win32:trojan-gen. {other} jak usunąć???

**Posty:** 9 · przez **TeRuS** 15 Lut 2006, 20:13

Witam ! Jestem początkującym użytkownikiem i mam problemy z wirusem win32:trojan-gen. {other} Mam avasta i co chwile mi wyskakuje okno z tym wirusem. Jednak usuwanie go nic nie daje. Prosze o pomoc w napisaniu krok po kroku co mam zrobić!!! Mam Windowsa Xp Professional Wersja 2002 serwice pack 1. Aha mam na dysku dwa systemy jeszcze 98

**Posty:** 8694 · przez **Red** 15 Lut 2006, 20:16

po pierwsze prosze o log z hijack this objety tagami,poczytaj jak to zrobic:

http://forum.programosy.pl/hijackthis-gtobsuga-i-umieszczanie-loga-vt9452.html

po drugie daj scren z komunikatu avasta.

**Posty:** 9 · przez **TeRuS** 15 Lut 2006, 20:26

nie wiem czy dobrze zrobiłem ale to mój log prawda?

<nie znam sie>

Logfile of HijackThis v1.99.1
Scan saved at 18:18:18, on 2006-02-15
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\System32\RUNDLL32.EXE
E:\WINDOWS\System32\RunDll32.exe
E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
E:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
E:\Programy\Avast4\ashDisp.exe
E:\Programy\A4Tech\Mouse\Amoumain.exe
E:\WINDOWS\System32\LVCOMSX.EXE
E:\Programy\Logitech\Video\LogiTray.exe
E:\WINDOWS\System32\ctfmon.exe
E:\Programy\Gadu-Gadu\gg.exe
E:\Programy\Logitech\Video\FxSvr2.exe
E:\Programy\Avast4\aswUpdSv.exe
E:\Programy\Avast4\ashServ.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\win32ssr.exe
E:\Programy\Mozilla Firefox\firefox.exe
E:\Programy\Avast4\ashMaiSv.exe
E:\Programy\Avast4\ashWebSv.exe
E:\Programy\BearShare\BearShare.exe
E:\WINDOWS\System32\msnplus.exe
E:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe
E:\Programy\WinRAR\WinRAR.exe
E:\Programy\WinRAR\WinRAR.exe
E:\DOCUME~1\MICHA~1\USTAWI~1\Temp\Rar$EX00.623\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Programy\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] E:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [avast!] E:\Programy\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WheelMouse] E:\Programy\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] E:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] E:\Programy\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] E:\Programy\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AdobeReaderPro] msnplus.exe
O4 - HKLM\..\RunServices: [AdobeReaderPro] msnplus.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Programy\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] E:\Programy\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [Eyeball Chat] "E:\Programy\EYEBAL~1\EyeballChat.exe" -min
O4 - HKCU\..\Run: [eMuleAutoStart] E:\Programy\eMule\emule.exe -AutoStart
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://E:\Programy\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Programy\MICROS~1\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{A228FBBF-6063-4DB0-9C69-6294DE219022}: NameServer = 195.205.252.2,195.205.252.3
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Programy\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Programy\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Programy\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Programy\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: cyberz mansor (mansor) - Unknown owner - E:\WINDOWS\mansor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Win32Sr - Unknown owner - E:\WINDOWS\win32ssr.exe

**Posty:** 7838 · przez **Lukesh** 15 Lut 2006, 20:28

Red napisał(a):objety tagami

Red napisał(a):poczytaj jak to zrobic:

http://forum.programosy.pl/hijackthis-gtobsuga-i-umieszczanie-loga-vt9452.html

po drugie daj scren z komunikatu avasta.

SLUCHAJ A NIE ROB PO SWOJEMU !

**Posty:** 9 · przez **TeRuS** 15 Lut 2006, 20:31

chodzi o to?
E:\WINDOWS\system32\rdriv.sys
Win32:Trojan-gen. {Other}
Wirus/robak
0607-1, 2006-02-14

**Posty:** 7838 · przez **Lukesh** 15 Lut 2006, 20:33

http://forum.programosy.pl/hijackthis-gtobsuga-i-umieszczanie-loga-vt9452.html

przez **Tom@szek** 15 Lut 2006, 20:34

TeRuS nie kumasz o co sie Ciebie prosi ????
LOG MA BYć OBJęTY TAG-AMI [ code ] log [ / code]

**Posty:** 9 · przez **TeRuS** 15 Lut 2006, 20:45

Może być ??

StartupList report, 2006-02-15, 18:37:10
StartupList version: 1.52.2
Started from : E:\DOCUME~1\MICHA~1\USTAWI~1\Temp\Rar$EX00.344\HijackThis.EXE
Detected: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\System32\RUNDLL32.EXE
E:\WINDOWS\System32\RunDll32.exe
E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
E:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
E:\Programy\Avast4\ashDisp.exe
E:\Programy\A4Tech\Mouse\Amoumain.exe
E:\WINDOWS\System32\LVCOMSX.EXE
E:\Programy\Logitech\Video\LogiTray.exe
E:\WINDOWS\System32\msnplus.exe
E:\WINDOWS\System32\ctfmon.exe
E:\Programy\Gadu-Gadu\gg.exe
E:\Programy\eMule\emule.exe
E:\Programy\Logitech\Video\FxSvr2.exe
E:\Programy\Avast4\aswUpdSv.exe
E:\Programy\Avast4\ashServ.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\win32ssr.exe
E:\Programy\Mozilla Firefox\firefox.exe
E:\Programy\Avast4\ashWebSv.exe
E:\Programy\Avast4\ashMaiSv.exe
E:\WINDOWS\system32\cmd.exe
E:\WINDOWS\mansor.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\Programy\WinRAR\WinRAR.exe
E:\DOCUME~1\MICHA~1\USTAWI~1\Temp\Rar$EX00.344\HijackThis.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = E:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
NvMediaCenter = RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
Cmaudio = RunDll32 cmicnfg.cpl,CMICtrlWnd
HP Software Update = E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
DeviceDiscovery = E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
HPDJ Taskbar Utility = E:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
avast! = E:\Programy\Avast4\ashDisp.exe
WheelMouse = E:\Programy\A4Tech\Mouse\Amoumain.exe
NeroFilterCheck = E:\WINDOWS\System32\NeroCheck.exe
LVCOMSX = E:\WINDOWS\System32\LVCOMSX.EXE
LogitechVideoRepair = E:\Programy\Logitech\Video\ISStart.exe
LogitechVideoTray = E:\Programy\Logitech\Video\LogiTray.exe
AdobeReaderPro = msnplus.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

AdobeReaderPro = msnplus.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

CTFMON.EXE = E:\WINDOWS\System32\ctfmon.exe
Gadu-Gadu = "E:\Programy\Gadu-Gadu\gg.exe" /tray
LogitechSoftwareUpdate = E:\Programy\Logitech\Video\ManifestEngine.exe boot
Eyeball Chat = "E:\Programy\EYEBAL~1\EyeballChat.exe" -min
eMuleAutoStart = E:\Programy\eMule\emule.exe -AutoStart

--------------------------------------------------

Shell & screensaver key from E:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=E:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - E:\Programy\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: E:\WINDOWS\system32\SHELL32.dll
CDBurn: E:\WINDOWS\system32\SHELL32.dll
WebCheck: E:\WINDOWS\System32\webcheck.dll
SysTray: E:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 5 051 bytes
Report generated in 0,030 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

[ Dodano: Dzisiaj o 18:50 ]

StartupList report, 2006-02-15, 18:37:10
StartupList version: 1.52.2
Started from : E:\DOCUME~1\MICHA~1\USTAWI~1\Temp\Rar$EX00.344\HijackThis.EXE
Detected: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\System32\RUNDLL32.EXE
E:\WINDOWS\System32\RunDll32.exe
E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
E:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
E:\Programy\Avast4\ashDisp.exe
E:\Programy\A4Tech\Mouse\Amoumain.exe
E:\WINDOWS\System32\LVCOMSX.EXE
E:\Programy\Logitech\Video\LogiTray.exe
E:\WINDOWS\System32\msnplus.exe
E:\WINDOWS\System32\ctfmon.exe
E:\Programy\Gadu-Gadu\gg.exe
E:\Programy\eMule\emule.exe
E:\Programy\Logitech\Video\FxSvr2.exe
E:\Programy\Avast4\aswUpdSv.exe
E:\Programy\Avast4\ashServ.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\win32ssr.exe
E:\Programy\Mozilla Firefox\firefox.exe
E:\Programy\Avast4\ashWebSv.exe
E:\Programy\Avast4\ashMaiSv.exe
E:\WINDOWS\system32\cmd.exe
E:\WINDOWS\mansor.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\Programy\WinRAR\WinRAR.exe
E:\DOCUME~1\MICHA~1\USTAWI~1\Temp\Rar$EX00.344\HijackThis.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = E:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
NvMediaCenter = RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
Cmaudio = RunDll32 cmicnfg.cpl,CMICtrlWnd
HP Software Update = E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
DeviceDiscovery = E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
HPDJ Taskbar Utility = E:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
avast! = E:\Programy\Avast4\ashDisp.exe
WheelMouse = E:\Programy\A4Tech\Mouse\Amoumain.exe
NeroFilterCheck = E:\WINDOWS\System32\NeroCheck.exe
LVCOMSX = E:\WINDOWS\System32\LVCOMSX.EXE
LogitechVideoRepair = E:\Programy\Logitech\Video\ISStart.exe
LogitechVideoTray = E:\Programy\Logitech\Video\LogiTray.exe
AdobeReaderPro = msnplus.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

AdobeReaderPro = msnplus.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

CTFMON.EXE = E:\WINDOWS\System32\ctfmon.exe
Gadu-Gadu = "E:\Programy\Gadu-Gadu\gg.exe" /tray
LogitechSoftwareUpdate = E:\Programy\Logitech\Video\ManifestEngine.exe boot
Eyeball Chat = "E:\Programy\EYEBAL~1\EyeballChat.exe" -min
eMuleAutoStart = E:\Programy\eMule\emule.exe -AutoStart

--------------------------------------------------

Shell & screensaver key from E:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=E:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - E:\Programy\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: E:\WINDOWS\system32\SHELL32.dll
CDBurn: E:\WINDOWS\system32\SHELL32.dll
WebCheck: E:\WINDOWS\System32\webcheck.dll
SysTray: E:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 5 051 bytes
Report generated in 0,030 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

**Posty:** 8694 · przez **Red** 15 Lut 2006, 20:52

ten pierwszy log był prawidłowy ,tylko nie miał tagow,ten startowy nie jest nam potrzebny...

**Posty:** 9 · przez **TeRuS** 15 Lut 2006, 21:06

Logfile of HijackThis v1.99.1
Scan saved at 18:18:18, on 2006-02-15
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\System32\RUNDLL32.EXE
E:\WINDOWS\System32\RunDll32.exe
E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
E:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
E:\Programy\Avast4\ashDisp.exe
E:\Programy\A4Tech\Mouse\Amoumain.exe
E:\WINDOWS\System32\LVCOMSX.EXE
E:\Programy\Logitech\Video\LogiTray.exe
E:\WINDOWS\System32\ctfmon.exe
E:\Programy\Gadu-Gadu\gg.exe
E:\Programy\Logitech\Video\FxSvr2.exe
E:\Programy\Avast4\aswUpdSv.exe
E:\Programy\Avast4\ashServ.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\win32ssr.exe
E:\Programy\Mozilla Firefox\firefox.exe
E:\Programy\Avast4\ashMaiSv.exe
E:\Programy\Avast4\ashWebSv.exe
E:\Programy\BearShare\BearShare.exe
E:\WINDOWS\System32\msnplus.exe
E:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe
E:\Programy\WinRAR\WinRAR.exe
E:\Programy\WinRAR\WinRAR.exe
E:\DOCUME~1\MICHA~1\USTAWI~1\Temp\Rar$EX00.623\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Programy\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] E:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [avast!] E:\Programy\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WheelMouse] E:\Programy\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] E:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] E:\Programy\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] E:\Programy\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AdobeReaderPro] msnplus.exe
O4 - HKLM\..\RunServices: [AdobeReaderPro] msnplus.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Programy\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] E:\Programy\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [Eyeball Chat] "E:\Programy\EYEBAL~1\EyeballChat.exe" -min
O4 - HKCU\..\Run: [eMuleAutoStart] E:\Programy\eMule\emule.exe -AutoStart
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://E:\Programy\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Programy\MICROS~1\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{A228FBBF-6063-4DB0-9C69-6294DE219022}: NameServer = 195.205.252.2,195.205.252.3
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Programy\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Programy\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Programy\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Programy\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: cyberz mansor (mansor) - Unknown owner - E:\WINDOWS\mansor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Win32Sr - Unknown owner - E:\WINDOWS\win32ssr.exe

**Posty:** 8694 · przez **Red** 15 Lut 2006, 21:19

tak to ma wygladac prawidłowo i o ten log chodzi.Zmienilem ci sam twoj post

i tego sie trzymaj......ktos ci sprawdzi log

**Posty:** 9 · przez **TeRuS** 15 Lut 2006, 21:23

ok a ile to potrwa ??

**Posty:** 8694 · przez **Red** 15 Lut 2006, 21:30

Albo sam ci sprawdze:

E:\WINDOWS\System32\msnplus.exe
E:\WINDOWS\win32ssr.exe
O4 - HKLM\..\Run: [AdobeReaderPro] msnplus.exe
O4 - HKLM\..\RunServices: [AdobeReaderPro] msnplus.exe
O23 - Service: cyberz mansor (mansor) - Unknown owner - E:\WINDOWS\mansor.exe
O23 - Service: Win32Sr - Unknown owner - E:\WINDOWS\win32ssr.exe

to masz do usuniecia

usuwasz z wylaczonym przywracaniem systemu w xp i w trybie awaryjnym f8

to co ci pogrubiłem usuwasz recznie z systemu ,wpisy wymienione zaznaczasz w programie hijack i naciskasz fix

jesli nie dasz rady recznie to sciagnij:
http://www.bleepingcomputer.com/files/killbox.php

odpalasz Killboxa zaznacz opcję Delete on Reboot następnie w polu Full Path of File to Delete wklej scieżki:
E:\WINDOWS\win32ssr.exe
E:\WINDOWS\mansor.exe
E:\WINDOWS\System32\msnplus.exe
wciskasz x
następnie program będzie pytał o restart-potwierdzasz

dajesz log do kontroli po usuwaniu smieci....

**Posty:** 9 · przez **TeRuS** 15 Lut 2006, 22:11

Dobra ręcznie prawdopodobmnie usunąłem a jak sie usuwa w trybie araryjnym ?

przez **jeff** 15 Lut 2006, 22:21

TeRuS napisał(a):a jak sie usuwa w trybie araryjnym ?

po uruchomieniu kompa wciskaj F8 az pojawi sie menu z którego wybierasz t awaryjny. Po zaboiegach wrzuc kontrolnego loga

**Posty:** 9 · przez **TeRuS** 15 Lut 2006, 22:34

A jak zrobic to coś ,,Po zaboiegach wrzuc kontrolnego loga''

[ Dodano: Dzisiaj o 20:35 ]
A jak zrobic to coś ,,Po zaboiegach wrzuc kontrolnego loga'' i potem jak patrze do folderu z windowsem w którym są niby te wirusy to nie ma takiego czegos

przez **jeff** 15 Lut 2006, 22:36

zabieg czyli usuwanie syfu i wpisów w Hijacku. Zrobiles cos ? Daj log-a i pamietaj o tagach :!:

**Posty:** 9 · przez **TeRuS** 15 Lut 2006, 22:42

możesz napisac normalnie bo niestety nie rozumiem a przeczytaj sobie wcześniej jak coś tam podawałem tylko nie wiem jak usunac to w trybie awaryjnym a co to jest hijacku

win32:trojan-gen. {other} jak usunąć???

win32:trojan-gen. {other} jak usunąć???

Kto jest na forum