G DATA nie może usunąć wirusów

agnieszka_ax · 2 Wrzesień 2007 10:15

Robię generalne porządki i nie mogę usunąć wirusów i trojanow

Loga:

Logfile of HijackThis v1.99.1

Scan saved at 12:11:45, on 2007-09-02

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\G DATA InternetSecurity Trial\AVK\AVKService.exe

C:\Program Files\G DATA InternetSecurity Trial\AVK\AVKWCtl.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\Program Files\EFTP\EFTP3ServerService.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\system32\TODDSrv.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe

C:\Program Files\G DATA InternetSecurity Trial\Firewall\GDFwSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\ZoomingHook.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\WINDOWS\system32\TPSMain.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe

C:\Windows\System32\drivers\setup\manager.exe

C:\WINDOWS\system32\hldrrr.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\G DATA InternetSecurity Trial\AVKTray\AVKTray.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\system32\CTFMON.EXE

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\Windows\System32\drivers\setup\manager.exe

C:\WINDOWS\system32\hldrrr.exe

C:\Documents and Settings\Toshiba\Dane aplikacji\m\flec006.exe

C:\Program Files\G DATA InternetSecurity Trial\Firewall\GDFirewallTray.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\Trend Micro\Tmasy\Tmasy.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Toshiba\Moje dokumenty\loga\HijackThis.exe


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,c:\program files\g data internetsecurity trial\avkkid\avkcks.exe

O1 - Hosts: 71.234.215.37 bankofamerica.com

O1 - Hosts: 71.234.215.37 www.bankofamerica.com

O1 - Hosts: 71.234.215.37 sitekey.bankofamerica.com

O2 - BHO: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA InternetSecurity Trial\Webfilter\AvkWebIE.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA InternetSecurity Trial\Webfilter\AvkWebIE.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"

O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe"

O4 - HKLM\..\Run: [CeEKEY] "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe"

O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" hwSetUP

O4 - HKLM\..\Run: [TPNF] "C:\Program Files\TOSHIBA\TouchPad\TPTray.exe"

O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe"

O4 - HKLM\..\Run: [Tvs] "C:\Program Files\TOSHIBA\Tvs\TvsTray.exe"

O4 - HKLM\..\Run: [DDWMon] "C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe"

O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [SVPWUTIL] "C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" SVPwUTIL

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [pdfFactory Pro Dyspozytor v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM

O4 - HKLM\..\Run: [EFTP3Server] C:\Program Files\EFTP\EFTP3Server.exe

O4 - HKLM\..\Run: [manager] "C:\Windows\System32\drivers\setup\manager.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe

O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min

O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\G DATA InternetSecurity Trial\AVKTray\AVKTray.exe"

O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU\..\Run: [manager] "C:\Windows\System32\drivers\setup\manager.exe"

O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe

O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\Toshiba\Dane aplikacji\m\flec006.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Szybkie uruchamianie programu Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: NewShortcut2.lnk = ?

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O9 - Extra button: Pop-Up Blocker - {84536FE2-ABCD-3586-DCAB-40E286323737} - C:\Program Files\WINnerTweak3\PopUp Blocker.exe

O9 - Extra 'Tools' menuitem: Pop-Up Blocker - {84536FE2-ABCD-3586-DCAB-40E286323737} - C:\Program Files\WINnerTweak3\PopUp Blocker.exe

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Tłumacz na angielski - {CCCE5D70-9AA2-40F1-9C6B-12A255F08500} - C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)

O9 - Extra 'Tools' menuitem: Tłumacz na angielski - {CCCE5D70-9AA2-40F1-9C6B-12A255F08500} - C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)

O9 - Extra button: Tłumacz na polski - {CCCE5D71-9AA2-40F1-9C6B-12A255F08500} - C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)

O9 - Extra 'Tools' menuitem: Tłumacz na polski - {CCCE5D71-9AA2-40F1-9C6B-12A255F08500} - C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)

O9 - Extra button: Zachowaj przetłumaczoną stronę - {CCCE5D72-9AA2-40F1-9C6B-12A255F08500} - C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)

O9 - Extra 'Tools' menuitem: Zachowaj przetłumaczoną stronę - {CCCE5D72-9AA2-40F1-9C6B-12A255F08500} - C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)

O11 - Options group: [INTERNATIONAL] International*

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Usługa konfiguracji Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe

O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity Trial\AVK\AVKService.exe

O23 - Service: Strażnik AVK (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity Trial\AVK\AVKWCtl.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: EFTP3 Server (EFTP3Server) - Lester Clayton Limited - C:\Program Files\EFTP\EFTP3ServerService.exe

O23 - Service: G DATA Personal Firewall (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity Trial\Firewall\GDFwSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

jessica · 2 Wrzesień 2007 11:25

Sama wstawiałaś to do HOSTS?

Jeśli nie to sfiksuj w Hijacku.

Te w/w wpisy sfiksuj w Hijacku:

>>Hijack>>scan(Do a system scan only)>>zaznacz je >> Fix checked.

Te czerwone to główne źródło Twoich problemów.

“hldrrr.exe” to Rootkit “Bagle-hidires” z usługą “m__hook”, albo “rosa”, albo z “srosa”.

Usunie go ComboFix (na dole tej strony z linku) -

Log z ComboFix wklej na http://wklej.org/, a w poście daj tylko link.

Nie znam tych powyższych, a Ty?

Ponieważ ten Rootkit uszkadza Tryb Awaryjny, więc:

jessi

agnieszka_ax · 2 Wrzesień 2007 12:41

może głupie pytanie, ale skąd będę wiedziała, że Safe Boot Key Repair nie naprawi mi Trybu awaryjnego?

jessica · 2 Wrzesień 2007 13:04

Po prostu spróbujesz zastartować do Trybu Awaryjnego.

Po całym usuwaniu chyba trzeba będzie też przeinstalować Twego Antivirusa, bo Rootkit też pewnie go uszkodził - Antivirus będzie niby działał, ale…

jessi

agnieszka_ax · 2 Wrzesień 2007 15:13

oto loga:

http://wklej.org/id/e8a0df3162

jessica · 2 Wrzesień 2007 15:51

Pisałam wyraźnie, że masz zastosować ComboFix , a nie DeckardsSS, bo ComboFix usunąłby tego Rootkita, a DeckardsSS nic nie usuwa.

Tak więc zaczynaj od początku.

Dodatkowo zrób jeszcze to:

Jeśli nie masz jakiegoś narzędzia usuwającego, (ale chyba jeszcze masz Unlockera?), to ściągnij OTMoveIt

Do pola Paste List of Files/Folders to be Moved wklej poniższe ścieżki:

Następnie wciśnij przycisk MoveIt!

Pojawi się komunikat, że jest potrzebny restart do usunięcia podanych plików/folderów- wciśnij Yes.

Po restarcie usuń ręcznie folder C:** _OTMoveIt** (Prawoklik >>> Usuń >>> Opróżnij Kosz).

Potem rób to, co napisałam w swoim pierwszym poście.

jessi

agnieszka_ax · 2 Wrzesień 2007 16:05

nie denerwuj się, proszę… próbowałam ale krzyczał że nie może się dostać do pliku, bo inna aplikacja go używa… jakoś tak

Spróbuję jeszcze raz!!

do tego teraz zaczął mi się internet mulić

jessica · 2 Wrzesień 2007 16:25

Internet muli, bo jest niedzielne popołudnie.

Jeśli nie wyjdzie nic z tym ComboFixem, to wykonaj przynajmniej to z Unlockerem lub OTMoveIt .

jessi

agnieszka_ax · 2 Wrzesień 2007 18:26

niestety IOTMoveIt nie znajduje plików i po naciśnięciu Move it nie restartuje kompa…

a unlocker nie chce się odpalić

qrczak13 · 2 Wrzesień 2007 18:29

To spróbuj:

Ściągnij The Avenger,

wypakuj > uruchom > Input script manually > klikasz w lupkę > w nowo otwartym oknie wklejasz:

Po wklejeniu > Done > klik na zielone światło > ok i będzie restart.

Po restarcie wchodzisz gdzie masz The Avenger wklejasz raport avenger.txt + nowy log z combo.

agnieszka_ax · 2 Wrzesień 2007 18:47

dzięki serdeczne,… tylko problem w tym że combo mi nie działa tak jak powinien pojawia się komunikat:

proces nie moze uzyskac dostepu do pliku, ponieważ jest on używany przez inny proces

proces nie moze uzyskac dostepu do pliku, ponieważ jest on używany przez inny proces

ComboFix has changed your clock settings. Do not change it back. it schould be restored later.

qrczak13 · 2 Wrzesień 2007 18:51

A robisz wg wskazówek ze strony którą podałem?

Jak nie pójdzie to daj log z Deckard’s System Scanner (DSS)

jessica · 2 Wrzesień 2007 18:57

Obawiam się, że to wszystko blokuje ten Rootkit.

Spróbuj jeszcze najpierw usunąć podstawowy plik Rootkita, a dopiero potem podejmij działania zalecone w poprzednim poście przez @qrczaka.

>>Start >>> Uruchom >>> wybierz (lub wpisz) cmd >> zastosować te komendy (po każdej wciśnij “ENTER”):

jessi

agnieszka_ax · 2 Wrzesień 2007 19:24

niestety nie zdążylam przez mulacy net przeczytac posta od Jessica i odpaliłam the avenger. oto log:

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\bwikcemi


*******************


Script file located at: \??\C:\WINDOWS\ksybtyaa.txt

Script file opened successfully.


Script file read successfully


Backups directory opened successfully at C:\Avenger


*******************


Beginning to process script file:




File C:\WINDOWS\system32\hldrrr.exe not found!

Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!


Could not process line:

C:\WINDOWS\system32\hldrrr.exe

Status: 0xc0000034




File C:\WINDOWS\system32\trusted.exe not found!

Deletion of file C:\WINDOWS\system32\trusted.exe failed!


Could not process line:

C:\WINDOWS\system32\trusted.exe

Status: 0xc0000034




Folder C:\WINDOWS\exefnd not found!

Deletion of folder C:\WINDOWS\exefnd failed!


Could not process line:

C:\WINDOWS\exefnd

Status: 0xc0000034



Completed script processing.


*******************


Finished! Terminate.

Złączono Posta : 02.09.2007 (Nie) 21:33

niestety za każdym razem kiedy daję DEL C:\WINDOWS… pokazuje się ze nie można odnaleźć pliku…

stwierdzenie blondynki: moze ich już po prostu nie ma…po zadzialaniu Hijack This…

jessica · 2 Wrzesień 2007 19:48

Hijack nie usuwa nigdy plików! Można nim usunąć inne rzeczy, ale plików nie da się usunąć.

Spróbuj dać log z DeckardsSS, zobaczymy, czy naprawde nie matych plików, bo błąd “034” na to wskazuje.

jessi

agnieszka_ax · 2 Wrzesień 2007 20:00

log z dss:

Deckard's System Scanner v20070826.66

Run by Toshiba on 2007-09-02 21:57:10

Computer is in Normal Mode.

--------------------------------------------------------------------------------


[color=red]Percentage of Memory in Use: 83% (more than 75%).[/color]

[color=red]Total Physical Memory: 447 MiB (512 MiB recommended).[/color]

[color=red]System Drive C: has 8.49 GiB (less than 15%) free.[/color]



-- HijackThis (run as Toshiba.exe) ---------------------------------------------


Unable to find log (file not found); running clone.

-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of HijackThis v1.99.1

Scan saved at 2007-09-02 21:57:16

Platform: Windows XP Dodatek Service Pack 2 (5.01.2600)

MSIE: Internet Explorer (7.00.6000.16512)


Running processes:

C:\WINDOWS\system32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\G DATA InternetSecurity Trial\AVK\AVKService.exe

C:\Program Files\G DATA InternetSecurity Trial\AVK\AVKWCtl.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\Program Files\EFTP\EFTP3ServerService.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe

C:\Program Files\G DATA InternetSecurity Trial\Firewall\GDFwSvc.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe

C:\Program Files\Apoint2K\ApntEx.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\ZoomingHook.exe

C:\Program Files\Symantec AntiVirus\VPTray.exe

C:\WINDOWS\system32\TPSMain.exe

C:\WINDOWS\RTHDCPL.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\agrsmmsg.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis3a.exe

C:\WINDOWS\system32\drivers\setup\manager.exe

C:\Program Files\G DATA InternetSecurity Trial\AVKTray\AVKTray.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\drivers\setup\manager.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\Toshiba\Dane aplikacji\m\flec006.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\G DATA InternetSecurity Trial\Firewall\GDFirewallTray.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Documents and Settings\Toshiba\Dane aplikacji\Gamers Tower\Multi User Desktop 2004\Default\Web\deckardsystemscanner.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,c:\program files\g data internetsecurity trial\avkkid\avkcks.exe

O2 - BHO: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA InternetSecurity Trial\Webfilter\AvkWebIE.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll

O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA InternetSecurity Trial\Webfilter\AvkWebIE.dll

O4 - HKEY_LOCAL_MACHINE\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKEY_LOCAL_MACHINE\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"

O4 - HKEY_LOCAL_MACHINE\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe"

O4 - HKEY_LOCAL_MACHINE\..\Run: [CeEKEY] "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe"

O4 - HKEY_LOCAL_MACHINE\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" hwSetUP

O4 - HKEY_LOCAL_MACHINE\..\Run: [TPNF] "C:\Program Files\TOSHIBA\TouchPad\TPTray.exe"

O4 - HKEY_LOCAL_MACHINE\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe"

O4 - HKEY_LOCAL_MACHINE\..\Run: [Tvs] "C:\Program Files\TOSHIBA\Tvs\TvsTray.exe"

O4 - HKEY_LOCAL_MACHINE\..\Run: [DDWMon] "C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe"

O4 - HKEY_LOCAL_MACHINE\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16

O4 - HKEY_LOCAL_MACHINE\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKEY_LOCAL_MACHINE\..\Run: [Zooming] ZoomingHook.exe

O4 - HKEY_LOCAL_MACHINE\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKEY_LOCAL_MACHINE\..\Run: [TPSMain] TPSMain.exe

O4 - HKEY_LOCAL_MACHINE\..\Run: [SVPWUTIL] "C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" SVPwUTIL

O4 - HKEY_LOCAL_MACHINE\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKEY_LOCAL_MACHINE\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe

O4 - HKEY_LOCAL_MACHINE\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKEY_LOCAL_MACHINE\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKEY_LOCAL_MACHINE\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKEY_LOCAL_MACHINE\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKEY_LOCAL_MACHINE\..\Run: [pdfFactory Pro Dyspozytor v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM

O4 - HKEY_LOCAL_MACHINE\..\Run: [EFTP3Server] C:\Program Files\EFTP\EFTP3Server.exe

O4 - HKEY_LOCAL_MACHINE\..\Run: [manager] "C:\Windows\System32\drivers\setup\manager.exe"

O4 - HKEY_LOCAL_MACHINE\..\Run: [PCSuiteTrayApplication] "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup

O4 - HKEY_LOCAL_MACHINE\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKEY_LOCAL_MACHINE\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min

O4 - HKEY_LOCAL_MACHINE\..\Run: [AVKTray] "C:\Program Files\G DATA InternetSecurity Trial\AVKTray\AVKTray.exe"

O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU\..\Run: [manager] "C:\Windows\System32\drivers\setup\manager.exe"

O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe

O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\Toshiba\Dane aplikacji\m\flec006.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Szybkie uruchamianie programu Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

O4 - Global Startup: NewShortcut2.lnk = C:\Program Files\G DATA InternetSecurity Trial\Firewall\GDFirewallTray.exe

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: (no name) - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll

O9 - Extra button: Pop-Up Blocker - {84536FE2-ABCD-3586-DCAB-40E286323737} - C:\Program Files\WINnerTweak3\PopUp Blocker.exe

O9 - Extra 'Tools' menuitem: Pop-Up Blocker - {84536FE2-ABCD-3586-DCAB-40E286323737} - C:\Program Files\WINnerTweak3\PopUp Blocker.exe

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)

O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL

O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll

O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Usługa konfiguracji Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe

O23 - Service: Adobe LM Service - Adobe Systems - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: EFTP3 Server (EFTP3Server) - Lester Clayton Limited - C:\Program Files\EFTP\EFTP3ServerService.exe /startedbyscm:3FDC8373-40E29588-EFTP3Server

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"

O23 - Service: ServiceLayer - Nokia. - "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe




-- Files created between 2007-08-02 and 2007-09-02 -----------------------------


2007-09-02 14:50:40 0 d-------- C:\Program Files\Opera

2007-09-01 17:58:39 20096 --a------ C:\WINDOWS\system32\drivers\GDNdisIc.sys 

2007-09-01 17:57:19 0 d-------- C:\WINDOWS\gear_dlls

2007-09-01 17:56:24 0 d-------- C:\Program Files\Common Files\G DATA

2007-09-01 17:56:23 0 d-------- C:\Program Files\G DATA InternetSecurity Trial

2007-09-01 14:26:29 0 d-------- C:\Program Files\FlashGet

2007-08-28 21:18:59 588 --a------ C:\starter

2007-08-28 21:06:30 570 --a------ C:\indie podr z zar

2007-08-28 20:51:58 0 d-------- C:\Program Files\WinAVI Video Converter

2007-08-28 00:24:31 156421 --a------ C:\watch

2007-08-27 23:18:43 28672 --a------ C:\WINDOWS\system32\AVEQ.dll

2007-08-27 23:18:41 0 d-------- C:\Program Files\Allok MPEG4 Converter

2007-08-27 21:05:16 0 d-------- C:\Program Files\Allok Video to 3GP Converter

2007-08-27 11:13:52 0 d-------- C:\Program Files\eSkiMoS R2

2007-08-27 11:12:36 0 d-------- C:\Program Files\eSeMeS 3.0

2007-08-27 11:07:05 0 d-------- C:\Program Files\Dragonmount Networks

2007-08-26 23:58:48 0 d-------- C:\Program Files\PopCap Games

2007-08-23 21:27:04 16 --a------ C:\WINDOWS\popcinfo.dat

2007-08-23 02:43:22 0 d-------- C:\Program Files\IncrediMail

2007-08-14 08:43:37 2368 --a------ C:\WINDOWS\system32\SVKP.sys 

2007-08-13 17:02:53 0 d-------- C:\Program Files\40tude Dialog

2007-08-07 15:18:59 0 d-------- C:\Program Files\MegauploadToolbar

2007-08-05 16:00:39 0 d-------- C:\Program Files\SUPERAntiSpyware

2007-08-05 15:57:28 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-08-04 21:01:36 0 d-------- C:\Program Files\Trend Micro

2007-08-03 21:32:36 164 --a------ C:\install.dat

2007-08-02 12:49:53 0 d-------- C:\Program Files\WinXMedia

2007-08-02 12:47:55 0 d-------- C:\Program Files\Allok 3GP PSP MP4 iPod Video Converter



-- Find3M Report ---------------------------------------------------------------


2007-09-02 21:40:39 0 d-------- C:\Program Files\Symantec AntiVirus

2007-09-02 21:07:26 0 d-------- C:\Program Files\EFTP

2007-09-02 20:36:32 0 d-------- C:\Documents and Settings\Toshiba\Dane aplikacji\MegauploadToolbar

2007-09-02 14:51:55 0 d-------- C:\Documents and Settings\Toshiba\Dane aplikacji\Opera

2007-09-02 11:58:58 0 d--h----- C:\Documents and Settings\Toshiba\Dane aplikacji\m

2007-09-02 10:50:27 0 d-------- C:\Program Files\eMule

2007-09-01 17:56:24 0 d-------- C:\Program Files\Common Files

2007-09-01 17:56:08 0 d--h----- C:\Program Files\InstallShield Installation Information

2007-09-01 17:55:45 0 d-------- C:\Documents and Settings\Toshiba\Dane aplikacji\InstallShield

2007-09-01 17:30:34 0 d-------- C:\Documents and Settings\Toshiba\Dane aplikacji\Azureus

2007-08-29 10:10:38 16686 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys

2007-08-27 12:10:39 0 d-------- C:\Program Files\Dictionnaire

2007-08-27 12:10:37 0 d-------- C:\Program Files\DivX

2007-08-27 11:16:57 0 d-------- C:\Documents and Settings\Toshiba\Dane aplikacji\eSkiMoS R2

2007-08-25 22:02:56 0 d-------- C:\Documents and Settings\Toshiba\Dane aplikacji\LimeWire

2007-08-24 18:24:54 0 d-------- C:\Documents and Settings\Toshiba\Dane aplikacji\Tlen.pl

2007-08-24 15:00:02 0 d-------- C:\Program Files\Norton Security Scan

2007-08-23 02:35:24 0 d-------- C:\Program Files\Kalendarz XP

2007-08-22 08:48:50 0 d-------- C:\Program Files\Lx_cats

2007-08-13 15:26:59 0 d-------- C:\Documents and Settings\Toshiba\Dane aplikacji\Mozilla

2007-08-13 15:26:51 0 d-------- C:\Documents and Settings\Toshiba\Dane aplikacji\Thunderbird

2007-08-10 18:38:01 0 d-------- C:\Program Files\QuickTime

2007-08-08 16:17:37 0 d-------- C:\Documents and Settings\Toshiba\Dane aplikacji\Grisoft

2007-08-05 16:00:38 0 d-------- C:\Documents and Settings\Toshiba\Dane aplikacji\SUPERAntiSpyware.com

2007-08-03 22:38:11 0 d-------- C:\Documents and Settings\Toshiba\Dane aplikacji\GetRightToGo

2007-08-01 22:37:11 0 d-------- C:\Program Files\HyperSnap 6

2007-08-01 13:02:29 0 d-------- C:\Documents and Settings\Toshiba\Dane aplikacji\WinRAR

2007-08-01 12:44:30 0 d-------- C:\Program Files\YouTube Video Downloader

2007-07-30 20:00:58 0 d-------- C:\Program Files\directx

2007-07-25 06:53:33 447958 --a------ C:\Documents and Settings\Toshiba\Dane aplikacji\NMM-MetaData.db

2007-07-23 19:42:35 0 d-------- C:\Documents and Settings\Toshiba\Dane aplikacji\PC Suite

2007-07-23 00:05:50 0 d-------- C:\Documents and Settings\Toshiba\Dane aplikacji\Nokia Multimedia Player

2007-07-22 22:10:35 0 d-------- C:\Program Files\TOSHIBA

2007-07-22 21:57:55 0 d-------- C:\Program Files\Google

2007-07-21 15:15:41 0 d-------- C:\Documents and Settings\Toshiba\Dane aplikacji\Skype

2007-07-13 21:17:43 56 -r-hs---- C:\WINDOWS\system32\D587EE2188.sys

2007-07-13 12:18:50 0 d-------- C:\Documents and Settings\Toshiba\Dane aplikacji\Ahead

2007-07-13 09:59:20 0 d-------- C:\Documents and Settings\Toshiba\Dane aplikacji\Nokia

2007-07-12 18:59:23 0 d-------- C:\Program Files\IVT Corporation

2007-07-11 23:12:03 0 d-------- C:\Program Files\Common Files\Nokia

2007-07-11 23:12:01 0 d-------- C:\Program Files\Common Files\PCSuite

2007-07-11 23:11:57 0 d-------- C:\Program Files\Nokia

2007-07-11 23:11:44 0 d-------- C:\Program Files\DIFX

2007-07-11 23:11:21 0 d-------- C:\Program Files\PC Connectivity Solution

2007-07-08 16:48:18 0 d-------- C:\Documents and Settings\Toshiba\Dane aplikacji\COWON



-- Registry Dump ---------------------------------------------------------------


*Note* empty entries & legit default entries are not shown



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-03-17 15:37]

"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-23 22:40]

"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-22 15:34]

"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2006-03-16 13:27]

"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 13:45]

"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2006-04-04 14:57]

"SmoothView"="C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe" []

"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 13:11]

"DDWMon"="C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-28 11:49]

"LXBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-03-17 13:30]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-05-17 18:40]

"Zooming"="ZoomingHook.exe" [2005-06-06 09:58 C:\WINDOWS\system32\ZoomingHook.exe]

"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-05-17 18:48]

"TPSMain"="TPSMain.exe" [2005-09-13 10:01 C:\WINDOWS\system32\TPSMain.exe]

"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 13:45]

"RTHDCPL"="RTHDCPL.EXE" [2006-04-18 06:34 C:\WINDOWS\RTHDCPL.exe]

"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 17:06]

"NDSTray.exe"="NDSTray.exe" []

"AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 08:22 C:\WINDOWS\agrsmmsg.exe]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-24 11:13]

"pdfFactory Pro Dyspozytor v3"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2007-04-07 10:59]

"EFTP3Server"="C:\Program Files\EFTP\EFTP3Server.exe" [2006-01-10 23:00]

"manager"="C:\Windows\System32\drivers\setup\manager.exe" [2007-07-06 04:15]

"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

"Flashget"="C:\Program Files\FlashGet\flashget.exe" [2007-08-02 08:36]

"AVKTray"="C:\Program Files\G DATA InternetSecurity Trial\AVKTray\AVKTray.exe" [2007-04-24 10:02]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 12:04]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-12-16 13:57]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-11 12:59]

"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2007-02-12 12:01]

"TransparentTaskBar"="" []

"manager"="C:\Windows\System32\drivers\setup\manager.exe" [2007-07-06 04:15]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-08-23 17:22]

"hldrrr"="C:\WINDOWS\system32\hldrrr.exe" []

"mule_st_key"="C:\Documents and Settings\Toshiba\Dane aplikacji\m\flec006.exe" [2007-09-02 20:07]


[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog


C:\Documents and Settings\Toshiba\Menu Start\Programy\Autostart\

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-15 18:22:30]

Szybkie uruchamianie programu Microsoft Office OneNote 2003.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 14:06:14]

Trend Micro Anti-Spyware.lnk - C:\Program Files\Trend Micro\Tmasy\Tmasy.exe [2007-08-04 21:01:39]


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-15 18:22:30]

Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-01-18 14:48:42]

NewShortcut2.lnk - C:\Program Files\G DATA InternetSecurity Trial\Firewall\GDFirewallTray.exe [2007-09-01 17:58:30]

RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2007-04-29 12:39:27]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"NoDispCPL"=0 (0x0)

"NoDispBackgroundPage"=0 (0x0)

"NoDispSettingsPage"=0 (0x0)

"NoDispScrSavPage"=0 (0x0)

"DisableRegistryTools"=0 (0x0)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=0 (0x0)


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"=0 (0x0)

"NoPropertiesMyComputer"=0 (0x0)

"NoFileAssociate"=0 (0x0)

"NoRun"=0 (0x0)

"NoSMHelp"=0 (0x0)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoActiveDesktop"=1 (0x1)

"NoRecentDocsHistory"=0 (0x0)

"ClearRecentDocsOnExit"=0 (0x0)

"NoTrayItemsDisplay"=0 (0x0)


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="C:\WINDOWS\system32\userinit.exe,c:\program files\g data internetsecurity trial\avkkid\avkcks.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Google Updater.lnk]

backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Toshiba^Menu Start^Programy^Autostart^OpenOffice.org 2.0.3.lnk]

backup=C:\WINDOWS\pss\OpenOffice.org 2.0.3.lnkStartup



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CafeNews]

C:\Program Files\Press-Service\CafeNews\CN.exe /autostart


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]

CFSServ.exe -NoClient


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EFTP3Server]

C:\Program Files\EFTP\EFTP3Server.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5200 series]

"C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program Files\QuickTime\qttask.exe" -atboottime


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]

"C:\Program Files\Unlocker\UnlockerAssistant.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

C:\Program Files\Winamp\winampa.exe



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26ceab12-9f0d-11db-b999-0016e3852cf0}]

Open(&0)\command- Recycled\ctfmon.exe





-- End of Deckard's System Scanner: finished at 2007-09-02 21:59:27 ------------

jessica · 2 Wrzesień 2007 20:46

W logu widać, że tego pliku nie ma, więc sfiksuj ten wpis w Hijacku:

>>Hijack>>scan(Do a system scan only)>>zaznacz je >> Fix checked.

Też sfiksuj w Hijacku:

>>Hijack>>scan(Do a system scan only)>>zaznacz je >> Fix checked.

Potem:

>>Start >>> Uruchom >>> wybierz (lub wpisz) cmd >> zastosować te komendy (po każdej wciśnij “ENTER”):

Sprawdź je na http://virusscan.jotti.org/

Opis, jak korzystać z JOTTI --> http://otfans.pl/forums/showthread.php?tid=552

albo na http://www.virustotal.com/en/indexf.html

(korzysta się podobnie jak z JOTTI).

Infekcja z pendrive - zrób tak:

EDIT:

Zapomniałam o ukrytych usługach tego Rootkita.

Nawet nie wiemy, jakie w tym przypadku wystąpiły usługi.

Będziemy próbować po kilei te, które znam (jeśli jest jakaś nowa, to nie usuniemy):

>>Start >>> Uruchom >>> wybierz (lub wpisz) cmd >> zastosować te komendy (po każdej wciśnij “ENTER”):

jessi

agnieszka_ax · 2 Wrzesień 2007 20:55

ło matko brzmi groźnie:) ale się biorę za czytanie i stosowanie dzieki:) zobaczymy jaki będzie skutek…

Złączono Posta : 02.09.2007 (Nie) 23:52

Niby pliki są ok ale: http://img301.imageshack.us/my.php?image=malwareeu2.png link do wyników manager exe

oraz http://img230.imageshack.us/my.php?imag … re3kb3.jpg dla D587EE2188.sys

Gutek · 2 Wrzesień 2007 21:52

Po wszystkim - Pobierz program SDFix

agnieszka_ax · 2 Wrzesień 2007 21:56

do tego nie znalazł ścieżki:(

Które jeszcze pliki miałam skasować? wklepałam mu jeszcze

C:\WINDOWS\exefnd

C:\WINDOWS\system32\trusted.exe

ale ich nie znalazł.