Problem z pozbyciem się Win32:Dialer-970 [Trj]

30 lipca 2007

Złapałem to paskudztwo i nic nie pomaga. Uzyłem Spybot - Search & Destroy, Ad-Aware SE Personal, a-squared Free, sargui .... i ten dialer dalej pojawia sie przy ponownym odpalaniu kompa;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:06, on 2007-07-30

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

C:Program FilesAlwil SoftwareAvast4ashServ.exe

C:WINDOWSExplorer.exe

C:PROGRA~1ALWILS~1Avast4ashDisp.exe

C:WINDOWSSystem32CTHELPER.EXE

C:WINDOWSsystem32spoolsv.exe

C:Program Filesa-squared Freea2service.exe

C:WINDOWSSystem32nvsvc32.exe

C:WINDOWSVTTrayp.exe

C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe

C:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exe

C:Program FilesAlwil SoftwareAvast4ashWebSv.exe

C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe

C:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exe

C:Program Filesa-squared Freea2free.exe

C:Program FilesMozilla Firefoxfirefox.exe

C:Program FilesTrend MicroHijackThisHijackThis.exe

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll

R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)

F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%VTTrayp.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll

O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:PROGRA~1BEARSH~1BEARSH~2MediaBar.dll (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:Program FilesBearShare applicationsBearShare MediaBarMediaBar.dll (file missing)

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL

O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe

O4 - HKLM..Run: [updReg] C:WINDOWSUpdReg.EXE

O4 - HKLM..Run: [CTHelper] CTHELPER.EXE

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup

O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'Default user')

O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:Program FilesYahoo!Commonyinsthelper.dll

O17 - HKLMSystemCCSServicesTcpip..{EDDE3F72-8C88-454B-AE49-97E3F3A224D5}: NameServer = 195.114.161.2,213.199.225.14

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:Program Filesa-squared Freea2service.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe

O23 - Service: S3 Graphics Co., Ltd. - Unknown owner - C:WINDOWSVTTrayp.exe

O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe

--

End of file - 4621 bytes

30 lipca 2007

Log czysty.

W HijackThis usuń:

O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:PROGRA~1BEARSH~1BEARSH~2MediaBar.dll (file missing)
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:Program FilesBearShare applicationsBearShare MediaBarMediaBar.dll (file missing)

- Wklej log z ComboFix.

30 lipca 2007

Sorki ale zapodam nowy log, bo tamten byl po czasowym usunieciu bydlaka

ComboFix 07-07-30.2 - "damian" 2007-07-30 21:26:26.2 [GMT 2:00] - FAT32
Microsoft Windows XP Professional 5.1.2600.1.1250.1.1045.18.Prawda

((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-30 )))))))))))))))))))))))))))))))

2007-07-30 21:24 52,224 C:x3a3x4q7p6u3.exe

2007-07-30 21:17 51,200 --a------ C:WINDOWSnircmd.exe

2007-07-30 21:06 <DIR> d-------- C:Program FilesTrend Micro

2007-07-30 20:42 <DIR> d--hs---- C:FOUND.009

2007-07-30 20:33 <DIR> d-------- C:DOCUME~1damianDANEAP~1Help

2007-07-30 20:15 <DIR> d-------- C:SOPHTEMP

2007-07-30 19:09 <DIR> d-------- C:Program Filesa-squared Free

2007-07-30 18:48 <DIR> d-------- C:DOCUME~1damianDANEAP~1Lavasoft

2007-07-30 18:46 <DIR> d-------- C:Program FilesLavasoft

2007-07-30 18:20 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1Spybot - Search & Destroy

2007-07-29 17:55 <DIR> d--hs---- C:FOUND.008

2007-07-29 10:36 9,464 --------- C:WINDOWSsystem32driverscdralw2k.sys

2007-07-29 10:36 9,336 --------- C:WINDOWSsystem32driverscdr4_xp.sys

2007-07-29 10:36 43,528 --------- C:WINDOWSsystem32driversPxHelp20.sys

2007-07-29 10:36 129,784 --------- C:WINDOWSsystem32pxafs.dll

2007-07-29 10:33 <DIR> d-------- C:Program FilesWinamp

2007-07-28 16:10 <DIR> d--hs---- C:FOUND.007

2007-07-28 11:07 588,288 -r-hs---- C:WINDOWSVTTrayp.exe

2007-07-26 17:25 <DIR> d-------- C:Program FilesGadu-Gadu

2007-07-26 17:11 <DIR> d--hs---- C:FOUND.006

2007-07-25 20:57 <DIR> d--hs---- C:FOUND.005

2007-07-25 18:17 <DIR> d-------- C:DOCUME~1justynaDANEAP~1WinRAR

2007-07-24 15:42 <DIR> d--hs---- C:FOUND.004

2007-07-24 13:34 <DIR> d-------- C:Program FilesBitLord

2007-07-23 16:11 <DIR> d--hs---- C:FOUND.003

2007-07-23 13:47 <DIR> d-------- C:Program FilesHLSW

2007-07-23 10:58 <DIR> d--hs---- C:FOUND.002

2007-07-22 19:01 <DIR> d-------- C:DOCUME~1justynaDANEAP~1MEGAUPLOADTOOLBAR

2007-07-22 12:06 <DIR> d-------- C:Program FilesMegauploadToolbar

2007-07-22 12:06 <DIR> d-------- C:DOCUME~1damianDANEAP~1MegauploadToolbar

2007-07-21 15:56 <DIR> d-------- C:Program FilesMarBit

2007-07-21 14:48 182,880 --a------ C:WINDOWSsystem32iuengine.dll

2007-07-21 11:47 <DIR> d-------- C:DOCUME~1justynaDANEAP~1Hamachi

2007-07-20 22:46 <DIR> d-------- C:My Downloads

2007-07-20 22:46 <DIR> d-------- C:DOCUME~1damianDANEAP~1BearShare

2007-07-20 12:15 <DIR> d--h----- C:WINDOWSsystem32GroupPolicy

2007-07-20 12:12 25,544 --a------ C:WINDOWSsystem32drivershamachi.sys

2007-07-20 12:12 <DIR> d-------- C:DOCUME~1damianDANEAP~1Hamachi

2007-07-20 12:07 <DIR> d--hs---- C:FOUND.001

2007-07-19 22:52 <DIR> d-------- C:Program FilesBearShare Applications

2007-07-19 22:52 <DIR> d-------- C:DOCUME~1justynaDANEAP~1BearShare

2007-07-19 20:05 <DIR> d--hs---- C:FOUND.000

2007-07-19 12:39 <DIR> d-------- C:WINDOWSRegisteredPackages

2007-07-19 12:38 98,816 --a------ C:WINDOWSsystem32dmstyle.dll

2007-07-19 12:38 974,848 --a------ C:WINDOWSsystem32dxdiag.exe

2007-07-19 12:38 83,968 --a------ C:WINDOWSsystem32driversnabtsfec.sys

2007-07-19 12:38 80,896 --a------ C:WINDOWSsystem32dpvsetup.exe

2007-07-19 12:38 8,192 --a------ C:WINDOWSsystem32d3d8thk.dll

2007-07-19 12:38 797,184 --a------ C:WINDOWSsystem32d3dim700.dll

2007-07-19 12:38 79,360 --a------ C:WINDOWSsystem32dpwsockx.dll

2007-07-19 12:38 77,824 --a------ C:WINDOWSsystem32dpmodemx.dll

2007-07-19 12:38 76,800 --a------ C:WINDOWSsystem32dmscript.dll

2007-07-19 12:38 733,184 --a------ C:WINDOWSsystem32qedwipes.dll

2007-07-19 12:38 723,968 --a------ C:WINDOWSsystem32dpnet.dll

2007-07-19 12:38 7,424 --a------ C:WINDOWSsystem32driversmskssrv.sys

2007-07-19 12:38 68,096 --a------ C:WINDOWSsystem32dpnhupnp.dll

2007-07-19 12:38 64,512 --a------ C:WINDOWSsystem32amstream.dll

2007-07-19 12:38 602,624 --a------ C:WINDOWSsystem32dx7vb.dll

2007-07-19 12:38 58,368 --a------ C:WINDOWSsystem32dmcompos.dll

2007-07-19 12:38 52,096 --a------ C:WINDOWSsystem32driversmsdv.sys

2007-07-19 12:38 5,504 --a------ C:WINDOWSsystem32driversmstee.sys

2007-07-19 12:38 5,248 --a------ C:WINDOWSsystem32driversmspclock.sys

2007-07-19 12:38 491,520 --a------ C:WINDOWSsystem32dsdmoprp.dll

2007-07-19 12:38 48,512 --a------ C:WINDOWSsystem32driversstream.sys

2007-07-19 12:38 470,528 --a------ C:WINDOWSsystem32qdvd.dll

2007-07-19 12:38 47,104 --a------ C:WINDOWSsystem32wstdecod.dll

2007-07-19 12:38 46,592 --a------ C:WINDOWSsystem32dxdllreg.exe

2007-07-19 12:38 4,608 --a------ C:WINDOWSsystem32driversmspqm.sys

2007-07-19 12:38 4,096 --a------ C:WINDOWSsystem32ksuser.dll

2007-07-19 12:38 4,096 --a------ C:WINDOWSsystem32driversswenum.sys

2007-07-19 12:38 381,952 --a------ C:WINDOWSsystem32dsound.dll

2007-07-19 12:38 381,952 --a------ C:WINDOWSsystem32dpvoice.dll

2007-07-19 12:38 354,816 --a------ C:WINDOWSsystem32psisdecd.dll

2007-07-19 12:38 34,304 --a------ C:WINDOWSsystem32mciqtz32.dll

2007-07-19 12:38 33,280 --a------ C:WINDOWSsystem32dmloader.dll

2007-07-19 12:38 324,096 --a------ C:WINDOWSsystem32mswebdvd.dll

2007-07-19 12:38 32,768 --a------ C:WINDOWSsystem32dpnhpast.dll

2007-07-19 12:38 316,928 --a------ C:WINDOWSsystem32qdv.dll

2007-07-19 12:38 3,072 --a------ C:WINDOWSsystem32dpnlobby.dll

2007-07-19 12:38 3,072 --a------ C:WINDOWSsystem32dpnaddr.dll

2007-07-19 12:38 292,864 --a------ C:WINDOWSsystem32ddraw.dll

2007-07-19 12:38 28,160 --a------ C:WINDOWSsystem32dplaysvr.exe

2007-07-19 12:38 27,136 --a------ C:WINDOWSsystem32dmband.dll

2007-07-19 12:38 257,024 --a------ C:WINDOWSsystem32qcap.dll

2007-07-19 12:38 24,064 --a------ C:WINDOWSsystem32ddrawex.dll

2007-07-19 12:38 230,400 --a------ C:WINDOWSsystem32dplayx.dll

2007-07-19 12:38 19,968 --a------ C:WINDOWSsystem32dpvacm.dll

2007-07-19 12:38 186,880 --a------ C:WINDOWSsystem32dsdmo.dll

2007-07-19 12:38 181,248 --a------ C:WINDOWSsystem32dmime.dll

2007-07-19 12:38 18,944 --a------ C:WINDOWSsystem32encapi.dll

2007-07-19 12:38 18,688 --a------ C:WINDOWSsystem32driverswstcodec.sys

2007-07-19 12:38 18,432 --a------ C:WINDOWSsystem32dswave.dll

2007-07-19 12:38 16,896 --a------ C:WINDOWSsystem32msyuv.dll

2007-07-19 12:38 16,896 --a------ C:WINDOWSsystem32dpnsvr.exe

2007-07-19 12:38 16,384 --a------ C:WINDOWSsystem32driversccdecode.sys

2007-07-19 12:38 15,104 --a------ C:WINDOWSsystem32driversmpe.sys

2007-07-19 12:38 14,976 --a------ C:WINDOWSsystem32driversstreamip.sys

2007-07-19 12:38 132,608 --a------ C:WINDOWSsystem32devenum.dll

2007-07-19 12:38 130,304 --a------ C:WINDOWSsystem32driversks.sys

2007-07-19 12:38 13,312 --a------ C:WINDOWSsystem32msdmo.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-30 21:23 42496 --a------ C:WINDOWSsystem32ftp.exe

2007-07-30 21:23 16896 --a------ C:WINDOWSsystem32tftp.exe

2007-07-30 20:40 685 --a------ C:WINDOWSsystem32driversfwdrv.err

2007-07-28 11:07 133632 --a------ C:WINDOWSsystem32sfc_os.dll

2007-07-20 12:29 49492 --a------ C:WINDOWSsystem32perfc015.dat

2007-07-20 12:29 355486 --a------ C:WINDOWSsystem32perfh015.dat

--------- C:Program FilesUsługi online

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"avast!"="C:PROGRA~1ALWILS~1Avast4ashDisp.exe" [2007-04-30 17:42]

"CTHelper"="CTHELPER.EXE" [2003-08-28 10:45 C:WINDOWSsystem32CTHELPER.EXE]

R1 fwdrv;Firewall Driver;C:WINDOWSSystem32driversfwdrv.sys

R1 khips;Kerio HIPS Driver;C:WINDOWSSystem32driverskhips.sys

R2 S3 Graphics Co., Ltd.;S3 Graphics Co., Ltd.;"C:WINDOWSVTTrayp.exe"

R2 SPF4;Sunbelt Personal Firewall 4;C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe

R3 FETNDIS;Sterownik NT karty VIA PCI 10/100Mb Fast Ethernet;C:WINDOWSSystem32DRIVERSfetnd5.sys

S3 ctljystk;Port gier dla karty Creative SB Live!;C:WINDOWSSystem32DRIVERSctljystk.sys

S3 MEMSWEEP2;MEMSWEEP2;??C:WINDOWSSystem322.tmp

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-30 21:29:10

Windows 5.1.2600 Dodatek Service Pack. 1 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-07-30 21:30:51

--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:32:38, on 2007-07-30

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

C:Program FilesAlwil SoftwareAvast4ashServ.exe

C:PROGRA~1ALWILS~1Avast4ashDisp.exe

C:WINDOWSSystem32CTHELPER.EXE

C:WINDOWSsystem32spoolsv.exe

C:Program Filesa-squared Freea2service.exe

C:WINDOWSSystem32nvsvc32.exe

C:WINDOWSVTTrayp.exe

C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe

C:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exe

C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe

C:Program FilesAlwil SoftwareAvast4ashWebSv.exe

C:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exe

C:WINDOWSexplorer.exe

C:Program FilesMozilla Firefoxfirefox.exe

C:Program FilesTrend MicroHijackThisHijackThis.exe

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll

R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL

O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe

O4 - HKLM..Run: [CTHelper] CTHELPER.EXE

O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'Default user')

O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:Program FilesYahoo!Commonyinsthelper.dll

O17 - HKLMSystemCCSServicesTcpip..{EDDE3F72-8C88-454B-AE49-97E3F3A224D5}: NameServer = 195.114.161.2,213.199.225.14

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:Program Filesa-squared Freea2service.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe

O23 - Service: S3 Graphics Co., Ltd. - Unknown owner - C:WINDOWSVTTrayp.exe

O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe

--

End of file - 4096 bytes

30 lipca 2007

C:x3a3x4q7p6u3.exe - skasuj

30 lipca 2007

To to kasuje zawsze jak i w polaczeniach sieciowych del .... ale to gdzies sie kamufluje i odradza

Te powyzsze programiki tez to wykrywaja i jeszcze kilka plikow z nim zwiazanych, ale pomimo ich usuwania przy restarcie on powraca jak feniks z popiołu.

30 lipca 2007

W trybie awarynyjm ...

30 lipca 2007

CatchMe dzieki, jutro sprobuje, bo to sie dzieje na kompie siostrzenca, a ja w tej chwili jestem juz u siebie. Jutro napisze jak to poskutkowalo

[ Dodano: 2007-07-31, 12:07 ]

Problem niestety się nie rozwiązał. Co ciekawe ten plik C:x3a3x4q7p6u3.exe

w trybie awaryjnym sie nie pojawia. W trybie awaryjnym przeskanowalem avastem i programikami podanymi w pierwszym poście i cos tam znalazly i usunely, ale po ponownym uruchomieniu windowsa ten bydlak jest znowu.

I jeszcze jedno moj znajomy tez mial tego gnoja i sformatowal partycje z windowsem i o dziwo on znowu byl ... dopiero sformatowanie wszystkich partycji mu pomoglo. My jednak chcemy tego uniknac. Daje ponownie logi.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:25, on 2007-07-31

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

C:Program FilesAlwil SoftwareAvast4ashServ.exe

C:WINDOWSExplorer.exe

C:PROGRA~1ALWILS~1Avast4ashDisp.exe

C:WINDOWSSystem32CTHELPER.EXE

C:WINDOWSsystem32spoolsv.exe

C:Program Filesa-squared Freea2service.exe

C:WINDOWSSystem32nvsvc32.exe

C:WINDOWSVTTrayp.exe

C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe

C:Program FilesMozilla Firefoxfirefox.exe

C:Program FilesAlwil SoftwareAvast4ashWebSv.exe

C:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exe

C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe

C:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exe

C:Program FilesTrend MicroHijackThisHijackThis.exe

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll

R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)

F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%VTTrayp.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL

O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe

O4 - HKLM..Run: [CTHelper] CTHELPER.EXE

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup

O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'Default user')

O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:Program FilesYahoo!Commonyinsthelper.dll

O17 - HKLMSystemCCSServicesTcpip..{EDDE3F72-8C88-454B-AE49-97E3F3A224D5}: NameServer = 195.114.161.2,213.199.225.14

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:Program Filesa-squared Freea2service.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe

O23 - Service: S3 Graphics Co., Ltd. - Unknown owner - C:WINDOWSVTTrayp.exe

O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe

--

End of file - 4244 bytes

---------------

ComboFix 07-07-30.2 - "damian" 2007-07-31 12:13:35.3 [GMT 2:00] - FAT32
Microsoft Windows XP Professional 5.1.2600.1.1250.1.1045.18.Prawda

((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-31 )))))))))))))))))))))))))))))))

2007-07-31 12:13 51,200 --a------ C:WINDOWSnircmd.exe

2007-07-31 12:09 <DIR> d-------- C:Program FilesOpera

2007-07-31 12:09 <DIR> d-------- C:DOCUME~1damianDANEAP~1Opera

2007-07-31 11:56 52,224 C:x3a3x4q7p6u3.exe

2007-07-31 11:14 <DIR> d-------- C:DOCUME~1ADMINI~1DANEAP~1Lavasoft

2007-07-31 10:49 786,432 --ah----- C:DOCUME~1ADMINI~1NTUSER.DAT

2007-07-31 10:49 <DIR> dr-h----- C:DOCUME~1ADMINI~1Dane aplikacji

2007-07-31 10:49 <DIR> dr------- C:DOCUME~1ADMINI~1Menu Start

2007-07-31 10:49 <DIR> d--h----- C:DOCUME~1ADMINI~1Ustawienia lokalne

2007-07-31 10:49 <DIR> d--h----- C:DOCUME~1ADMINI~1Szablony

2007-07-31 10:49 <DIR> d-------- C:DOCUME~1ADMINI~1Ulubione

2007-07-31 10:49 <DIR> d-------- C:DOCUME~1ADMINI~1Pulpit

2007-07-31 10:49 <DIR> d-------- C:DOCUME~1ADMINI~1Moje dokumenty

2007-07-30 23:07 588,288 --a------ C:WINDOWSsystem32vzl.exe

2007-07-30 21:06 <DIR> d-------- C:Program FilesTrend Micro

2007-07-30 20:42 <DIR> d--hs---- C:FOUND.009

2007-07-30 20:33 <DIR> d-------- C:DOCUME~1damianDANEAP~1Help

2007-07-30 20:15 <DIR> d-------- C:SOPHTEMP

2007-07-30 19:09 <DIR> d-------- C:Program Filesa-squared Free

2007-07-30 18:48 <DIR> d-------- C:DOCUME~1damianDANEAP~1Lavasoft

2007-07-30 18:46 <DIR> d-------- C:Program FilesLavasoft

2007-07-30 18:20 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1Spybot - Search & Destroy

2007-07-29 17:55 <DIR> d--hs---- C:FOUND.008

2007-07-29 10:36 9,464 --------- C:WINDOWSsystem32driverscdralw2k.sys

2007-07-29 10:36 9,336 --------- C:WINDOWSsystem32driverscdr4_xp.sys

2007-07-29 10:36 43,528 --------- C:WINDOWSsystem32driversPxHelp20.sys

2007-07-29 10:36 129,784 --------- C:WINDOWSsystem32pxafs.dll

2007-07-29 10:33 <DIR> d-------- C:Program FilesWinamp

2007-07-28 16:10 <DIR> d--hs---- C:FOUND.007

2007-07-28 11:07 588,288 -r-hs---- C:WINDOWSVTTrayp.exe

2007-07-26 17:25 <DIR> d-------- C:Program FilesGadu-Gadu

2007-07-26 17:11 <DIR> d--hs---- C:FOUND.006

2007-07-25 20:57 <DIR> d--hs---- C:FOUND.005

2007-07-25 18:17 <DIR> d-------- C:DOCUME~1justynaDANEAP~1WinRAR

2007-07-24 15:42 <DIR> d--hs---- C:FOUND.004

2007-07-24 13:34 <DIR> d-------- C:Program FilesBitLord

2007-07-23 16:11 <DIR> d--hs---- C:FOUND.003

2007-07-23 13:47 <DIR> d-------- C:Program FilesHLSW

2007-07-23 10:58 <DIR> d--hs---- C:FOUND.002

2007-07-22 19:01 <DIR> d-------- C:DOCUME~1justynaDANEAP~1MEGAUPLOADTOOLBAR

2007-07-22 12:06 <DIR> d-------- C:Program FilesMegauploadToolbar

2007-07-22 12:06 <DIR> d-------- C:DOCUME~1damianDANEAP~1MegauploadToolbar

2007-07-21 15:56 <DIR> d-------- C:Program FilesMarBit

2007-07-21 14:48 182,880 --a------ C:WINDOWSsystem32iuengine.dll

2007-07-21 11:47 <DIR> d-------- C:DOCUME~1justynaDANEAP~1Hamachi

2007-07-20 22:46 <DIR> d-------- C:My Downloads

2007-07-20 22:46 <DIR> d-------- C:DOCUME~1damianDANEAP~1BearShare

2007-07-20 12:15 <DIR> d--h----- C:WINDOWSsystem32GroupPolicy

2007-07-20 12:12 25,544 --a------ C:WINDOWSsystem32drivershamachi.sys

2007-07-20 12:12 <DIR> d-------- C:DOCUME~1damianDANEAP~1Hamachi

2007-07-20 12:07 <DIR> d--hs---- C:FOUND.001

2007-07-19 22:52 <DIR> d-------- C:Program FilesBearShare Applications

2007-07-19 22:52 <DIR> d-------- C:DOCUME~1justynaDANEAP~1BearShare

2007-07-19 20:05 <DIR> d--hs---- C:FOUND.000

2007-07-19 12:39 <DIR> d-------- C:WINDOWSRegisteredPackages

2007-07-19 12:38 98,816 --a------ C:WINDOWSsystem32dmstyle.dll

2007-07-19 12:38 974,848 --a------ C:WINDOWSsystem32dxdiag.exe

2007-07-19 12:38 83,968 --a------ C:WINDOWSsystem32driversnabtsfec.sys

2007-07-19 12:38 80,896 --a------ C:WINDOWSsystem32dpvsetup.exe

2007-07-19 12:38 8,192 --a------ C:WINDOWSsystem32d3d8thk.dll

2007-07-19 12:38 797,184 --a------ C:WINDOWSsystem32d3dim700.dll

2007-07-19 12:38 79,360 --a------ C:WINDOWSsystem32dpwsockx.dll

2007-07-19 12:38 77,824 --a------ C:WINDOWSsystem32dpmodemx.dll

2007-07-19 12:38 76,800 --a------ C:WINDOWSsystem32dmscript.dll

2007-07-19 12:38 733,184 --a------ C:WINDOWSsystem32qedwipes.dll

2007-07-19 12:38 723,968 --a------ C:WINDOWSsystem32dpnet.dll

2007-07-19 12:38 7,424 --a------ C:WINDOWSsystem32driversmskssrv.sys

2007-07-19 12:38 68,096 --a------ C:WINDOWSsystem32dpnhupnp.dll

2007-07-19 12:38 64,512 --a------ C:WINDOWSsystem32amstream.dll

2007-07-19 12:38 602,624 --a------ C:WINDOWSsystem32dx7vb.dll

2007-07-19 12:38 58,368 --a------ C:WINDOWSsystem32dmcompos.dll

2007-07-19 12:38 52,096 --a------ C:WINDOWSsystem32driversmsdv.sys

2007-07-19 12:38 5,504 --a------ C:WINDOWSsystem32driversmstee.sys

2007-07-19 12:38 5,248 --a------ C:WINDOWSsystem32driversmspclock.sys

2007-07-19 12:38 491,520 --a------ C:WINDOWSsystem32dsdmoprp.dll

2007-07-19 12:38 48,512 --a------ C:WINDOWSsystem32driversstream.sys

2007-07-19 12:38 470,528 --a------ C:WINDOWSsystem32qdvd.dll

2007-07-19 12:38 47,104 --a------ C:WINDOWSsystem32wstdecod.dll

2007-07-19 12:38 46,592 --a------ C:WINDOWSsystem32dxdllreg.exe

2007-07-19 12:38 4,608 --a------ C:WINDOWSsystem32driversmspqm.sys

2007-07-19 12:38 4,096 --a------ C:WINDOWSsystem32ksuser.dll

2007-07-19 12:38 4,096 --a------ C:WINDOWSsystem32driversswenum.sys

2007-07-19 12:38 381,952 --a------ C:WINDOWSsystem32dsound.dll

2007-07-19 12:38 381,952 --a------ C:WINDOWSsystem32dpvoice.dll

2007-07-19 12:38 354,816 --a------ C:WINDOWSsystem32psisdecd.dll

2007-07-19 12:38 34,304 --a------ C:WINDOWSsystem32mciqtz32.dll

2007-07-19 12:38 33,280 --a------ C:WINDOWSsystem32dmloader.dll

2007-07-19 12:38 324,096 --a------ C:WINDOWSsystem32mswebdvd.dll

2007-07-19 12:38 32,768 --a------ C:WINDOWSsystem32dpnhpast.dll

2007-07-19 12:38 316,928 --a------ C:WINDOWSsystem32qdv.dll

2007-07-19 12:38 3,072 --a------ C:WINDOWSsystem32dpnlobby.dll

2007-07-19 12:38 3,072 --a------ C:WINDOWSsystem32dpnaddr.dll

2007-07-19 12:38 292,864 --a------ C:WINDOWSsystem32ddraw.dll

2007-07-19 12:38 28,160 --a------ C:WINDOWSsystem32dplaysvr.exe

2007-07-19 12:38 27,136 --a------ C:WINDOWSsystem32dmband.dll

2007-07-19 12:38 257,024 --a------ C:WINDOWSsystem32qcap.dll

2007-07-19 12:38 24,064 --a------ C:WINDOWSsystem32ddrawex.dll

2007-07-19 12:38 230,400 --a------ C:WINDOWSsystem32dplayx.dll

2007-07-19 12:38 19,968 --a------ C:WINDOWSsystem32dpvacm.dll

2007-07-19 12:38 186,880 --a------ C:WINDOWSsystem32dsdmo.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-31 11:56 42496 --a------ C:WINDOWSsystem32ftp.exe

2007-07-31 11:56 16896 --a------ C:WINDOWSsystem32tftp.exe

2007-07-31 11:31 1310 --a------ C:WINDOWSsystem32driversfwdrv.err

2007-07-28 11:07 133632 --a------ C:WINDOWSsystem32sfc_os.dll

2007-07-20 12:29 49492 --a------ C:WINDOWSsystem32perfc015.dat

2007-07-20 12:29 355486 --a------ C:WINDOWSsystem32perfh015.dat

--------- C:Program FilesUsługi online

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"avast!"="C:PROGRA~1ALWILS~1Avast4ashDisp.exe" [2007-04-30 17:42]

"CTHelper"="CTHELPER.EXE" [2003-08-28 10:45 C:WINDOWSsystem32CTHELPER.EXE]

R1 fwdrv;Firewall Driver;C:WINDOWSSystem32driversfwdrv.sys

R1 khips;Kerio HIPS Driver;C:WINDOWSSystem32driverskhips.sys

R2 S3 Graphics Co., Ltd.;S3 Graphics Co., Ltd.;"C:WINDOWSVTTrayp.exe"

R2 SPF4;Sunbelt Personal Firewall 4;C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe

R3 FETNDIS;Sterownik NT karty VIA PCI 10/100Mb Fast Ethernet;C:WINDOWSSystem32DRIVERSfetnd5.sys

S3 ctljystk;Port gier dla karty Creative SB Live!;C:WINDOWSSystem32DRIVERSctljystk.sys

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-31 12:16:08

Windows 5.1.2600 Dodatek Service Pack. 1 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-07-31 12:17:40

--- E O F ---

[ Dodano: 2007-08-01, 00:06 ]

hej edytowałem posta i zapodalem nowe logi

1 sierpnia 2007

Zablokuj porty programami WWDC i Seconfig XP

Pobierz i uruchom narzędzie : The Avenger

Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz:

Files to delete:

C:WINDOWSVTTrayp.exe

C:WINDOWSsystem32vzl.exe

C:x3a3x4q7p6u3.exe

Folders to delete:

C:Program FilesYahoo!

Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK.

Po restarcie w HijackThis usuwasz wpis/wpisy:

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:Program FilesYahoo!Commonyinsthelper.dll

Wklejasz na forum raport: C:avenger.txt + log z HijackThis + log z Silent Runners + log z ComboFix.

1 sierpnia 2007

Zrobiłem wszystko co zaleciłeś. Po usunieciu ten program juz sie nie pojawia avast usunal jeszcze jakies jego odpryski.

Jest tylko jeden problem. Jak po wlaczeniu laduje sie widnows wyskakuje komunikat:

system nie moze odnalesc pliku C:windowsVTTrayp.exe

Czy mozna to jakos wylaczyc bo jest to denerwujace?

Nowe logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:00:48, on 2007-08-01

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

C:Program FilesAlwil SoftwareAvast4ashServ.exe

C:WINDOWSExplorer.exe

C:WINDOWSsystem32spoolsv.exe

C:Program Filesa-squared Freea2service.exe

C:PROGRA~1ALWILS~1Avast4ashDisp.exe

C:WINDOWSSystem32CTHELPER.EXE

C:Program FilesJavajre1.6.0_02binjusched.exe

C:WINDOWSSystem32nvsvc32.exe

C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe

C:Program FilesAlwil SoftwareAvast4ashWebSv.exe

C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe

C:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exe

C:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exe

C:Program FilesMozilla Firefoxfirefox.exe

C:Program FilesTrend MicroHijackThisHijackThis.exe

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)

F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%VTTrayp.exe

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_02binssv.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx

O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL

O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe

O4 - HKLM..Run: [CTHelper] CTHELPER.EXE

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_02binjusched.exe"

O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k

O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_02binnpjpi160_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_02binnpjpi160_02.dll

O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll

O17 - HKLMSystemCCSServicesTcpip..{EDDE3F72-8C88-454B-AE49-97E3F3A224D5}: NameServer = 195.114.161.2,213.199.225.14

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:Program Filesa-squared Freea2service.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe

O23 - Service: S3 Graphics Co., Ltd. - Unknown owner - C:WINDOWSVTTrayp.exe (file missing)

O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe

--

End of file - 4563 bytes

-----------------------------------------------------------------------------------

1 sierpnia 2007

Start -> uruchom -> wpisz: services.msc Znajdź usługę S3 Graphics Co., Ltd i zatrzymaj i wyłącz ją.

W HijackThis kasujesz:

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O23 - Service: S3 Graphics Co., Ltd. - Unknown owner - C:WINDOWSVTTrayp.exe (file missing)

Zaloguj się

Problem z pozbyciem się Win32:Dialer-970 [Trj]

assurbanipal

CatchMe

assurbanipal

CatchMe

assurbanipal

CatchMe

assurbanipal

CatchMe

assurbanipal

CatchMe

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Strona główna

Powiadomienie o plikach cookie