Proszę o sprawdzenie loga

[Gość: Ann]

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\TEMP\FCBC.tmp
C:\Documents and Settings\Admin\Pulpit\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\xjieu.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,iepifsu.exe
O2 - BHO: (no name) - {196B9CB5-4C83-46F7-9B06-9672ECD9D99B} -
C:\WINDOWS\system32\winbrume.dll (file missing)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD
Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program
Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels8.exe
O4 - HKLM\..\Run: [c95a378.exe] C:\WINDOWS\System32\c95a378.exe
O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\System32\spoolsvv.exe
O4 - HKLM\..\Run: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
O4 - HKLM\..\Run: [DCOM Server] C:\WINDOWS\System32\dxvwipok.exe
O4 - HKLM\..\Run: [sysvx] C:\WINDOWS\sysvx_.exe
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [5f45dd1d.exe] C:\WINDOWS\System32\5f45dd1d.exe
O4 - HKLM\..\Run: [keyboard] c:\\keyboard25.exe
O4 - HKLM\..\Run: [defender] C:\\defender26.exe
O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels8.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [c95a378.exe] C:\Documents and Settings\Admin\Ustawienia
lokalne\Dane aplikacji\c95a378.exe
O4 - HKCU\..\Run: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
O4 - HKCU\..\Run: [WinMedia] C:\WINDOWS\System32\vxgame6.exe3072.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [5f45dd1d.exe] C:\Documents and Settings\Admin\Ustawienia
lokalne\Dane aplikacji\5f45dd1d.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web
Folders\ibm00009.exe"
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} -
C:\WINDOWS\System32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} -
C:\WINDOWS\System32\dmonwv.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
www.mks.com.pl/skaner/SkanerOnline.cab
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All
Users\Dokumenty\Settings\artm_new.dll
O20 - Winlogon Notify: SensSrv - C:\WINDOWS\SYSTEM32\senssrv.dll
O20 - Winlogon Notify: winm32 - C:\WINDOWS\SYSTEM32\winm32.dll
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} -
C:\WINDOWS\System32\nkdjjnbp.dll
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} -
C:\WINDOWS\System32\dxvwipok.exe
O21 - SSODL: SysTray.Exgl - {636821FC-6F5C-2f1b-B164-E67214F678E2} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program
Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program
Files\MKS\Bin\mksmonsv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe

[Gość: D.]

Usuń w trybie awaryjnym następujące wpisy:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.
html
O2 - BHO: (no name) - {196B9CB5-4C83-46F7-9B06-9672ECD9D99B} -
O20 - Winlogon Notify: winm32 - C:\WINDOWS\SYSTEM32\winm32.dll-ten plik usuń również ręcznie z dysku

Zatrzymaj procesy:
O4 - HKLM\..\Run: [c95a378.exe] C:\WINDOWS\System32\c95a378.exe-plik usuń również ręcznie z dysku.
O4 - HKLM\..\Run: [5f45dd1d.exe] C:\WINDOWS\System32\5f45dd1d.exe-plik usuń ręcznie z dysku
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe-plik usuń ręcznie z dysku
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

Przeskanuj Ewido po update.

[Gość: k]

Doklej naglowek log'a!

W menadzerze zadan zakoncz:
C:\WINDOWS\TEMP\FCBC.tmp
Usun wszystko z katalogu Temp.

W hjt usun:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
c:\secure32.html <- plik usun z dysku.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
c:\secure32.html
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\xjieu.exe <- plik
xjieu.exe usun z dysku.
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,iepifsu.exe <-
plik iepifsu.exe usun z dysku.
O2 - BHO: (no name) - {196B9CB5-4C83-46F7-9B06-9672ECD9D99B} -
C:\WINDOWS\system32\winbrume.dll (file missing)
Usun te wszystkie pliki exe z dysku:
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels8.exe
O4 - HKLM\..\Run: [c95a378.exe] C:\WINDOWS\System32\c95a378.exe
O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\System32\spoolsvv.exe
O4 - HKLM\..\Run: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
O4 - HKLM\..\Run: [DCOM Server] C:\WINDOWS\System32\dxvwipok.exe
O4 - HKLM\..\Run: [sysvx] C:\WINDOWS\sysvx_.exe
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [5f45dd1d.exe] C:\WINDOWS\System32\5f45dd1d.exe
O4 - HKLM\..\Run: [keyboard] c:\\keyboard25.exe
O4 - HKLM\..\Run: [defender] C:\\defender26.exe
O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels8.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [c95a378.exe] C:\Documents and Settings\Admin\Ustawienia
lokalne\Dane aplikacji\c95a378.exe
O4 - HKCU\..\Run: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
O4 - HKCU\..\Run: [WinMedia] C:\WINDOWS\System32\vxgame6.exe3072.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [5f45dd1d.exe] C:\Documents and Settings\Admin\Ustawienia
lokalne\Dane aplikacji\5f45dd1d.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web
Folders\ibm00009.exe"
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} -
C:\WINDOWS\System32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} -
C:\WINDOWS\System32\dmonwv.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All
Users\Dokumenty\Settings\artm_new.dll <- plik usun z dysku.
O20 - Winlogon Notify: SensSrv - C:\WINDOWS\SYSTEM32\senssrv.dll <- plik usun z
dysku.
O20 - Winlogon Notify: winm32 - C:\WINDOWS\SYSTEM32\winm32.dll <- plik usun z
dysku.
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} -
C:\WINDOWS\System32\nkdjjnbp.dll
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} -
C:\WINDOWS\System32\dxvwipok.exe <- plik usun z dysku.
O21 - SSODL: SysTray.Exgl - {636821FC-6F5C-2f1b-B164-E67214F678E2} - (no file)

Usluga do kasacji:
O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program
Files\MKS\Bin\mksmonsv.exe (file missing)


W razie problemow z usuwaniem plikow uzyj killbox'a (opis w faq jak i wszystko
inne).
Zakladam, ze masz piracki windows bez aktualizacji, a wiec zamknij porty w
wwdc, zainstaluj antywirus Avast, przeskanuj system przy pomocy ewido, a do
tego zmien przegladarke na Opere lub Firefox.

Po wszystkim wklej nowy log.

[Gość: Ann]

Nadal mam kłopoty z kompem,działa wyłącznie w trybie awaryjnym.Wklejam log:

Logfile of HijackThis v1.99.1
Scan saved at 12:12:17, on 2006-06-16
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Admin\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,userinit.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD
Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2
\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels8.exe
O4 - HKLM\..\Run: [c95a378.exe] C:\WINDOWS\System32\c95a378.exe
O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\System32\spoolsvv.exe
O4 - HKLM\..\Run: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
O4 - HKLM\..\Run: [DCOM Server] C:\WINDOWS\System32\dxvwfedn.exe
O4 - HKLM\..\Run: [sysvx] C:\WINDOWS\sysvx_.exe
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [5f45dd1d.exe] C:\WINDOWS\System32\5f45dd1d.exe
O4 - HKLM\..\Run: [gqvrul] C:\WINDOWS\System32\haraun.exe reg_run
O4 - HKLM\..\Run: [keyboard] c:\\keyboard25.exe
O4 - HKLM\..\Run: [defender] C:\\defender26.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels8.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [c95a378.exe] C:\Documents and Settings\Admin\Ustawienia
lokalne\Dane aplikacji\c95a378.exe
O4 - HKCU\..\Run: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
O4 - HKCU\..\Run: [WinMedia] C:\WINDOWS\System32\vxgame6.exe3072.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [5f45dd1d.exe] C:\Documents and Settings\Admin\Ustawienia
lokalne\Dane aplikacji\5f45dd1d.exe
O4 - HKCU\..\Run: [dncsv] C:\WINDOWS\System32\haraun.exe reg_run
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web
Folders\ibm00014.exe"
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All
Users\Dokumenty\Settings\artm_new.dll
O20 - Winlogon Notify: winm32 - C:\WINDOWS\SYSTEM32\winm32.dll
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} -
C:\WINDOWS\System32\dxvwwnhq.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32
\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program
Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program
Files\MKS\Bin\mksmonsv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe

[Gość: k]

Nic dziwnego skoro nie zrobilas tego co napisalem!

Usun w hjt ten wpis:
> F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,userinit.exe

Te wpisy rowniez usuwasz w hjt + usuwasz te wszystkie wymienione pliki z dysku:
> O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels8.exe
> O4 - HKLM\..\Run: [c95a378.exe] C:\WINDOWS\System32\c95a378.exe
> O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\System32\spoolsvv.exe
> O4 - HKLM\..\Run: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
> O4 - HKLM\..\Run: [DCOM Server] C:\WINDOWS\System32\dxvwfedn.exe
> O4 - HKLM\..\Run: [sysvx] C:\WINDOWS\sysvx_.exe
> O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
> O4 - HKLM\..\Run: [5f45dd1d.exe] C:\WINDOWS\System32\5f45dd1d.exe
> O4 - HKLM\..\Run: [gqvrul] C:\WINDOWS\System32\haraun.exe reg_run
> O4 - HKLM\..\Run: [keyboard] c:\\keyboard25.exe
> O4 - HKLM\..\Run: [defender] C:\\defender26.exe
> O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
> O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels8.exe
> O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
> O4 - HKCU\..\Run: [c95a378.exe] C:\Documents and Settings\Admin\Ustawienia
> lokalne\Dane aplikacji\c95a378.exe
> O4 - HKCU\..\Run: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
> O4 - HKCU\..\Run: [WinMedia] C:\WINDOWS\System32\vxgame6.exe3072.exe
> O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
> O4 - HKCU\..\Run: [5f45dd1d.exe] C:\Documents and Settings\Admin\Ustawienia
> lokalne\Dane aplikacji\5f45dd1d.exe
> O4 - HKCU\..\Run: [dncsv] C:\WINDOWS\System32\haraun.exe reg_run
> O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web
> Folders\ibm00014.exe"
> O15 - Trusted Zone: *.elitemediagroup.net
> O15 - Trusted Zone: *.media-motor.net
> O15 - Trusted Zone: *.mmohsix.com
> O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All
> Users\Dokumenty\Settings\artm_new.dll
> O20 - Winlogon Notify: winm32 - C:\WINDOWS\SYSTEM32\winm32.dll
> O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} -
> C:\WINDOWS\System32\dxvwwnhq.exe

Instalujesz EWIDO i skanujesz system.

Usluga do kascji:
> O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program
> Files\MKS\Bin\mksmonsv.exe (file missing)
Opis jak usunac:
forum.gazeta.pl/forum/72,2.html?f=430&w=38051058&a=38796981
Nie wklejaj nowego log'a jezeli tego nie zrobisz.

[Gość: Ann]

Sorki że zaśmiecam forum;)Trochę poczyściłam,chociaż nie jestem w tym temacie
orłem,niby jest ok,komp normalnie już działa,internet też,tylko pulpit nadal
jest czarny :(

Logfile of HijackThis v1.99.1
Scan saved at 21:55:48, on 2006-06-16
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - Default URLSearchHook is missing
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All
Users\Dokumenty\Settings\artm_new.dll
O20 - Winlogon Notify: sdcard98 - sdcard98.dll (file missing)
O20 - Winlogon Notify: winm32 - winm32.dll (file missing)
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} -
C:\WINDOWS\System32\dxvwzwkh.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program
Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program
Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation
- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program
Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program
Files\MKS\Bin\mksmonsv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe

[Gość: k]

Nie dosc, ze zasmiecasz to jeszcze nie czytasz tego co Ci napisalem, usuwasz
wpisy ktorych nie masz usunac, a te do kasacji dalej masz i jaki to ma sens?

Przywroc w hijackthis te wpisy:
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD
Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2
\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

Usun te:
R3 - Default URLSearchHook is missing
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All
Users\Dokumenty\Settings\artm_new.dll <- plik usun z dysku przy pomocy
killbox'a opis jak uzyc masz w faq.
O20 - Winlogon Notify: sdcard98 - sdcard98.dll (file missing)
O20 - Winlogon Notify: winm32 - winm32.dll (file missing)
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} -
C:\WINDOWS\System32\dxvwzwkh.exe <- plik do kasacji.

Ile razy mam jeszcze napisac ze masz usunac ta usluge:
O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program
Files\MKS\Bin\mksmonsv.exe (file missing)
Podalem nawet link jak to zrobic.

MAM NADZIEJE, ZE TYM RAZEM PRZECZYTASZ WSZYSTKO CO NAPISALEM I W KONCU SIE
ZASTOSUJESZ.

[Gość: k]

Uzyj tez tego:
siri.urz.free.fr/Fix/SmitfraudFix_En.php