Trojan !! cz. 2

[toxek1]

Miałem antywirusa i mi się żle sie odinstalował. Mam jednego - AVG.
SUPERAntiSpyware jest to program do spyware czyli ok.
Pobrałem gmer i jak skanuje to po kilku sekundach program mi się wyłacza!!
http://global.acer.com -mam laptopa o nazwie acer i to jest ich strona domowa.

Logfile of HijackThis v1.99.1
Scan saved at 20:38:18, on 2006-09-09
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesIntelWirelessBinEvtEng.exe
C:Program FilesIntelWirelessBinS24EvMon.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:AcereManageranbmServ.exe
C:Program Filesxamppapacheinapache.exe
C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
C:Program FilesAcerAcer ArcadeKernelTVCLCapSvc.exe
C:Program FilesAcerAcer ArcadeKernelCLML_NTServiceCLMLServer.exe
C:Program FilesAcerAcer ArcadeKernelCLML_NTServiceCLMLService.exe
C:Program FilesxamppFileZillaFTPFileZillaServer.exe
C:Program Filesxamppmysqlinmysqld-nt.exe
C:PROGRA~1AGNITUMOUTPOS~1.0outpost.exe
C:Program FilesIntelWirelessBinRegSrvc.exe
C:Program FilesCyberLinkShared FilesRichVideo.exe
C:Program FilesAcerAcer ArcadeKernelTVCLSched.exe
C:Program Filesxamppapacheinapache.exe
C:WINDOWSsystem32hkcmd.exe
C:Program FilesSynapticsSynTPSynTPLpr.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesAcerAcer ArcadePCMService.exe
C:acerepmepm-dm.exe
C:Program FilesiPlusiPlusFlashSkin.exe
C:Program FilesMozilla Firefoxfirefox.exe
D:hijackthisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://global.acer.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:PROGRA~1SPYBOT~1SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O4 - HKLM..Run: [LaunchApp] Alaunch
O4 - HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM..Run: [AzMixerSel] C:Program FilesRealtekInstallShieldAzMixerSel.exe
O4 - HKLM..Run: [SynTPLpr] C:Program FilesSynapticsSynTPSynTPLpr.exe
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [PHIME2002A] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName
O4 - HKLM..Run: [PCMService] "C:Program FilesAcerAcer ArcadePCMService.exe"
O4 - HKLM..Run: [EPM-DM] c:acerepmepm-dm.exe
O4 - HKLM..Run: [ePowerManagement] C:AcerePMePM.exe boot
O4 - HKLM..Run: [eRecoveryService] C:Program FilesAcereRecoveryMonitor.exe
O4 - HKLM..Run: [iPlusManager] C:Program FilesiPlusiPlusChecker.exe
O4 - HKLM..Run: [CoolSwitch] C:WINDOWSsystem32 askswitch.exe
O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1QtZgAcer.EXE
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0_06injusched.exe
O4 - HKLM..Run: [Outpost Firewall] C:Program FilesAgnitumOutpost Firewall 1.0outpost.exe /waitservice
O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP
O4 - HKLM..Run: [Arovax Shield] C:Program FilesArovax ShieldArovaxShield.exe -tray
O4 - HKLM..Run: [Arovax AntiSpyware] C:Program FilesArovax AntiSpywarearovaxantispyware.exe /s
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Reader
eader_sl.exe
O9 - Extra button: Szybkie dostosowywanie programu Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:PROGRA~1AGNITUMOUTPOS~1.0PluginsBrowserBarie_bar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus ... nicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2600350015
O17 - HKLMSystemCCSServicesTcpip..{CA4DBDBD-DEDC-4501-B202-B6C36B28D173}: NameServer = 212.2.96.51 212.2.96.52
O20 - AppInit_DLLs: C:PROGRA~1AGNITUMOUTPOS~1.0wl_hook.dll,C:WINDOWSsystem32wmfhotfix.dll

Nie wiem o co ci chodzi z msconfig. Nie wiem co odznaczyć ??

"Gator - czyżbyś bawił się z syfiastą kaaza??" Nie wiem co to, a spybot mi czegoś takiego nie wykrył.
I co to http://www.instalki.pl/programy/Downloa ... yware.html, chyba zly
link podałes.

A wogole dzięki za pomoc. :-]

[pp3088]

Hmm SuperAntispyware, był na liście programów spyware. Fałszywa podróbka. Takich jest miliony, do usunięcia.

Hm mogłęś tam kontunować temat. Dziwne ze znikneły wszyskie 023 o.o.

w msocnifg wyłącz
-SynTPLpr
-PHIME2002A
-SynTPEnh
-CoolSwitch
-SunJavaUpdateSched

Zbędniki mulące autosrt. To ich nie usunie tylko wyłączy z automatycznego otwierania przy każdym odpaleniu systemu.

Bardzo dziwne brak już tego SASWinLogon. Napewno cały log?? Hmm nie działa gmer, to spróbujemy z czymś innym narazie : Zrób loga z Silent Runners. Ściągasz go na kompa, uruchamiasz i dajesz no i czekasz na komunikat done. Wklejasz zawartośc na forum

Silent Runners

3.Ściągnij to i zrób scan

http://www.instalki.pl/programy/downloa ... yware.html

4.Wklej logi z Hijacka i Silenta ;P

Co do tych arovaxów, to niby czyste programy, ale ewido je godnie zastąpi, ma z pewnością większa baze danych i mniej muli.

Ponawiam pytania

Co do dyfucy i gaina to go tu nie widać

Co do dyfucy to zobacz czy masz plik opimize.exe za pomocą wyszukiwarki windowsa:P

O23 - Service: mysql - Unknown owner - C:Program Filesxamppmysqlinmysqld-nt.exe" "--defaults-file=C:Program Filesxamppmysqlinmy.cnf" mysql (file missing)
C:Program FilesAcereRecoveryMonitor.exe
O23 - Service: Apache2 - Unknown owner - C:Program Filesxamppapacheinapache.exe" -k runservice (file missing)

Znasz to??

Pozdrawiam
Co do pomocy to po to tu jesteśmy.

[toxek1]

Juz odinstalowałem SuperAntispyware.
W msocnifg było tylko SynTPLpr i SynTPEnh. Tamtych 3 nie było.
Ewido mam wersje free. Bo ty mi dales link do trila czyli ktory mam miec ??

I tamto co sie pytałes czy znam to był xampp (serwer) nie umiem go skongiurowac ;-]

loga z Silent Runners:

"Silent Runners.vbs", revision 48, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun {++}
"LaunchApp" = "Alaunch" ["Acer Inc."]
"IgfxTray" = "C:WINDOWSsystem32igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:WINDOWSsystem32hkcmd.exe" ["Intel Corporation"]
"High Definition Audio Property Page Shortcut" = "HDAShCut.exe" ["Windows (R) Server 2003 DDK provider"]
"AzMixerSel" = "C:Program FilesRealtekInstallShieldAzMixerSel.exe" ["Realtek Semiconductor Corp."]
"PHIME2002A" = "C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName" [MS]
"PCMService" = ""C:Program FilesAcerAcer ArcadePCMService.exe"" ["CyberLink Corp."]
"EPM-DM" = "c:acerepmepm-dm.exe" ["Acer Inc"]
"ePowerManagement" = "C:AcerePMePM.exe boot" ["Acer Value Labs, Taiwan"]
"eRecoveryService" = "C:Program FilesAcereRecoveryMonitor.exe" ["acer Inc."]
"iPlusManager" = "C:Program FilesiPlusiPlusChecker.exe" [null data]
"CoolSwitch" = "C:WINDOWSsystem32 askswitch.exe" [null data]
"LManager" = "C:PROGRA~1LAUNCH~1QtZgAcer.EXE" ["Dritek System Inc."]
"SunJavaUpdateSched" = "C:Program FilesJavajre1.5.0_06injusched.exe" ["Sun Microsystems, Inc."]
"Outpost Firewall" = "C:Program FilesAgnitumOutpost Firewall 1.0outpost.exe /waitservice" ["Agnitum Ltd."]
"AVG7_CC" = "C:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"Arovax Shield" = "C:Program FilesArovax ShieldArovaxShield.exe -tray" ["Arovax, LLC"]
"Arovax AntiSpyware" = "C:Program FilesArovax AntiSpywarearovaxantispyware.exe /s" ["Arovax"]
"MSConfig" = "C:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe /auto" [MS]

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
{53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided)
{HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "D:PROGRA~1SPYBOT~1SDHelper.dll" ["Safer Networking Limited"]

HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
{HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
InProcServer32(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
{HKLM...CLSID} = "HyperTerminal Icon Ext"
InProcServer32(Default) = "C:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
{HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:Program FilesSynapticsSynTPSynTPCpl.dll" ["Synaptics, Inc."]
"{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0}" = "EPM-PO Shell Extension"
{HKLM...CLSID} = "EPM-PO Shell Extensions"
InProcServer32(Default) = "epm-po.dll" ["Acer Labs USA"]
"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
{HKLM...CLSID} = "Shell Extension for CDRW"
InProcServer32(Default) = "C:Program FilesAheadInCDincdshx.dll" ["Nero AG"]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
{HKLM...CLSID} = "NeroDigitalIconHandler Class"
InProcServer32(Default) = "C:Program FilesCommon FilesAheadLibNeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
{HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
InProcServer32(Default) = "C:Program FilesCommon FilesAheadLibNeroDigitalExt.dll" ["Nero AG"]
"{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD}" = "CorelDRAW Shell Extension Component"
{HKLM...CLSID} = "CorelDRAW Shell Extension Component"
InProcServer32(Default) = "D:Program FilesCorelCorel Graphics 11DRAWCDRVIEWERCrlShell110.dll" ["Corel Corporation"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
{HKLM...CLSID} = "Portable Media Devices"
InProcServer32(Default) = "C:WINDOWSsystem32Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
{HKLM...CLSID} = "Portable Media Devices Menu"
InProcServer32(Default) = "C:WINDOWSsystem32Audiodev.dll" [MS]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
{HKLM...CLSID} = "Shell Search Band"
InProcServer32(Default) = "C:WINDOWSsystem32rowseui.dll" [MS]
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"
{HKLM...CLSID} = "ShellLink for Application References"
InProcServer32(Default) = "C:WINDOWSsystem32dfshim.dll" [MS]
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"
{HKLM...CLSID} = "Shell Icon Handler for Application References"
InProcServer32(Default) = "C:WINDOWSsystem32dfshim.dll" [MS]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
{HKLM...CLSID} = "Shell Extension for Malware scanning"
InProcServer32(Default) = "C:Program FilesAntiVir PersonalEdition Classicshlext.dll" ["H+BEDV Datentechnik GmbH"]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Uniwersalne urządzenia Plug and Play"
{HKLM...CLSID} = "Uniwersalne urządzenia Plug and Play"
InProcServer32(Default) = "C:WINDOWSsystem32upnpui.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
{HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRAR arext.dll" [null data]
"{709C6E11-538F-4759-86AC-6ACB302AA0DE}" = "Desktop Manager"
{HKCU...CLSID} = "Desktop Manager"
InProcServer32(Default) = "C:WINDOWSsystem32msvdm.dll" [null data]
"{1530F7EE-5128-43BD-9977-84A4B0FAD7DF}" = "PhotoToys"
{HKCU...CLSID} = (no title provided)
InProcServer32(Default) = "C:WINDOWSsystem32phototoys.dll" [MS]
"{efb97cb8-a4a4-4357-a261-002ffaed0267}" = "CD Slideshow Powertoy"
{HKCU...CLSID} = "CD Burn Slideshow Hook"
InProcServer32(Default) = "C:WINDOWSsystem32slideshow.dll" [MS]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
{HKLM...CLSID} = "AVG7 Shell Extension Class"
InProcServer32(Default) = "C:PROGRA~1GrisoftAVGFRE~1avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
{HKLM...CLSID} = "AVG7 Find Extension Class"
InProcServer32(Default) = "C:PROGRA~1GrisoftAVGFRE~1avgse.dll" ["GRISOFT, s.r.o."]
"{A155339D-CCCD-4714-85EB-3754B804C9DF}" = "a-squared Free Context Menu Shell Extension"
{HKLM...CLSID} = "a-squared Free Context Menu"
InProcServer32(Default) = "C:PROGRA~1A-SQUA~1A2FREE~1.DLL" ["Emsi Software GmbH"]

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks
INFECTION WARNING! "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook"
{HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook"
InProcServer32(Default) = "C:PROGRA~1WINDOW~4MpShHook.dll" [MS]
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
{HKLM...CLSID} = "CShellExecuteHookImpl Object"
InProcServer32(Default) = "C:Program Filesewido anti-spyware 4.0shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows
INFECTION WARNING! "AppInit_DLLs" = "C:PROGRA~1AGNITUMOUTPOS~1.0wl_hook.dll,C:WINDOWSsystem32wmfhotfix.dll" [file not found]

HKLMSystemCurrentControlSetControlSession Manager
INFECTION WARNING! "BootExecute" = "autocheck autochk * SsiEfr.ex" [file not found], [MS], [file not found], [file not found]

HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify
INFECTION WARNING! igfxcuiDLLName = "igfxdev.dll" ["Intel Corporation"]

HKLMSoftwareClassesFoldershellexColumnHandlers
{7D4D6379-F301-4311-BEBA-E26EB0561882}(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
{HKLM...CLSID} = "NeroDigitalColumnHandler Class"
InProcServer32(Default) = "C:Program FilesCommon FilesAheadLibNeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info"
{HKLM...CLSID} = "PDF Shell Extension"
InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXPDFShell.dll" ["Adobe Systems, Inc."]

HKLMSoftwareClasses*shellexContextMenuHandlers
ASW(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
{HKLM...CLSID} = "Outpost.ASWShellExt Component"
InProcServer32(Default) = "C:PROGRA~1AGNITUMOUTPOS~1.0op_shell.dll" ["Agnitum Ltd."]
AVG7 Shell Extension(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
{HKLM...CLSID} = "AVG7 Shell Extension Class"
InProcServer32(Default) = "C:PROGRA~1GrisoftAVGFRE~1avgse.dll" ["GRISOFT, s.r.o."]
ewido anti-spyware(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
{HKLM...CLSID} = "CContextScan Object"
InProcServer32(Default) = "C:Program Filesewido anti-spyware 4.0context.dll" ["Anti-Malware Development a.s."]
Shell Extension for Malware scanning(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
{HKLM...CLSID} = "Shell Extension for Malware scanning"
InProcServer32(Default) = "C:Program FilesAntiVir PersonalEdition Classicshlext.dll" ["H+BEDV Datentechnik GmbH"]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRAR arext.dll" [null data]

HKLMSoftwareClassesDirectoryshellexContextMenuHandlers
ASW(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
{HKLM...CLSID} = "Outpost.ASWShellExt Component"
InProcServer32(Default) = "C:PROGRA~1AGNITUMOUTPOS~1.0op_shell.dll" ["Agnitum Ltd."]
ewido anti-spyware(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
{HKLM...CLSID} = "CContextScan Object"
InProcServer32(Default) = "C:Program Filesewido anti-spyware 4.0context.dll" ["Anti-Malware Development a.s."]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRAR arext.dll" [null data]

HKLMSoftwareClassesFoldershellexContextMenuHandlers
a2FreeContMenu(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"
{HKLM...CLSID} = "a-squared Free Context Menu"
InProcServer32(Default) = "C:PROGRA~1A-SQUA~1A2FREE~1.DLL" ["Emsi Software GmbH"]
ASW(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
{HKLM...CLSID} = "Outpost.ASWShellExt Component"
InProcServer32(Default) = "C:PROGRA~1AGNITUMOUTPOS~1.0op_shell.dll" ["Agnitum Ltd."]
AVG7 Shell Extension(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
{HKLM...CLSID} = "AVG7 Shell Extension Class"
InProcServer32(Default) = "C:PROGRA~1GrisoftAVGFRE~1avgse.dll" ["GRISOFT, s.r.o."]
Shell Extension for Malware scanning(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
{HKLM...CLSID} = "Shell Extension for Malware scanning"
InProcServer32(Default) = "C:Program FilesAntiVir PersonalEdition Classicshlext.dll" ["H+BEDV Datentechnik GmbH"]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRAR arext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState

HKCUControl PanelDesktop
"Wallpaper" = "C:Documents and Settings omekDane aplikacjiMozillaFirefoxTapeta pulpitu.bmp"


Enabled Screen Saver:
---------------------

HKCUControl PanelDesktop
"SCRNSAVE.EXE" = "C:WINDOWS3DWORL~1.SCR" [file not found]


Startup items in "tomek" & "All Users" startup folders:
-------------------------------------------------------

C:Documents and SettingsAll UsersMenu StartProgramyAutostart
INFECTION WARNING! "Adobe Reader Speed Launch.lnk.disabled" [null data]
"Adobe Reader Speed Launch" shortcut to: "C:Program FilesAdobeAcrobat 7.0Reader eader_sl.exe" ["Adobe Systems Incorporated"]


Enabled Scheduled Tasks:
------------------------

"At1" launches: "D:\Look2Me-Destroyer.exe /task" ["Atribune.org"]
"MP Scheduled Scan" launches: "C:Program FilesWindows DefenderMpCmdRun.exe Scan -RestrictPrivileges" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Entries {++}
000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]
000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]

Transport Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Entries {++}
0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 21
%SystemRoot%system32 svpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLMSoftwareMicrosoftInternet ExplorerToolbar
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
{HKLM...CLSID} = "Yahoo! Toolbar"
InProcServer32(Default) = "C:Program FilesYahoo!CompanionInstallscpnyt.dll" ["Yahoo! Inc."]

Explorer Bars

HKCUSoftwareMicrosoftInternet ExplorerExplorer Bars
{21569614-B795-46B1-85F4-E737A8DC09AD}(Default) = (no title provided)
{HKLM...CLSID} = "Shell Search Band"
InProcServer32(Default) = "C:WINDOWSsystem32rowseui.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLMSoftwareMicrosoftInternet ExplorerExtensions
{44627E97-789B-40D4-B5C2-58BD171129A1}
"ButtonText" = "Szybkie dostosowywanie programu Outpost Firewall Pro"

{FB5F1910-F110-11D2-BB9E-00C04F795683}
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:Program FilesMessengermsmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Apache2, Apache2, ""C:Program Filesxamppapacheinapache.exe" -k runservice" ["Apache Software Foundation"]
AVG7 Alert Manager Server, Avg7Alrt, "C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe" ["GRISOFT, s.r.o."]
CyberLink Background Capture Service (CBCS), CLCapSvc, ""C:Program FilesAcerAcer ArcadeKernelTVCLCapSvc.exe"" [empty string]
CyberLink Media Library Service, CyberLink Media Library Service, ""C:Program FilesAcerAcer ArcadeKernelCLML_NTServiceCLMLServer.exe"" ["Cyberlink"]
Cyberlink RichVideo Service(CRVS), RichVideo, ""C:Program FilesCyberLinkShared FilesRichVideo.exe"" [empty string]
CyberLink Task Scheduler (CTS), CLSched, ""C:Program FilesAcerAcer ArcadeKernelTVCLSched.exe"" [empty string]
EvtEng, EvtEng, "C:Program FilesIntelWirelessBinEvtEng.exe" ["Intel Corporation"]
FileZilla Server FTP server, FileZilla Server, "C:Program FilesxamppFileZillaFTPFileZillaServer.exe" ["FileZilla Project"]
mysql, mysql, ""C:Program Filesxamppmysqlinmysqld-nt.exe" "--defaults-file=C:Program Filesxamppmysqlinmy.cnf" mysql" [null data]
Notebook Manager Service, anbmService, "C:AcereManageranbmServ.exe" ["OSA Technologies Inc."]
Outpost Firewall Service, OutpostFirewall, "C:PROGRA~1AGNITUMOUTPOS~1.0outpost.exe /service" ["Agnitum Ltd."]
RegSrvc, RegSrvc, "C:Program FilesIntelWirelessBinRegSrvc.exe" ["Intel Corporation"]
Spectrum24 Event Monitor, S24EventMonitor, "C:Program FilesIntelWirelessBinS24EvMon.exe" ["Intel Corporation "]
Windows Defender Service, WinDefend, ""C:Program FilesWindows DefenderMsMpEng.exe"" [MS]
Windows User Mode Driver Framework, UMWdf, "C:WINDOWSsystem32wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLMSystemCurrentControlSetControlPrintMonitors
Microsoft Shared Fax MonitorDriver = "FXSMON.DLL" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 28 seconds, including 4 seconds for message boxes)

Log z Hijacka:

Logfile of HijackThis v1.99.1
Scan saved at 21:33:35, on 2006-09-09
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesIntelWirelessBinEvtEng.exe
C:Program FilesIntelWirelessBinS24EvMon.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:AcereManageranbmServ.exe
C:Program Filesxamppapacheinapache.exe
C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
C:Program FilesAcerAcer ArcadeKernelTVCLCapSvc.exe
C:Program FilesAcerAcer ArcadeKernelCLML_NTServiceCLMLServer.exe
C:Program FilesAcerAcer ArcadeKernelCLML_NTServiceCLMLService.exe
C:Program FilesxamppFileZillaFTPFileZillaServer.exe
C:Program Filesxamppmysqlinmysqld-nt.exe
C:PROGRA~1AGNITUMOUTPOS~1.0outpost.exe
C:Program FilesIntelWirelessBinRegSrvc.exe
C:Program FilesCyberLinkShared FilesRichVideo.exe
C:Program FilesAcerAcer ArcadeKernelTVCLSched.exe
C:Program Filesxamppapacheinapache.exe
C:WINDOWSsystem32hkcmd.exe
C:Program FilesSynapticsSynTPSynTPLpr.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesAcerAcer ArcadePCMService.exe
C:acerepmepm-dm.exe
C:Program FilesiPlusiPlusFlashSkin.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesGrisoftAVG Freeavgcc.exe
C:Program FilesWapsterAQQAQQ.exe
C:WINDOWSsystem32msiexec.exe
C:Program FilesAvant Browseravant.exe
D:hijackthisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://global.acer.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:PROGRA~1SPYBOT~1SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O4 - HKLM..Run: [LaunchApp] Alaunch
O4 - HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM..Run: [AzMixerSel] C:Program FilesRealtekInstallShieldAzMixerSel.exe
O4 - HKLM..Run: [PHIME2002A] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName
O4 - HKLM..Run: [PCMService] "C:Program FilesAcerAcer ArcadePCMService.exe"
O4 - HKLM..Run: [EPM-DM] c:acerepmepm-dm.exe
O4 - HKLM..Run: [ePowerManagement] C:AcerePMePM.exe boot
O4 - HKLM..Run: [eRecoveryService] C:Program FilesAcereRecoveryMonitor.exe
O4 - HKLM..Run: [iPlusManager] C:Program FilesiPlusiPlusChecker.exe
O4 - HKLM..Run: [CoolSwitch] C:WINDOWSsystem32 askswitch.exe
O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1QtZgAcer.EXE
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0_06injusched.exe
O4 - HKLM..Run: [Outpost Firewall] C:Program FilesAgnitumOutpost Firewall 1.0outpost.exe /waitservice
O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP
O4 - HKLM..Run: [Arovax Shield] C:Program FilesArovax ShieldArovaxShield.exe -tray
O4 - HKLM..Run: [Arovax AntiSpyware] C:Program FilesArovax AntiSpywarearovaxantispyware.exe /s
O4 - HKLM..Run: [MSConfig] C:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe /auto
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Reader eader_sl.exe
O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:Program FilesAvant BrowserAddAllToADBlackList.htm
O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:Program FilesAvant BrowserAddToADBlackList.htm
O8 - Extra context menu item: Otwórz w nowym Avant Browser - C:Program FilesAvant BrowserOpenInNewBrowser.htm
O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... - C:Program FilesAvant BrowserOpenAllLinks.htm
O8 - Extra context menu item: Podświetl - C:Program FilesAvant BrowserHighlight.htm
O8 - Extra context menu item: Szukaj - C:Program FilesAvant BrowserSearch.htm
O9 - Extra button: Szybkie dostosowywanie programu Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:PROGRA~1AGNITUMOUTPOS~1.0PluginsBrowserBarie_bar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus ... nicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2600350015
O17 - HKLMSystemCCSServicesTcpip..{CA4DBDBD-DEDC-4501-B202-B6C36B28D173}: NameServer = 212.2.96.51 212.2.96.52
O20 - AppInit_DLLs: C:PROGRA~1AGNITUMOUTPOS~1.0wl_hook.dll,C:WINDOWSsystem32wmfhotfix.dll
O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxdev.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:AcereManageranbmServ.exe
O23 - Service: Apache2 - Unknown owner - C:Program Filesxamppapacheinapache.exe" -k runservice (file missing)
O23 - Service: AVE Service (AVEService) - Unknown owner - C:Program FilesAVIRA DesktopAVESVC.EXE (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
O23 - Service: AVIRA Mail Security Service (AVIRAMailService) - Unknown owner - C:Program FilesAVIRA DesktopAVMAILC.EXE (file missing)
O23 - Service: AVIRA Service (AVIRAService) - Unknown owner - C:Program FilesAVIRA DesktopAVGUARD.EXE (file missing)
O23 - Service: AVIRA Update (AVWUpSrv) - Unknown owner - C:Program FilesAVIRA DesktopAVWUPSRV.EXE (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:Program FilesAcerAcer ArcadeKernelTVCLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:Program FilesAcerAcer ArcadeKernelTVCLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:Program FilesAcerAcer ArcadeKernelCLML_NTServiceCLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:Program FilesIntelWirelessBinEvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:Program Filesewido anti-spyware 4.0guard.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:Program FilesxamppFileZillaFTPFileZillaServer.exe
O23 - Service: mysql - Unknown owner - C:Program Filesxamppmysqlinmysqld-nt.exe" "--defaults-file=C:Program Filesxamppmysqlinmy.cnf" mysql (file missing)
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:PROGRA~1AGNITUMOUTPOS~1.0outpost.exe
O23 - Service: RegSrvc - Intel Corporation - C:Program FilesIntelWirelessBinRegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared FilesRichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%WinPcap pcapd.exe" -d -f "%ProgramFiles%WinPcap pcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:Program FilesIntelWirelessBinS24EvMon.exe
O23 - Service: SysEnforce - Unknown owner - C:PROGRA~1TRISNA~1SSISYSENF~1.EXE (file missing)

[pp3088]

HKLMSystemCurrentControlSetControlSession Manager
INFECTION WARNING! "BootExecute" = "autocheck autochk * SsiEfr.ex" [file not found], [MS], [file not found], [file not found]

start>>uruchom>>regedit>>HK LOCAL MACHINE>>systemcurent>>control ser>>control>> sesion manager>> mas zpo prawej wartość bootexcute>>prawoklik i daj modyfikuj>>usuń wszystko opróćz autocheck autochk *.

O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM..Run: [PHIME2002A] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName

Potrzebne ci te prgoramy??

O23 - Service: AVE Service (AVEService) - Unknown owner - C:Program FilesAVIRA DesktopAVESVC.EXE (file missing)
O23 - Service: AVIRA Mail Security Service (AVIRAMailService) - Unknown owner - C:Program FilesAVIRA DesktopAVMAILC.EXE (file missing)
O23 - Service: AVIRA Service (AVIRAService) - Unknown owner - C:Program FilesAVIRA DesktopAVGUARD.EXE (file missing)
O23 - Service: AVIRA Update (AVWUpSrv) - Unknown owner - C:Program FilesAVIRA DesktopAVWUPSRV.EXE (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared FilesRichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%WinPcap
pcapd.exe" -d -f "%ProgramFiles%WinPcap
pcapd.ini (file missing)

Usuń resztki usług + antywira w awaryjnym podczas startyu systrmu F8.

Hmm co skaner nadal wykrywa te trojany?? Jeśli tka to podaj lokalizacje:P

[toxek1]

Rejestrze usunołem. Teraz mi wogóle się szybciej komp włacza. Dzięki ;-]

O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe - to potrzebne.

""O4 - HKLM..Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM..Run: [PHIME2002A] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName"" - a tych nie znam ;-(

I jeszcze raz dam loga:

Logfile of HijackThis v1.99.1
Scan saved at 09:56:59, on 2006-09-10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesIntelWirelessBinEvtEng.exe
C:Program FilesIntelWirelessBinS24EvMon.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:AcereManageranbmServ.exe
C:Program Filesxamppapacheinapache.exe
C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
C:Program FilesAcerAcer ArcadeKernelTVCLCapSvc.exe
C:Program FilesAcerAcer ArcadeKernelCLML_NTServiceCLMLServer.exe
C:Program FilesAcerAcer ArcadeKernelCLML_NTServiceCLMLService.exe
C:Program Filesewido anti-spyware 4.0guard.exe
C:Program FilesxamppFileZillaFTPFileZillaServer.exe
C:Program Filesxamppmysqlinmysqld-nt.exe
C:PROGRA~1AGNITUMOUTPOS~1.0outpost.exe
C:Program FilesIntelWirelessBinRegSrvc.exe
C:Program FilesCyberLinkShared FilesRichVideo.exe
C:Program Filesxamppapacheinapache.exe
C:Program FilesAcerAcer ArcadeKernelTVCLSched.exe
C:WINDOWSsystem32hkcmd.exe
C:Program FilesAcereRecoveryMonitor.exe
C:Program FilesAcerAcer ArcadePCMService.exe
C:acerepmepm-dm.exe
C:WINDOWSsystem32 askswitch.exe
C:Program FilesJavajre1.5.0_06injusched.exe
C:PROGRA~1GrisoftAVGFRE~1avgcc.exe
C:Program FilesiPlusiPlusFlashSkin.exe
C:Program FilesMozilla Firefoxfirefox.exe
D:hijackthisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://global.acer.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:PROGRA~1SPYBOT~1SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O4 - HKLM..Run: [LaunchApp] Alaunch
O4 - HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM..Run: [AzMixerSel] C:Program FilesRealtekInstallShieldAzMixerSel.exe
O4 - HKLM..Run: [PHIME2002A] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName
O4 - HKLM..Run: [PCMService] "C:Program FilesAcerAcer ArcadePCMService.exe"
O4 - HKLM..Run: [EPM-DM] c:acerepmepm-dm.exe
O4 - HKLM..Run: [ePowerManagement] C:AcerePMePM.exe boot
O4 - HKLM..Run: [eRecoveryService] C:Program FilesAcereRecoveryMonitor.exe
O4 - HKLM..Run: [iPlusManager] C:Program FilesiPlusiPlusChecker.exe
O4 - HKLM..Run: [CoolSwitch] C:WINDOWSsystem32 askswitch.exe
O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1QtZgAcer.EXE
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0_06injusched.exe
O4 - HKLM..Run: [Outpost Firewall] C:Program FilesAgnitumOutpost Firewall 1.0outpost.exe /waitservice
O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Reader eader_sl.exe
O9 - Extra button: Szybkie dostosowywanie programu Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:PROGRA~1AGNITUMOUTPOS~1.0PluginsBrowserBarie_bar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus ... nicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2600350015
O17 - HKLMSystemCCSServicesTcpip..{CA4DBDBD-DEDC-4501-B202-B6C36B28D173}: NameServer = 212.2.96.51 212.2.96.52
O20 - AppInit_DLLs: C:PROGRA~1AGNITUMOUTPOS~1.0wl_hook.dll,C:WINDOWSsystem32wmfhotfix.dll
O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxdev.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:AcereManageranbmServ.exe
O23 - Service: Apache2 - Unknown owner - C:Program Filesxamppapacheinapache.exe" -k runservice (file missing)
O23 - Service: AVE Service (AVEService) - Unknown owner - C:Program FilesAVIRA DesktopAVESVC.EXE (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
O23 - Service: AVIRA Mail Security Service (AVIRAMailService) - Unknown owner - C:Program FilesAVIRA DesktopAVMAILC.EXE (file missing)
O23 - Service: AVIRA Service (AVIRAService) - Unknown owner - C:Program FilesAVIRA DesktopAVGUARD.EXE (file missing)
O23 - Service: AVIRA Update (AVWUpSrv) - Unknown owner - C:Program FilesAVIRA DesktopAVWUPSRV.EXE (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:Program FilesAcerAcer ArcadeKernelTVCLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:Program FilesAcerAcer ArcadeKernelTVCLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:Program FilesAcerAcer ArcadeKernelCLML_NTServiceCLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:Program FilesIntelWirelessBinEvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:Program Filesewido anti-spyware 4.0guard.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:Program FilesxamppFileZillaFTPFileZillaServer.exe
O23 - Service: mysql - Unknown owner - C:Program Filesxamppmysqlinmysqld-nt.exe" "--defaults-file=C:Program Filesxamppmysqlinmy.cnf" mysql (file missing)
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:PROGRA~1AGNITUMOUTPOS~1.0outpost.exe
O23 - Service: RegSrvc - Intel Corporation - C:Program FilesIntelWirelessBinRegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared FilesRichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%WinPcap pcapd.exe" -d -f "%ProgramFiles%WinPcap pcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:Program FilesIntelWirelessBinS24EvMon.exe
O23 - Service: SysEnforce - Unknown owner - C:PROGRA~1TRISNA~1SSISYSENF~1.EXE (file missing)



Ja mam AVG i nic mi nie wykrywa, a jak skanuje tym płtnym pokazuje mi się:

Obiekt "troj/taladra-f BackDoor" został znaleziony w systemie plików!
Obiekt "gain.gator Spyware/Adware" został znaleziony w systemie plików!
Obiekt "conducent flexpak Spyware/Adware" został znaleziony w systemie plików!
Obiekt "dyfuca Spyware/Adware"został znaleziony w systemie plików!


I w raporcie jest taki wpis :

Sat Sep 09 16:56:23 2006 => System found infected with troj/taladra-f BackDoor ({e7bc34a3-ba86-11cf-84b1-cbc2da68bf6c})! Action taken: Nie podjęto działania.

Wogóle dzięki za pomoc. Fajny ciebie koles ;-]
Tez jestem na forum dobreprogramy.pl i tam nikt mi nie pomogł.
Każdy miał mnie w d... !!
Dzieki za pomoc.
Instalki is the best !!

[pp3088]

Bardzo dziękuję za słowa pochwały.

Hmm teraz ta dłuższa część. start>.uruchom>>regedit>>kasujesz te wpisy

HKLocalMachine>>>system>>CurrentControlSet>>Services>>NTAuth
HKCurrentRoot>>CLSID>>(E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C)
HKCirrentRoot>>Interface>>(E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C)
HKCurrentRoot>>Interface>>(E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C)
HKCcurrentRoot>>NTService.Control.1
HKCcurrentRoot>>TypeLib>>(E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C)

to jest pierwsze wyjśćie albo


http://www.instalki.pl/programy/downloa ... Tools.html ściągasz to
instalujesz dajesz 1 opcje potem tools >>registry finder>>i wklejasz te znaki w tych klamrach {}

Potem usuwasz plik w C:Windows u najprawdopodobniej system i szukasz pliku ntsvc.ocx i go usuwasz, jeśli będzie odmowa dostępu to potraktuj go tym : https://www.instalki.pl/download/programy/windows/narzedzia/narzedzia-dyskowe/unlocker/

albo start>>uruchom>>cmd>>wpisujesz RD /S /Q C:WINDOWSSYSTEM
tsvc.ocx

O23 - Service: AVE Service (AVEService) - Unknown owner - C:Program FilesAVIRA DesktopAVESVC.EXE (file missing)
O23 - Service: AVIRA Mail Security Service (AVIRAMailService) - Unknown owner - C:Program FilesAVIRA DesktopAVMAILC.EXE (file missing)
O23 - Service: AVIRA Service (AVIRAService) - Unknown owner - C:Program FilesAVIRA DesktopAVGUARD.EXE (file missing)
O23 - Service: AVIRA Update (AVWUpSrv) - Unknown owner - C:Program FilesAVIRA DesktopAVWUPSRV.EXE (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared FilesRichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%WinPcap
pcapd.exe" -d -f "%ProgramFiles%WinPcap
pcapd.ini (file missing)
O23 - Service: mysql - Unknown owner - C:Program Filesxamppmysqlinmysqld-nt.exe" "--defaults-file=C:Program Filesxamppmysqlinmy.cnf" mysql (file missing

Siedzą dalej Zrób tak start>>uruchom>>msconfig>>zakładka usługi i odptaszkuj avira service, avira update, cyberlink richvideo, avia Mail, Ave Security, Remote Packer Capture Protocol v.0, mysql. Dajesz zastosuj i ok a potem zaptaszkowujesz w hijacku i dajesz fix. Zbędne usłgi od starego antywira.

Radzę inny antywir ten dużo przepuszcza, spróbuj avasta albo kacpra masz na http://www.instalki.pl w dziale antywirusowe.

http://www.instalki.pl/programy/downloa ... eaner.html ściągnij i zmień porty na zielone, to tak na przyszłość, może jedynie netbios być na żółto.

Pozdrawiam

[toxek1]

HKLocalMachine>>>system>>CurrentControlSet>>Services>>NTAuth - tego nie mam w rejestrze. Reszte skasowałem.

ntsvc.ocx - tego też nie było nawet w folderach ukrytych.

W msconfig nie odznaczyłem mysql bo to się przyda do serweru (jak bede zakładał) ;-]

Logfile of HijackThis v1.99.1
Scan saved at 13:19:26, on 2006-09-10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesIntelWirelessBinEvtEng.exe
C:Program FilesIntelWirelessBinS24EvMon.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:AcereManageranbmServ.exe
C:Program Filesxamppapacheinapache.exe
C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
C:Program FilesAcerAcer ArcadeKernelTVCLCapSvc.exe
C:Program FilesAcerAcer ArcadeKernelCLML_NTServiceCLMLServer.exe
C:Program FilesAcerAcer ArcadeKernelCLML_NTServiceCLMLService.exe
C:Program FilesxamppFileZillaFTPFileZillaServer.exe
C:Program Filesxamppmysqlinmysqld-nt.exe
C:PROGRA~1AGNITUMOUTPOS~1.0outpost.exe
C:Program FilesIntelWirelessBinRegSrvc.exe
C:Program FilesCyberLinkShared FilesRichVideo.exe
C:Program Filesxamppapacheinapache.exe
C:Program FilesAcerAcer ArcadeKernelTVCLSched.exe
C:WINDOWSsystem32hkcmd.exe
C:Program FilesAcereRecoveryMonitor.exe
C:Program FilesAcerAcer ArcadePCMService.exe
C:acerepmepm-dm.exe
C:WINDOWSsystem32 askswitch.exe
C:Program FilesJavajre1.5.0_06injusched.exe
C:PROGRA~1GrisoftAVGFRE~1avgcc.exe
C:Program FilesiPlusiPlusFlashSkin.exe
C:Program FilesMozilla Firefoxfirefox.exe
D:hijackthisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://global.acer.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:PROGRA~1SPYBOT~1SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O4 - HKLM..Run: [LaunchApp] Alaunch
O4 - HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM..Run: [AzMixerSel] C:Program FilesRealtekInstallShieldAzMixerSel.exe
O4 - HKLM..Run: [PHIME2002A] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName
O4 - HKLM..Run: [PCMService] "C:Program FilesAcerAcer ArcadePCMService.exe"
O4 - HKLM..Run: [EPM-DM] c:acerepmepm-dm.exe
O4 - HKLM..Run: [ePowerManagement] C:AcerePMePM.exe boot
O4 - HKLM..Run: [eRecoveryService] C:Program FilesAcereRecoveryMonitor.exe
O4 - HKLM..Run: [iPlusManager] C:Program FilesiPlusiPlusChecker.exe
O4 - HKLM..Run: [CoolSwitch] C:WINDOWSsystem32 askswitch.exe
O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1QtZgAcer.EXE
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0_06injusched.exe
O4 - HKLM..Run: [Outpost Firewall] C:Program FilesAgnitumOutpost Firewall 1.0outpost.exe /waitservice
O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP
O4 - HKLM..Run: [MSConfig] C:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe /auto
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Reader eader_sl.exe
O9 - Extra button: Szybkie dostosowywanie programu Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:PROGRA~1AGNITUMOUTPOS~1.0PluginsBrowserBarie_bar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus ... nicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2600350015
O17 - HKLMSystemCCSServicesTcpip..{CA4DBDBD-DEDC-4501-B202-B6C36B28D173}: NameServer = 212.2.96.51 212.2.96.52
O20 - AppInit_DLLs: C:PROGRA~1AGNITUMOUTPOS~1.0wl_hook.dll,C:WINDOWSsystem32wmfhotfix.dll
O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxdev.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:AcereManageranbmServ.exe
O23 - Service: Apache2 - Unknown owner - C:Program Filesxamppapacheinapache.exe" -k runservice (file missing)
O23 - Service: AVE Service (AVEService) - Unknown owner - C:Program FilesAVIRA DesktopAVESVC.EXE (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:Program FilesAcerAcer ArcadeKernelTVCLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:Program FilesAcerAcer ArcadeKernelTVCLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:Program FilesAcerAcer ArcadeKernelCLML_NTServiceCLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:Program FilesIntelWirelessBinEvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:Program Filesewido anti-spyware 4.0guard.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:Program FilesxamppFileZillaFTPFileZillaServer.exe
O23 - Service: mysql - Unknown owner - C:Program Filesxamppmysqlinmysqld-nt.exe" "--defaults-file=C:Program Filesxamppmysqlinmy.cnf" mysql (file missing)
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:PROGRA~1AGNITUMOUTPOS~1.0outpost.exe
O23 - Service: RegSrvc - Intel Corporation - C:Program FilesIntelWirelessBinRegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:Program FilesIntelWirelessBinS24EvMon.exe
O23 - Service: SysEnforce - Unknown owner - C:PROGRA~1TRISNA~1SSISYSENF~1.EXE (file missing)


I jak zrbie na fix 023... avire to ona znowu mi się pojawia !! ;-[

[pp3088]

No dobra kilka pytań czy skany nadal podają te wirusy?? Jeśli tak to podaj lokalizacje np.

Kod: Zaznacz wszystko

 C:/Windows/system32/syf32.exe

. Avira zostałą jedna usługa to nie tak źle:) Jak to zrobimy to dam rady kosmetyczne bo usunięcie wirków to priorytet.

Jeszcze usunięcie resztki jedenej starej usługi
otwórz Rejestr(regedit) - odszukaj klucz HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices
Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - usuń podklucz z lewego panelu (zielony)
potem odszukaj drugi klucz HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumRoot
Remote Packet Capture Protocol v.0 (experimental) (rpcapd)
- usun zielony wpis z prawego panelu

[toxek1]

Zainstalowałem avasta i mi wykrył trojana !!

C:/Windows/system32/syf32.exe - co mam z tym zrobic ??, a wogle tego tam nie ma ??

I to co mi kazałeś usunąć z rejestru to tego nie ma !!

[pp3088]

To był przykłąd lokalizacji, chciałem abyś podał mi lokalizacje(plik) w któym wykryto wirusa. Czy avast go usunął, czy męczą Cię jeszcze szkodniki? CZy gain.gator zniknął?

Co do drugiego to bardzo dobrze, że go tam nie ma:)

[toxek1]

Win32:Pcacme [Trj] teraz mam nastepnego !! i usunął

Dzięki ze mi poradziles avasta !! ;-]

[toxek1]

Ale mi ten płatny antywirusa nadal pokazuje:

Obiekt "gain.gator Spyware/Adware" został znaleziony w systemie plików! Podjęta akcja: Nie podjęto działania.
Obiekt "gain.gator Spyware/Adware" został znaleziony w systemie plików! Podjęta akcja: Nie podjęto działania.
Obiekt "gain.gator Spyware/Adware" został znaleziony w systemie plików! Podjęta akcja: Nie podjęto działania.
Obiekt "conducent flexpak Spyware/Adware" został znaleziony w systemie plików! Podjęta akcja: Nie podjęto działania.
Obiekt "dyfuca Spyware/Adware" został znaleziony w systemie plików! Podjęta akcja: Nie podjęto działania.
Obiekt "dyfuca Spyware/Adware" został znaleziony w systemie plików! Podjęta akcja: Nie podjęto działania.
Wpis "HKLMSoftwareMicrosoftWindowsCurrentVersionApp Pathsaupdate.dll" odnosi się do nieprawidłowego obiektu "". Podjęta akcja: Nie podjęto działania.

;-[


Dam jeszcze raz loga:


Logfile of HijackThis v1.99.1
Scan saved at 16:09:57, on 2006-09-10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesIntelWirelessBinEvtEng.exe
C:Program FilesIntelWirelessBinS24EvMon.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:AcereManageranbmServ.exe
C:Program Filesxamppapacheinapache.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:Program Filesxamppapacheinapache.exe
C:Program FilesAcerAcer ArcadeKernelTVCLCapSvc.exe
C:Program FilesAcerAcer ArcadeKernelCLML_NTServiceCLMLServer.exe
C:Program FilesAcerAcer ArcadeKernelCLML_NTServiceCLMLService.exe
C:WINDOWSsystem32hkcmd.exe
C:Program FilesAcerAcer ArcadePCMService.exe
C:acerepmepm-dm.exe
C:Program FilesxamppFileZillaFTPFileZillaServer.exe
C:Program FilesAcereRecoveryMonitor.exe
C:WINDOWSsystem32 askswitch.exe
C:Program FilesJavajre1.5.0_06injusched.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program Filesxamppmysqlinmysqld-nt.exe
C:PROGRA~1AGNITUMOUTPOS~1.0outpost.exe
C:Program FilesIntelWirelessBinRegSrvc.exe
C:Program FilesAcerAcer ArcadeKernelTVCLSched.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:Program FilesAlwil SoftwareAvast4ashSimpl.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesiPlusiPlusFlashSkin.exe
D:hijackthisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://global.acer.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:PROGRA~1SPYBOT~1SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O4 - HKLM..Run: [LaunchApp] Alaunch
O4 - HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM..Run: [AzMixerSel] C:Program FilesRealtekInstallShieldAzMixerSel.exe
O4 - HKLM..Run: [PHIME2002A] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName
O4 - HKLM..Run: [PCMService] "C:Program FilesAcerAcer ArcadePCMService.exe"
O4 - HKLM..Run: [EPM-DM] c:acerepmepm-dm.exe
O4 - HKLM..Run: [ePowerManagement] C:AcerePMePM.exe boot
O4 - HKLM..Run: [eRecoveryService] C:Program FilesAcereRecoveryMonitor.exe
O4 - HKLM..Run: [iPlusManager] C:Program FilesiPlusiPlusChecker.exe
O4 - HKLM..Run: [CoolSwitch] C:WINDOWSsystem32 askswitch.exe
O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1QtZgAcer.EXE
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0_06injusched.exe
O4 - HKLM..Run: [Outpost Firewall] C:Program FilesAgnitumOutpost Firewall 1.0outpost.exe /waitservice
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Reader eader_sl.exe
O9 - Extra button: Szybkie dostosowywanie programu Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:PROGRA~1AGNITUMOUTPOS~1.0PluginsBrowserBarie_bar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus ... nicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2600350015
O17 - HKLMSystemCCSServicesTcpip..{CA4DBDBD-DEDC-4501-B202-B6C36B28D173}: NameServer = 212.2.96.51 212.2.96.52
O20 - AppInit_DLLs: C:PROGRA~1AGNITUMOUTPOS~1.0wl_hook.dll,C:WINDOWSsystem32wmfhotfix.dll
O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxdev.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:AcereManageranbmServ.exe
O23 - Service: Apache2 - Unknown owner - C:Program Filesxamppapacheinapache.exe" -k runservice (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)
O23 - Service: AVE Service (AVEService) - Unknown owner - C:Program FilesAVIRA DesktopAVESVC.EXE (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:Program FilesAcerAcer ArcadeKernelTVCLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:Program FilesAcerAcer ArcadeKernelTVCLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:Program FilesAcerAcer ArcadeKernelCLML_NTServiceCLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:Program FilesIntelWirelessBinEvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:Program Filesewido anti-spyware 4.0guard.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:Program FilesxamppFileZillaFTPFileZillaServer.exe
O23 - Service: mysql - Unknown owner - C:Program Filesxamppmysqlinmysqld-nt.exe" "--defaults-file=C:Program Filesxamppmysqlinmy.cnf" mysql (file missing)
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:PROGRA~1AGNITUMOUTPOS~1.0outpost.exe
O23 - Service: RegSrvc - Intel Corporation - C:Program FilesIntelWirelessBinRegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:Program FilesIntelWirelessBinS24EvMon.exe
O23 - Service: SysEnforce - Unknown owner - C:PROGRA~1TRISNA~1SSISYSENF~1.EXE (file missing)

[pp3088]

Chwileczka, podaj nazwę tego płatnego antywira

[toxek1]

MWAV 8.5.2 PL

http://www.instalki.pl/programy/download/Windows/antywirusy/eScan_Anti-Virus_(AV)_for_Windows.html


"(...) dzięki temu otrzymał tytuł "Excellent Anti-Virus and Spyware Toolkit Utility". (...)"

[pp3088]

Co to za program, pierwsze słyszę Możliwość, że avast tego nie widzi, ani silent, ani Hijack a widzi to mało znany atnywir, jest prawie nie możliwa. Przenalizuje logi jeszcze raz może czegoś nie zauważyłem : (