Adware.Admili i Adware.Wincomm.J25.A2

01.03.06, 12:07
Witam,
Właśnie sprawdzałam czy nie mam jakiś wirusów w kompie i wyszło że są dwa i
nie można ich usunąć : Adware.Admili i Adware.Wincomm.J25.A2 Czy mógłby któś
mi pomóc ??

Logfile of HijackThis v1.99.1
Scan saved at 12:06:54, on 2006-03-01
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
D:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Lexmark X74-X75\lxbbbmon.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\AdStatus Service\AdStatServ.exe
D:\Program Files\Java\j2re1.4.2_06\bin\jucheck.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\AdStatus Service\AdStatKeep.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Gadu-Gadu\gg.exe
C:\fro.exe
D:\Program Files\FinePixViewer\QuickDCF.exe
D:\Program Files\Real\RealOne Player\RealPlay.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Ania & Julka\Moje dokumenty\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-
E683D962C63C} - D:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32
\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Lexmark X74-X75] "D:\Program Files\Lexmark X74-X75
\lxbbbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_06
\bin\jusched.exe
O4 - HKLM\..\Run: [OfficeGuard RegChecker] "D:\Program Files\Kaspersky
Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"
O4 - HKLM\..\Run: [AVPCC] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-
Virus Personal Pro\avpcc.exe" /wait
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "D:\Program
Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AdStatus Service] D:\Program Files\AdStatus
Service\AdStatServ.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [REGSHAVE] D:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Mercora] "D:\Program Files\Mercora\MercoraClient.exe" -
startup
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Shareaza] "D:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Free Ram Optimizer] C:\fro.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN
Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
D:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - D:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.mks.com.pl
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
static.windupdates.com/cab/WebsiteAccess/ie/bridge-c18.cab
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) -
www.rovion.com/Controls/Rovion.cab?affiliate=BRANDY
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} -
sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) -
dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} (O2C-Player Version 1.x) -
www.o2c.de/download/O2CPlayer.CAB
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2837FE81-B9D3-4895-8F59-
21E3E4553A38}: NameServer = 194.204.152.34 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{2837FE81-B9D3-4895-8F59-
21E3E4553A38}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner -
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal
Pro\avpcc.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32
\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner -
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal
Pro\avpm.exe" /service (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
D:\WINDOWS\System32\nvsvc32.exe

    • kolobos Re: Adware.Admili i Adware.Wincomm.J25.A2 01.03.06, 12:31
      > Adware.Admili i Adware.Wincomm.J25.A2

      W jakich plikach i gdzie sie one znajduja?

      W menadzerze zadan zakoncz:
      D:\Program Files\AdStatus Service\AdStatServ.exe
      D:\Program Files\AdStatus Service\AdStatKeep.exe <- katalog AdStatus Ser.. usun.
      C:\fro.exe

      W hijackthis:
      R3 - Default URLSearchHook is missing
      O4 - HKLM\..\Run: [AdStatus Service] D:\Program Files\AdStatus
      Service\AdStatServ.exe
      O4 - HKCU\..\Run: [Free Ram Optimizer] C:\fro.exe
      O4 - Global Startup: Exif Launcher.lnk = ?
      O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
      static.windupdates.com/cab/WebsiteAccess/ie/bridge-c18.cab
      O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) -
      www.rovion.com/Controls/Rovion.cab?affiliate=BRANDY
      O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) -
      dm.screensavers.com/dm/installers/si/1/sinstaller.cab

      Do tego skan:
      linorg.ciagri.usp.br/ftp/pub/windows/anti-spyware/ssfsetup1_0.exe
      download.ewido.net/ewido-setup.exe
      Przed skanowaniem zrob update definicji, po przeskanowaniu odinstaluj oba
      programy.
      • Gość: Anulka Re: Adware.Admili i Adware.Wincomm.J25.A2 IP: *.neoplus.adsl.tpnet.pl 01.03.06, 13:50
        Nie moge zakończyć w menadzerze zadan:
        D:\Program Files\AdStatus Service\AdStatServ.exe
        D:\Program Files\AdStatus Service\AdStatKeep.exe <- katalog AdStatus Ser.. usun.
        C:\fro.exe
        bo one znowu się otwierają jak tylko je zakończe >:(
        • kolobos Re: Adware.Admili i Adware.Wincomm.J25.A2 01.03.06, 13:53
          Musisz sie bardziej postarac np. sprobuj w trybie awarynym albo uzyj killbox z
          opcja delete on reboot.
          • Gość: Anulka Re: Adware.Admili i Adware.Wincomm.J25.A2 IP: *.neoplus.adsl.tpnet.pl 01.03.06, 14:08
            A jak toi się robi?? tryb awaryjny i killbox z
            opcja delete on reboot ? Przepraszam ale chyba w ogóle się nie znam
      • Gość: Anulka Re: Adware.Admili i Adware.Wincomm.J25.A2 IP: *.neoplus.adsl.tpnet.pl 01.03.06, 13:54
        I te wirusy są w
        D:/ Program Files/AdstatuService/AdstatKeep.exe
        D:/ Program Files/AdstatuService/AdStatServ.exe
      • Gość: Analka Re: Adware.Admili i Adware.Wincomm.J25.A2 IP: *.neoplus.adsl.tpnet.pl 01.03.06, 14:11
        Ok, nie wiem jak ale w końcu to usunełam teraz będe skanować
Pełna wersja