Gość: zdrw
IP: *.jgora.dialog.net.pl
15.10.06, 22:58
Komputer jest uzywany przez młodzika (12lat) i działa on- jak działa.
Staram sie ratować co zdąże, ale (jak widać) jestem mało skuteczny....
Co z tym zrobić mozna dla naprawy?
Logfile of HijackThis v1.99.1
Scan saved at 18:21:14, on 2006-10-15
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINNT\mtcls32.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\system32\carpserv.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\MSI\3D!Turbo Experience\3D!Turbo.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\Rar$EX01.297\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.onet.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} -
C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS
Master\FirstStart.exe
O4 - HKLM\..\Run: [Wins Network ks32] netwkrs32.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04
\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINNT\system32
\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800
Series" /O5 "LPT1:" /M "Stylus DX3800"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series (Kopia 2)] C:\WINNT\system32
\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P36 "EPSON Stylus DX3800 Series (Kopia
2)" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program
Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32
\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NVCLOCK] Rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\RunServices: [Wins Network ks32] netwkrs32.exe
O4 - HKLM\..\RunServices: [Windows Help 32] winhelp_32.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS
Master\Monitor.exe
O4 - HKCU\..\Run: [Wins Network ks32] netwkrs32.exe
O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
Doctor\swdoctor.exe" /Q
O4 - HKCU\..\RunServices: [Wins Network ks32] netwkrs32.exe
O4 - Global Startup: 3D!Turbo Experience.lnk = C:\Program Files\MSI\3D!Turbo
Experience\3D!Turbo.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -
C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158165004546
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5379163-B37E-449E-84FC-
5ED16C51B43E}: NameServer = 217.30.129.149,217.30.137.200
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) -
VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program
Files\Ahead\InCD\InCDsrv.exe
O23 - Service: mtc l32 (mtcl32) - Unknown owner - C:\WINNT\mtcls32.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINNT\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty
Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
==============================================================================
S T Virus name Path Date of detection Filename File size
Trojan horse Collected.5.L C:\msdirectx.sys 2006-09-11 19:13:12
msdirectx.sys 6.5 KB
Trojan horse Agent.DU C:\antivirus.exe 2006-09-13 17:47:16
antivirus.exe 8 KB
Trojan horse Collected.5.L C:\msdirectx.sys 2006-10-11 18:40:23
msdirectx.sys 6.5 KB
Trojan horse Generic2.CV C:\WINNT\system32\sv.exe 2006-09-13 18:13:06
sv.exe 187.26 KB
Trojan horse IRC/BackDoor.SdBot2.HXQ C:\WINNT\system32\winhelp_32.exe 2006-
09-13 18:13:11 winhelp_32.exe 1.13