assurbanipal utworzono 30 lipca 2007 utworzono 30 lipca 2007 Złapałem to paskudztwo i nic nie pomaga. Uzyłem Spybot - Search & Destroy, Ad-Aware SE Personal, a-squared Free, sargui .... i ten dialer dalej pojawia sie przy ponownym odpalaniu kompa; Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:06, on 2007-07-30 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe C:Program FilesAlwil SoftwareAvast4ashServ.exe C:WINDOWSExplorer.exe C:PROGRA~1ALWILS~1Avast4ashDisp.exe C:WINDOWSSystem32CTHELPER.EXE C:WINDOWSsystem32spoolsv.exe C:Program Filesa-squared Freea2service.exe C:WINDOWSSystem32nvsvc32.exe C:WINDOWSVTTrayp.exe C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe C:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exe C:Program FilesAlwil SoftwareAvast4ashWebSv.exe C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe C:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exe C:Program Filesa-squared Freea2free.exe C:Program FilesMozilla Firefoxfirefox.exe C:Program FilesTrend MicroHijackThisHijackThis.exe R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%VTTrayp.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:PROGRA~1BEARSH~1BEARSH~2MediaBar.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:Program FilesBearShare applicationsBearShare MediaBarMediaBar.dll (file missing) O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe O4 - HKLM..Run: [updReg] C:WINDOWSUpdReg.EXE O4 - HKLM..Run: [CTHelper] CTHELPER.EXE O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'SYSTEM') O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'Default user') O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:Program FilesYahoo!Commonyinsthelper.dll O17 - HKLMSystemCCSServicesTcpip..{EDDE3F72-8C88-454B-AE49-97E3F3A224D5}: NameServer = 195.114.161.2,213.199.225.14 O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:Program Filesa-squared Freea2service.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe O23 - Service: S3 Graphics Co., Ltd. - Unknown owner - C:WINDOWSVTTrayp.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe -- End of file - 4621 bytes
CatchMe komentarz 30 lipca 2007 komentarz 30 lipca 2007 Log czysty. W HijackThis usuń: O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:PROGRA~1BEARSH~1BEARSH~2MediaBar.dll (file missing) O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:Program FilesBearShare applicationsBearShare MediaBarMediaBar.dll (file missing) - Wklej log z ComboFix.
assurbanipal komentarz 30 lipca 2007 Autor komentarz 30 lipca 2007 Sorki ale zapodam nowy log, bo tamten byl po czasowym usunieciu bydlaka ComboFix 07-07-30.2 - "damian" 2007-07-30 21:26:26.2 [GMT 2:00] - FAT32 Microsoft Windows XP Professional 5.1.2600.1.1250.1.1045.18.Prawda ((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-30 ))))))))))))))))))))))))))))))) 2007-07-30 21:24 52,224 C:x3a3x4q7p6u3.exe 2007-07-30 21:17 51,200 --a------ C:WINDOWSnircmd.exe 2007-07-30 21:06 <DIR> d-------- C:Program FilesTrend Micro 2007-07-30 20:42 <DIR> d--hs---- C:FOUND.009 2007-07-30 20:33 <DIR> d-------- C:DOCUME~1damianDANEAP~1Help 2007-07-30 20:15 <DIR> d-------- C:SOPHTEMP 2007-07-30 19:09 <DIR> d-------- C:Program Filesa-squared Free 2007-07-30 18:48 <DIR> d-------- C:DOCUME~1damianDANEAP~1Lavasoft 2007-07-30 18:46 <DIR> d-------- C:Program FilesLavasoft 2007-07-30 18:20 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1Spybot - Search & Destroy 2007-07-29 17:55 <DIR> d--hs---- C:FOUND.008 2007-07-29 10:36 9,464 --------- C:WINDOWSsystem32driverscdralw2k.sys 2007-07-29 10:36 9,336 --------- C:WINDOWSsystem32driverscdr4_xp.sys 2007-07-29 10:36 43,528 --------- C:WINDOWSsystem32driversPxHelp20.sys 2007-07-29 10:36 129,784 --------- C:WINDOWSsystem32pxafs.dll 2007-07-29 10:33 <DIR> d-------- C:Program FilesWinamp 2007-07-28 16:10 <DIR> d--hs---- C:FOUND.007 2007-07-28 11:07 588,288 -r-hs---- C:WINDOWSVTTrayp.exe 2007-07-26 17:25 <DIR> d-------- C:Program FilesGadu-Gadu 2007-07-26 17:11 <DIR> d--hs---- C:FOUND.006 2007-07-25 20:57 <DIR> d--hs---- C:FOUND.005 2007-07-25 18:17 <DIR> d-------- C:DOCUME~1justynaDANEAP~1WinRAR 2007-07-24 15:42 <DIR> d--hs---- C:FOUND.004 2007-07-24 13:34 <DIR> d-------- C:Program FilesBitLord 2007-07-23 16:11 <DIR> d--hs---- C:FOUND.003 2007-07-23 13:47 <DIR> d-------- C:Program FilesHLSW 2007-07-23 10:58 <DIR> d--hs---- C:FOUND.002 2007-07-22 19:01 <DIR> d-------- C:DOCUME~1justynaDANEAP~1MEGAUPLOADTOOLBAR 2007-07-22 12:06 <DIR> d-------- C:Program FilesMegauploadToolbar 2007-07-22 12:06 <DIR> d-------- C:DOCUME~1damianDANEAP~1MegauploadToolbar 2007-07-21 15:56 <DIR> d-------- C:Program FilesMarBit 2007-07-21 14:48 182,880 --a------ C:WINDOWSsystem32iuengine.dll 2007-07-21 11:47 <DIR> d-------- C:DOCUME~1justynaDANEAP~1Hamachi 2007-07-20 22:46 <DIR> d-------- C:My Downloads 2007-07-20 22:46 <DIR> d-------- C:DOCUME~1damianDANEAP~1BearShare 2007-07-20 12:15 <DIR> d--h----- C:WINDOWSsystem32GroupPolicy 2007-07-20 12:12 25,544 --a------ C:WINDOWSsystem32drivershamachi.sys 2007-07-20 12:12 <DIR> d-------- C:DOCUME~1damianDANEAP~1Hamachi 2007-07-20 12:07 <DIR> d--hs---- C:FOUND.001 2007-07-19 22:52 <DIR> d-------- C:Program FilesBearShare Applications 2007-07-19 22:52 <DIR> d-------- C:DOCUME~1justynaDANEAP~1BearShare 2007-07-19 20:05 <DIR> d--hs---- C:FOUND.000 2007-07-19 12:39 <DIR> d-------- C:WINDOWSRegisteredPackages 2007-07-19 12:38 98,816 --a------ C:WINDOWSsystem32dmstyle.dll 2007-07-19 12:38 974,848 --a------ C:WINDOWSsystem32dxdiag.exe 2007-07-19 12:38 83,968 --a------ C:WINDOWSsystem32driversnabtsfec.sys 2007-07-19 12:38 80,896 --a------ C:WINDOWSsystem32dpvsetup.exe 2007-07-19 12:38 8,192 --a------ C:WINDOWSsystem32d3d8thk.dll 2007-07-19 12:38 797,184 --a------ C:WINDOWSsystem32d3dim700.dll 2007-07-19 12:38 79,360 --a------ C:WINDOWSsystem32dpwsockx.dll 2007-07-19 12:38 77,824 --a------ C:WINDOWSsystem32dpmodemx.dll 2007-07-19 12:38 76,800 --a------ C:WINDOWSsystem32dmscript.dll 2007-07-19 12:38 733,184 --a------ C:WINDOWSsystem32qedwipes.dll 2007-07-19 12:38 723,968 --a------ C:WINDOWSsystem32dpnet.dll 2007-07-19 12:38 7,424 --a------ C:WINDOWSsystem32driversmskssrv.sys 2007-07-19 12:38 68,096 --a------ C:WINDOWSsystem32dpnhupnp.dll 2007-07-19 12:38 64,512 --a------ C:WINDOWSsystem32amstream.dll 2007-07-19 12:38 602,624 --a------ C:WINDOWSsystem32dx7vb.dll 2007-07-19 12:38 58,368 --a------ C:WINDOWSsystem32dmcompos.dll 2007-07-19 12:38 52,096 --a------ C:WINDOWSsystem32driversmsdv.sys 2007-07-19 12:38 5,504 --a------ C:WINDOWSsystem32driversmstee.sys 2007-07-19 12:38 5,248 --a------ C:WINDOWSsystem32driversmspclock.sys 2007-07-19 12:38 491,520 --a------ C:WINDOWSsystem32dsdmoprp.dll 2007-07-19 12:38 48,512 --a------ C:WINDOWSsystem32driversstream.sys 2007-07-19 12:38 470,528 --a------ C:WINDOWSsystem32qdvd.dll 2007-07-19 12:38 47,104 --a------ C:WINDOWSsystem32wstdecod.dll 2007-07-19 12:38 46,592 --a------ C:WINDOWSsystem32dxdllreg.exe 2007-07-19 12:38 4,608 --a------ C:WINDOWSsystem32driversmspqm.sys 2007-07-19 12:38 4,096 --a------ C:WINDOWSsystem32ksuser.dll 2007-07-19 12:38 4,096 --a------ C:WINDOWSsystem32driversswenum.sys 2007-07-19 12:38 381,952 --a------ C:WINDOWSsystem32dsound.dll 2007-07-19 12:38 381,952 --a------ C:WINDOWSsystem32dpvoice.dll 2007-07-19 12:38 354,816 --a------ C:WINDOWSsystem32psisdecd.dll 2007-07-19 12:38 34,304 --a------ C:WINDOWSsystem32mciqtz32.dll 2007-07-19 12:38 33,280 --a------ C:WINDOWSsystem32dmloader.dll 2007-07-19 12:38 324,096 --a------ C:WINDOWSsystem32mswebdvd.dll 2007-07-19 12:38 32,768 --a------ C:WINDOWSsystem32dpnhpast.dll 2007-07-19 12:38 316,928 --a------ C:WINDOWSsystem32qdv.dll 2007-07-19 12:38 3,072 --a------ C:WINDOWSsystem32dpnlobby.dll 2007-07-19 12:38 3,072 --a------ C:WINDOWSsystem32dpnaddr.dll 2007-07-19 12:38 292,864 --a------ C:WINDOWSsystem32ddraw.dll 2007-07-19 12:38 28,160 --a------ C:WINDOWSsystem32dplaysvr.exe 2007-07-19 12:38 27,136 --a------ C:WINDOWSsystem32dmband.dll 2007-07-19 12:38 257,024 --a------ C:WINDOWSsystem32qcap.dll 2007-07-19 12:38 24,064 --a------ C:WINDOWSsystem32ddrawex.dll 2007-07-19 12:38 230,400 --a------ C:WINDOWSsystem32dplayx.dll 2007-07-19 12:38 19,968 --a------ C:WINDOWSsystem32dpvacm.dll 2007-07-19 12:38 186,880 --a------ C:WINDOWSsystem32dsdmo.dll 2007-07-19 12:38 181,248 --a------ C:WINDOWSsystem32dmime.dll 2007-07-19 12:38 18,944 --a------ C:WINDOWSsystem32encapi.dll 2007-07-19 12:38 18,688 --a------ C:WINDOWSsystem32driverswstcodec.sys 2007-07-19 12:38 18,432 --a------ C:WINDOWSsystem32dswave.dll 2007-07-19 12:38 16,896 --a------ C:WINDOWSsystem32msyuv.dll 2007-07-19 12:38 16,896 --a------ C:WINDOWSsystem32dpnsvr.exe 2007-07-19 12:38 16,384 --a------ C:WINDOWSsystem32driversccdecode.sys 2007-07-19 12:38 15,104 --a------ C:WINDOWSsystem32driversmpe.sys 2007-07-19 12:38 14,976 --a------ C:WINDOWSsystem32driversstreamip.sys 2007-07-19 12:38 132,608 --a------ C:WINDOWSsystem32devenum.dll 2007-07-19 12:38 130,304 --a------ C:WINDOWSsystem32driversks.sys 2007-07-19 12:38 13,312 --a------ C:WINDOWSsystem32msdmo.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-30 21:23 42496 --a------ C:WINDOWSsystem32ftp.exe 2007-07-30 21:23 16896 --a------ C:WINDOWSsystem32tftp.exe 2007-07-30 20:40 685 --a------ C:WINDOWSsystem32driversfwdrv.err 2007-07-28 11:07 133632 --a------ C:WINDOWSsystem32sfc_os.dll 2007-07-20 12:29 49492 --a------ C:WINDOWSsystem32perfc015.dat 2007-07-20 12:29 355486 --a------ C:WINDOWSsystem32perfh015.dat --------- C:Program FilesUsługi online ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "avast!"="C:PROGRA~1ALWILS~1Avast4ashDisp.exe" [2007-04-30 17:42] "CTHelper"="CTHELPER.EXE" [2003-08-28 10:45 C:WINDOWSsystem32CTHELPER.EXE] R1 fwdrv;Firewall Driver;C:WINDOWSSystem32driversfwdrv.sys R1 khips;Kerio HIPS Driver;C:WINDOWSSystem32driverskhips.sys R2 S3 Graphics Co., Ltd.;S3 Graphics Co., Ltd.;"C:WINDOWSVTTrayp.exe" R2 SPF4;Sunbelt Personal Firewall 4;C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe R3 FETNDIS;Sterownik NT karty VIA PCI 10/100Mb Fast Ethernet;C:WINDOWSSystem32DRIVERSfetnd5.sys S3 ctljystk;Port gier dla karty Creative SB Live!;C:WINDOWSSystem32DRIVERSctljystk.sys S3 MEMSWEEP2;MEMSWEEP2;??C:WINDOWSSystem322.tmp ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-30 21:29:10 Windows 5.1.2600 Dodatek Service Pack. 1 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-30 21:30:51 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:32:38, on 2007-07-30 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe C:Program FilesAlwil SoftwareAvast4ashServ.exe C:PROGRA~1ALWILS~1Avast4ashDisp.exe C:WINDOWSSystem32CTHELPER.EXE C:WINDOWSsystem32spoolsv.exe C:Program Filesa-squared Freea2service.exe C:WINDOWSSystem32nvsvc32.exe C:WINDOWSVTTrayp.exe C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe C:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exe C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe C:Program FilesAlwil SoftwareAvast4ashWebSv.exe C:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exe C:WINDOWSexplorer.exe C:Program FilesMozilla Firefoxfirefox.exe C:Program FilesTrend MicroHijackThisHijackThis.exe R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe O4 - HKLM..Run: [CTHelper] CTHELPER.EXE O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'SYSTEM') O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'Default user') O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:Program FilesYahoo!Commonyinsthelper.dll O17 - HKLMSystemCCSServicesTcpip..{EDDE3F72-8C88-454B-AE49-97E3F3A224D5}: NameServer = 195.114.161.2,213.199.225.14 O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:Program Filesa-squared Freea2service.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe O23 - Service: S3 Graphics Co., Ltd. - Unknown owner - C:WINDOWSVTTrayp.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe -- End of file - 4096 bytes
assurbanipal komentarz 30 lipca 2007 Autor komentarz 30 lipca 2007 To to kasuje zawsze jak i w polaczeniach sieciowych del .... ale to gdzies sie kamufluje i odradza Te powyzsze programiki tez to wykrywaja i jeszcze kilka plikow z nim zwiazanych, ale pomimo ich usuwania przy restarcie on powraca jak feniks z popiołu.
assurbanipal komentarz 30 lipca 2007 Autor komentarz 30 lipca 2007 CatchMe dzieki, jutro sprobuje, bo to sie dzieje na kompie siostrzenca, a ja w tej chwili jestem juz u siebie. Jutro napisze jak to poskutkowalo [ Dodano: 2007-07-31, 12:07 ] Problem niestety się nie rozwiązał. Co ciekawe ten plik C:x3a3x4q7p6u3.exe w trybie awaryjnym sie nie pojawia. W trybie awaryjnym przeskanowalem avastem i programikami podanymi w pierwszym poście i cos tam znalazly i usunely, ale po ponownym uruchomieniu windowsa ten bydlak jest znowu. I jeszcze jedno moj znajomy tez mial tego gnoja i sformatowal partycje z windowsem i o dziwo on znowu byl ... dopiero sformatowanie wszystkich partycji mu pomoglo. My jednak chcemy tego uniknac. Daje ponownie logi. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:01:25, on 2007-07-31 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe C:Program FilesAlwil SoftwareAvast4ashServ.exe C:WINDOWSExplorer.exe C:PROGRA~1ALWILS~1Avast4ashDisp.exe C:WINDOWSSystem32CTHELPER.EXE C:WINDOWSsystem32spoolsv.exe C:Program Filesa-squared Freea2service.exe C:WINDOWSSystem32nvsvc32.exe C:WINDOWSVTTrayp.exe C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe C:Program FilesMozilla Firefoxfirefox.exe C:Program FilesAlwil SoftwareAvast4ashWebSv.exe C:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exe C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe C:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exe C:Program FilesTrend MicroHijackThisHijackThis.exe R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%VTTrayp.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe O4 - HKLM..Run: [CTHelper] CTHELPER.EXE O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'SYSTEM') O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'Default user') O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:Program FilesYahoo!Commonyinsthelper.dll O17 - HKLMSystemCCSServicesTcpip..{EDDE3F72-8C88-454B-AE49-97E3F3A224D5}: NameServer = 195.114.161.2,213.199.225.14 O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:Program Filesa-squared Freea2service.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe O23 - Service: S3 Graphics Co., Ltd. - Unknown owner - C:WINDOWSVTTrayp.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe -- End of file - 4244 bytes --------------- ComboFix 07-07-30.2 - "damian" 2007-07-31 12:13:35.3 [GMT 2:00] - FAT32 Microsoft Windows XP Professional 5.1.2600.1.1250.1.1045.18.Prawda ((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-31 ))))))))))))))))))))))))))))))) 2007-07-31 12:13 51,200 --a------ C:WINDOWSnircmd.exe 2007-07-31 12:09 <DIR> d-------- C:Program FilesOpera 2007-07-31 12:09 <DIR> d-------- C:DOCUME~1damianDANEAP~1Opera 2007-07-31 11:56 52,224 C:x3a3x4q7p6u3.exe 2007-07-31 11:14 <DIR> d-------- C:DOCUME~1ADMINI~1DANEAP~1Lavasoft 2007-07-31 10:49 786,432 --ah----- C:DOCUME~1ADMINI~1NTUSER.DAT 2007-07-31 10:49 <DIR> dr-h----- C:DOCUME~1ADMINI~1Dane aplikacji 2007-07-31 10:49 <DIR> dr------- C:DOCUME~1ADMINI~1Menu Start 2007-07-31 10:49 <DIR> d--h----- C:DOCUME~1ADMINI~1Ustawienia lokalne 2007-07-31 10:49 <DIR> d--h----- C:DOCUME~1ADMINI~1Szablony 2007-07-31 10:49 <DIR> d-------- C:DOCUME~1ADMINI~1Ulubione 2007-07-31 10:49 <DIR> d-------- C:DOCUME~1ADMINI~1Pulpit 2007-07-31 10:49 <DIR> d-------- C:DOCUME~1ADMINI~1Moje dokumenty 2007-07-30 23:07 588,288 --a------ C:WINDOWSsystem32vzl.exe 2007-07-30 21:06 <DIR> d-------- C:Program FilesTrend Micro 2007-07-30 20:42 <DIR> d--hs---- C:FOUND.009 2007-07-30 20:33 <DIR> d-------- C:DOCUME~1damianDANEAP~1Help 2007-07-30 20:15 <DIR> d-------- C:SOPHTEMP 2007-07-30 19:09 <DIR> d-------- C:Program Filesa-squared Free 2007-07-30 18:48 <DIR> d-------- C:DOCUME~1damianDANEAP~1Lavasoft 2007-07-30 18:46 <DIR> d-------- C:Program FilesLavasoft 2007-07-30 18:20 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1Spybot - Search & Destroy 2007-07-29 17:55 <DIR> d--hs---- C:FOUND.008 2007-07-29 10:36 9,464 --------- C:WINDOWSsystem32driverscdralw2k.sys 2007-07-29 10:36 9,336 --------- C:WINDOWSsystem32driverscdr4_xp.sys 2007-07-29 10:36 43,528 --------- C:WINDOWSsystem32driversPxHelp20.sys 2007-07-29 10:36 129,784 --------- C:WINDOWSsystem32pxafs.dll 2007-07-29 10:33 <DIR> d-------- C:Program FilesWinamp 2007-07-28 16:10 <DIR> d--hs---- C:FOUND.007 2007-07-28 11:07 588,288 -r-hs---- C:WINDOWSVTTrayp.exe 2007-07-26 17:25 <DIR> d-------- C:Program FilesGadu-Gadu 2007-07-26 17:11 <DIR> d--hs---- C:FOUND.006 2007-07-25 20:57 <DIR> d--hs---- C:FOUND.005 2007-07-25 18:17 <DIR> d-------- C:DOCUME~1justynaDANEAP~1WinRAR 2007-07-24 15:42 <DIR> d--hs---- C:FOUND.004 2007-07-24 13:34 <DIR> d-------- C:Program FilesBitLord 2007-07-23 16:11 <DIR> d--hs---- C:FOUND.003 2007-07-23 13:47 <DIR> d-------- C:Program FilesHLSW 2007-07-23 10:58 <DIR> d--hs---- C:FOUND.002 2007-07-22 19:01 <DIR> d-------- C:DOCUME~1justynaDANEAP~1MEGAUPLOADTOOLBAR 2007-07-22 12:06 <DIR> d-------- C:Program FilesMegauploadToolbar 2007-07-22 12:06 <DIR> d-------- C:DOCUME~1damianDANEAP~1MegauploadToolbar 2007-07-21 15:56 <DIR> d-------- C:Program FilesMarBit 2007-07-21 14:48 182,880 --a------ C:WINDOWSsystem32iuengine.dll 2007-07-21 11:47 <DIR> d-------- C:DOCUME~1justynaDANEAP~1Hamachi 2007-07-20 22:46 <DIR> d-------- C:My Downloads 2007-07-20 22:46 <DIR> d-------- C:DOCUME~1damianDANEAP~1BearShare 2007-07-20 12:15 <DIR> d--h----- C:WINDOWSsystem32GroupPolicy 2007-07-20 12:12 25,544 --a------ C:WINDOWSsystem32drivershamachi.sys 2007-07-20 12:12 <DIR> d-------- C:DOCUME~1damianDANEAP~1Hamachi 2007-07-20 12:07 <DIR> d--hs---- C:FOUND.001 2007-07-19 22:52 <DIR> d-------- C:Program FilesBearShare Applications 2007-07-19 22:52 <DIR> d-------- C:DOCUME~1justynaDANEAP~1BearShare 2007-07-19 20:05 <DIR> d--hs---- C:FOUND.000 2007-07-19 12:39 <DIR> d-------- C:WINDOWSRegisteredPackages 2007-07-19 12:38 98,816 --a------ C:WINDOWSsystem32dmstyle.dll 2007-07-19 12:38 974,848 --a------ C:WINDOWSsystem32dxdiag.exe 2007-07-19 12:38 83,968 --a------ C:WINDOWSsystem32driversnabtsfec.sys 2007-07-19 12:38 80,896 --a------ C:WINDOWSsystem32dpvsetup.exe 2007-07-19 12:38 8,192 --a------ C:WINDOWSsystem32d3d8thk.dll 2007-07-19 12:38 797,184 --a------ C:WINDOWSsystem32d3dim700.dll 2007-07-19 12:38 79,360 --a------ C:WINDOWSsystem32dpwsockx.dll 2007-07-19 12:38 77,824 --a------ C:WINDOWSsystem32dpmodemx.dll 2007-07-19 12:38 76,800 --a------ C:WINDOWSsystem32dmscript.dll 2007-07-19 12:38 733,184 --a------ C:WINDOWSsystem32qedwipes.dll 2007-07-19 12:38 723,968 --a------ C:WINDOWSsystem32dpnet.dll 2007-07-19 12:38 7,424 --a------ C:WINDOWSsystem32driversmskssrv.sys 2007-07-19 12:38 68,096 --a------ C:WINDOWSsystem32dpnhupnp.dll 2007-07-19 12:38 64,512 --a------ C:WINDOWSsystem32amstream.dll 2007-07-19 12:38 602,624 --a------ C:WINDOWSsystem32dx7vb.dll 2007-07-19 12:38 58,368 --a------ C:WINDOWSsystem32dmcompos.dll 2007-07-19 12:38 52,096 --a------ C:WINDOWSsystem32driversmsdv.sys 2007-07-19 12:38 5,504 --a------ C:WINDOWSsystem32driversmstee.sys 2007-07-19 12:38 5,248 --a------ C:WINDOWSsystem32driversmspclock.sys 2007-07-19 12:38 491,520 --a------ C:WINDOWSsystem32dsdmoprp.dll 2007-07-19 12:38 48,512 --a------ C:WINDOWSsystem32driversstream.sys 2007-07-19 12:38 470,528 --a------ C:WINDOWSsystem32qdvd.dll 2007-07-19 12:38 47,104 --a------ C:WINDOWSsystem32wstdecod.dll 2007-07-19 12:38 46,592 --a------ C:WINDOWSsystem32dxdllreg.exe 2007-07-19 12:38 4,608 --a------ C:WINDOWSsystem32driversmspqm.sys 2007-07-19 12:38 4,096 --a------ C:WINDOWSsystem32ksuser.dll 2007-07-19 12:38 4,096 --a------ C:WINDOWSsystem32driversswenum.sys 2007-07-19 12:38 381,952 --a------ C:WINDOWSsystem32dsound.dll 2007-07-19 12:38 381,952 --a------ C:WINDOWSsystem32dpvoice.dll 2007-07-19 12:38 354,816 --a------ C:WINDOWSsystem32psisdecd.dll 2007-07-19 12:38 34,304 --a------ C:WINDOWSsystem32mciqtz32.dll 2007-07-19 12:38 33,280 --a------ C:WINDOWSsystem32dmloader.dll 2007-07-19 12:38 324,096 --a------ C:WINDOWSsystem32mswebdvd.dll 2007-07-19 12:38 32,768 --a------ C:WINDOWSsystem32dpnhpast.dll 2007-07-19 12:38 316,928 --a------ C:WINDOWSsystem32qdv.dll 2007-07-19 12:38 3,072 --a------ C:WINDOWSsystem32dpnlobby.dll 2007-07-19 12:38 3,072 --a------ C:WINDOWSsystem32dpnaddr.dll 2007-07-19 12:38 292,864 --a------ C:WINDOWSsystem32ddraw.dll 2007-07-19 12:38 28,160 --a------ C:WINDOWSsystem32dplaysvr.exe 2007-07-19 12:38 27,136 --a------ C:WINDOWSsystem32dmband.dll 2007-07-19 12:38 257,024 --a------ C:WINDOWSsystem32qcap.dll 2007-07-19 12:38 24,064 --a------ C:WINDOWSsystem32ddrawex.dll 2007-07-19 12:38 230,400 --a------ C:WINDOWSsystem32dplayx.dll 2007-07-19 12:38 19,968 --a------ C:WINDOWSsystem32dpvacm.dll 2007-07-19 12:38 186,880 --a------ C:WINDOWSsystem32dsdmo.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-31 11:56 42496 --a------ C:WINDOWSsystem32ftp.exe 2007-07-31 11:56 16896 --a------ C:WINDOWSsystem32tftp.exe 2007-07-31 11:31 1310 --a------ C:WINDOWSsystem32driversfwdrv.err 2007-07-28 11:07 133632 --a------ C:WINDOWSsystem32sfc_os.dll 2007-07-20 12:29 49492 --a------ C:WINDOWSsystem32perfc015.dat 2007-07-20 12:29 355486 --a------ C:WINDOWSsystem32perfh015.dat --------- C:Program FilesUsługi online ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "avast!"="C:PROGRA~1ALWILS~1Avast4ashDisp.exe" [2007-04-30 17:42] "CTHelper"="CTHELPER.EXE" [2003-08-28 10:45 C:WINDOWSsystem32CTHELPER.EXE] R1 fwdrv;Firewall Driver;C:WINDOWSSystem32driversfwdrv.sys R1 khips;Kerio HIPS Driver;C:WINDOWSSystem32driverskhips.sys R2 S3 Graphics Co., Ltd.;S3 Graphics Co., Ltd.;"C:WINDOWSVTTrayp.exe" R2 SPF4;Sunbelt Personal Firewall 4;C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe R3 FETNDIS;Sterownik NT karty VIA PCI 10/100Mb Fast Ethernet;C:WINDOWSSystem32DRIVERSfetnd5.sys S3 ctljystk;Port gier dla karty Creative SB Live!;C:WINDOWSSystem32DRIVERSctljystk.sys ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-31 12:16:08 Windows 5.1.2600 Dodatek Service Pack. 1 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-31 12:17:40 --- E O F --- [ Dodano: 2007-08-01, 00:06 ] hej edytowałem posta i zapodalem nowe logi
CatchMe komentarz 1 sierpnia 2007 komentarz 1 sierpnia 2007 Zablokuj porty programami WWDC i Seconfig XP Pobierz i uruchom narzędzie : The Avenger Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz: Files to delete: C:WINDOWSVTTrayp.exe C:WINDOWSsystem32vzl.exe C:x3a3x4q7p6u3.exe Folders to delete: C:Program FilesYahoo! Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK. Po restarcie w HijackThis usuwasz wpis/wpisy: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:Program FilesYahoo!Commonyinsthelper.dll Wklejasz na forum raport: C:avenger.txt + log z HijackThis + log z Silent Runners + log z ComboFix.
assurbanipal komentarz 1 sierpnia 2007 Autor komentarz 1 sierpnia 2007 Zrobiłem wszystko co zaleciłeś. Po usunieciu ten program juz sie nie pojawia avast usunal jeszcze jakies jego odpryski. Jest tylko jeden problem. Jak po wlaczeniu laduje sie widnows wyskakuje komunikat: system nie moze odnalesc pliku C:windowsVTTrayp.exe Czy mozna to jakos wylaczyc bo jest to denerwujace?Nowe logi: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:00:48, on 2007-08-01 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe C:Program FilesAlwil SoftwareAvast4ashServ.exe C:WINDOWSExplorer.exe C:WINDOWSsystem32spoolsv.exe C:Program Filesa-squared Freea2service.exe C:PROGRA~1ALWILS~1Avast4ashDisp.exe C:WINDOWSSystem32CTHELPER.EXE C:Program FilesJavajre1.6.0_02binjusched.exe C:WINDOWSSystem32nvsvc32.exe C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe C:Program FilesAlwil SoftwareAvast4ashWebSv.exe C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe C:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exe C:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exe C:Program FilesMozilla Firefoxfirefox.exe C:Program FilesTrend MicroHijackThisHijackThis.exe R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%VTTrayp.exe O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_02binssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe O4 - HKLM..Run: [CTHelper] CTHELPER.EXE O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_02binjusched.exe" O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'SYSTEM') O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_02binnpjpi160_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_02binnpjpi160_02.dll O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll O17 - HKLMSystemCCSServicesTcpip..{EDDE3F72-8C88-454B-AE49-97E3F3A224D5}: NameServer = 195.114.161.2,213.199.225.14 O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:Program Filesa-squared Freea2service.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe O23 - Service: S3 Graphics Co., Ltd. - Unknown owner - C:WINDOWSVTTrayp.exe (file missing) O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe -- End of file - 4563 bytes -----------------------------------------------------------------------------------
CatchMe komentarz 1 sierpnia 2007 komentarz 1 sierpnia 2007 Start -> uruchom -> wpisz: services.msc Znajdź usługę S3 Graphics Co., Ltd i zatrzymaj i wyłącz ją. W HijackThis kasujesz: O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O23 - Service: S3 Graphics Co., Ltd. - Unknown owner - C:WINDOWSVTTrayp.exe (file missing)
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.