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-24 16:29 --------- d-----w C:\Program Files\TAXI MADNESS USA
2008-01-22 09:05 --------- d-----w C:\Program Files\nfsunderground 2
2008-01-22 09:04 --------- d-----w C:\Program Files\Nowy folder
2008-01-20 11:35 --------- d-----w C:\Program Files\EA GAMES
2008-01-20 11:16 --------- d-----w C:\Program Files\EA SPORTS
2008-01-18 16:01 --------- d-----w C:\Program Files\nfs carbon
2008-01-17 10:41 --------- d-----w C:\Program Files\Double
2008-01-14 12:08 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Creative
2008-01-14 12:03 --------- d-----w C:\Program Files\Creative
2008-01-14 11:50 --------- d-----w C:\Program Files\Common Files\YDP
2008-01-12 13:12 --------- d-----w C:\Program Files\Tennis Elbow 2005
2008-01-12 13:11 --------- d-----w C:\Program Files\Ice Cream Tycoon Deluxe
2008-01-12 12:08 --------- d-----w C:\Program Files\SubEdit-Player
2008-01-12 10:21 --------- d-----w C:\Program Files\Insane
2008-01-08 13:24 --------- d-----w C:\Program Files\Warlords Battlecry II Demo
2008-01-06 11:13 --------- d-----w C:\Program Files\ICE-Land2 Demo
2008-01-04 20:20 --------- d-----w C:\Program Files\Fishtank Interactive
2008-01-04 20:19 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-04 12:36 --------- d-----w C:\Program Files\FOX Jones
2008-01-03 20:14 --------- d-----w C:\Program Files\Managed DirectX (0901)
2008-01-02 16:51 --------- d-----w C:\Program Files\Kubus3D
2008-01-02 16:32 --------- d-----w C:\Program Files\Cartall
2008-01-02 16:32 --------- d-----w C:\Program Files\Borland
2008-01-02 16:28 --------- d-----w C:\Program Files\Prawo Jazdy 2004
2008-01-02 16:20 --------- d-----w C:\Program Files\InterActive Vision
2007-12-28 20:33 --------- d-----w C:\Program Files\Disney Interactive
2007-12-24 16:18 --------- d-----w C:\Program Files\Bob Buduje Park
2007-12-07 02:14 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-12-13 17:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A5899B52-3AF9-4F56-85FE-AD7B3BE8490F}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 17:49 1185120]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 17:05 143360]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CamTray.exe" [2005-10-27 11:00 299008]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 11:54 2131392]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-09 20:42 171448]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-12 15:25 21686568]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 21:02 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-27 03:47 16208384 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 14:43 7630848]
"nwiz"="nwiz.exe" [2006-08-11 14:43 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 14:43 86016]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 14:10 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 21:55 54832]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40 155648]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 09:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 13:25 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 13:45 40960]
"SetDefPrt"="C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 17:02 49152]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 16:42 933888]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-29 08:24 282624]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-09 11:01 249896]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 23:54 37376]
"BearShare"="D:\Program Files\BearShare\BearShare.exe" [2006-08-01 17:04 3313664]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Digimax Viewer 2.1.lnk - C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe [2007-05-11 17:20:22 634880]
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2008-02-09 10:29:58 614400]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2007-06-03 20:00:58 802816]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\\system32\\sessmgr.exe:@xpsp2res.dll,-22019
"C:\\Program Files\\Codemasters\\ToCA Race Driver 2\\RD2.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"=
"C:\\Program Files\\WadiBasher\\WadiBasher.exe"=
"C:\\Program Files\\EA GAMES\\Need for Speed Underground 2\\speed2.exe"=
"C:\\Program Files\\Insane\\Game.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"=
"C:\\Program Files\\LucasArts\\Star Wars JK II Jedi Outcast\\GameData\\jk2mp.exe"=
"C:\\Documents and Settings\\User\\Pulpit\\nasze ulubione gry\\fifa2005.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\\Network Diagnostic\\xpnetdiag.exe:@xpsp3res.dll,-20000
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"D:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 13:46]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 11:50]
S3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-03 23:45]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 18:03:51
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-23 18:04:08
ComboFix-quarantined-files.txt 2008-02-23 17:04:06
ComboFix2.txt 2008-02-23 16:34:01
.
2008-02-22 07:04:43 --- E O F ---
HijackThis:
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:05:11, on 2008-02-23
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\User\Pulpit\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SYSTRAN Web Translator 5.0 - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Program Files\SYSTRAN\5.0\Personal\IEPlugIn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [BearShare] "D:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2C55887-C7E7-43C4-A1C9-0E4498B99717}: NameServer = 194.204.159.1,194.204.152.34
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
--
End of file - 7172 bytes
intel core 2 quad 2,4 q6600 ||| 4gb ddr2 geile ||| geforce 8800gtx 768 mb 384 bit ||| asus p4kse
- Tiger_92
- ~user
- Posty: 112
- Dołączenie: 30 Wrz 2006, 17:43
-
przez Dzi@dek 23 Lut 2008, 19:17
Czysto.
Usuń tylko zbędniki w autostarcie.
Start-uruchom- msconfig [enter] - zakładka uruchamianie-odznacz niepotrzebne programy ładujące sie w autostarcie.
Usuń tylko zbędniki w autostarcie.
Start-uruchom- msconfig [enter] - zakładka uruchamianie-odznacz niepotrzebne programy ładujące sie w autostarcie.
- Dzi@dek
- ^zasłużony
- Posty: 3854
- Dołączenie: 11 Gru 2006, 20:18
- Miejscowość: Warszawa
- Pochwały: 210
-
przez Tiger_92 23 Lut 2008, 19:19
Ok, wszystko fajnie działa.... dzieki wielkie ;]
intel core 2 quad 2,4 q6600 ||| 4gb ddr2 geile ||| geforce 8800gtx 768 mb 384 bit ||| asus p4kse
- Tiger_92
- ~user
- Posty: 112
- Dołączenie: 30 Wrz 2006, 17:43
-
10 posty(ów) • Strona 1 z 1
Kto jest na forum
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 19 gości