IEXPLOLER.EXE Taskmgr

Sneek_Destroy · 19 Listopad 2007 15:27

Witam! Mam mały problem.

Po godzinie lub dwóch, nagle zaczynają napływać procesy IEXPLOLER.EXE, z dużych wszystko, jest ich przeważnie 10-15… :?

Czy to może być Wirus? Troche przymulają pc…

Włączone programy:

Gadu-Gadu, Mozilla, Avast, Spybot Search & Destroy.

Log z HijackThis:

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:24:39, on 2007-11-19 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\AlienGUIse\wbload.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\windows\services.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\services.exe C:\Free History Eraser\HistoryEraser.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://otservlist.org/k110087.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [services] C:\windows\services.exe O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” O4 - HKLM…\Run: [Windows] C:\WINDOWS\services.exe O4 - HKCU…\Run: [ares] “C:\Ares\Ares.exe” -h O4 - HKCU…\Run: [sPSTEALT] “C:\Free History Eraser\HistoryEraser.exe” /stealt O4 - HKCU…\Run: [Expressivo] “C:\Program Files\ivo\Expressivo Demo\expressivo.exe” -t O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18…\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User ‘Default user’) O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe O4 - Startup: Y’z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe O4 - Startup: Y’z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi … jhtml?p=ZK O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab O17 - HKLM\System\CCS\Services\Tcpip…{2A579FD1-FFC0-4B99-8AA5-91E0EA82FFBE}: NameServer = 194.204.159.1,194.204.152.34 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\ O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe – End of file - 6790 bytes

Gutek · 19 Listopad 2007 17:01

Najpierw automat:

Pobierz program SDFix

Sneek_Destroy · 19 Listopad 2007 18:52

Zrobiłem jak kazałeś

EDIT: NIE DZIAŁA MI COMBOFIX Z TEGO LINKU CO PODAŁEŚ. SPRAWDZAŁEM RÓWNIEŻ ŚCIĄGNĄĆ Z INNYCH SERWERÓW - TO SAMO. PISZE MI ABY UPDATOWAĆ : P

SDFix: Version 1.115 Run by User on 2007-11-19 at 19:38 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting… Normal Mode: Checking Files: Trojan Files Found: C:\DOCUME~1\User\USTAWI~1\Temp\GLF10.tmp.dll - Deleted C:\DOCUME~1\User\USTAWI~1\Temp\GLF66.tmp.dll - Deleted C:\WINDOWS\services.exe - Deleted C:\WINDOWS\system32\tmp1.tmp - Deleted C:\WINDOWS\system32\tmp2.tmp - Deleted C:\WINDOWS\system32\tmp27.tmp - Deleted C:\WINDOWS\system32\tmp2A.tmp - Deleted C:\WINDOWS\system32\tmp3.tmp - Deleted C:\WINDOWS\system32\tmp36.tmp - Deleted C:\WINDOWS\system32\tmp3A4.tmp - Deleted C:\WINDOWS\system32\tmp4.tmp - Deleted C:\WINDOWS\system32\tmp5.tmp - Deleted C:\WINDOWS\system32\tmpE.tmp - Deleted Removing Temp Files… ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-19 19:44:03 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden services & system hive … [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] “h0”=dword:00000000 “khjeh”=hex:f5,9a,e0,dd,4d,45,d4,76,01,a6,d9,29,8a,d1,f2,66,43,9e,e6,2d,d5,… [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] “s1”=dword:236a9b9c “s2”=dword:1101a8bb “h0”=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] “h0”=dword:00000000 “khjeh”=hex:b2,97,ce,72,34,8e,f9,f5,92,50,3e,c4,39,37,35,f9,79,6c,cb,4e,58,… “p0”=“C:\Program Files\DAEMON Tools” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] “a0”=hex:20,01,00,00,77,9b,e2,f8,2c,ab,b4,d8,cb,9a,64,70,e9,52,9c,07,69,… “khjeh”=hex:ef,b0,71,56,73,2c,b5,e7,c3,bb,c6,d2,ad,77,42,56,7b,e5,d4,8d,5f,… [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] “khjeh”=hex:3d,20,49,90,9a,c8,52,72,c9,0b,c6,cb,18,ae,2a,ba,2d,90,44,47,60,… [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] “khjeh”=hex:27,96,87,bf,de,e7,5d,b3,2f,90,01,f7,34,49,3c,5c,ea,9e,7a,2e,82,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] “h0”=dword:00000000 “khjeh”=hex:b2,97,ce,72,34,8e,f9,f5,92,50,3e,c4,39,37,35,f9,79,6c,cb,4e,58,… “p0”=“C:\Program Files\DAEMON Tools” [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] “a0”=hex:20,01,00,00,77,9b,e2,f8,2c,ab,b4,d8,cb,9a,64,70,e9,52,9c,07,69,… “khjeh”=hex:ef,b0,71,56,73,2c,b5,e7,c3,bb,c6,d2,ad,77,42,56,7b,e5,d4,8d,5f,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] “khjeh”=hex:3d,20,49,90,9a,c8,52,72,c9,0b,c6,cb,18,ae,2a,ba,2d,90,44,47,60,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] “khjeh”=hex:27,96,87,bf,de,e7,5d,b3,2f,90,01,f7,34,49,3c,5c,ea,9e,7a,2e,82,… scanning hidden registry entries … [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] “Order”=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,… scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" “C:\Program Files\Messenger\msmsgs.exe”=“C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger” “C:\Program Files\FlashGet\flashget.exe”=“C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget” “C:\Program Files\Electronic Arts\Bitwa o —r˘dziemie II\game.dat”=“C:\Program Files\Electronic Arts\Bitwa o —r˘dziemie II\game.dat:*:Enabled:Bitwa o —r˘dziemiet II” “C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe”=“C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander” “C:\Program Files\EA GAMES\Battlefield 2\BF2.exe”=“C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2” “C:\Program Files\IncrediMail\bin\ImApp.exe”=“C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail” “C:\Program Files\IncrediMail\bin\IncMail.exe”=“C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail” “C:\Program Files\IncrediMail\bin\ImpCnt.exe”=“C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail” “C:\Program Files\Skype\Phone\Skype.exe”=“C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype” [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Remaining Files: --------------- File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: Wed 13 Oct 2004 1,694,208 …SH. — “C:\Program Files\Messenger\msmsgs.exe” Tue 3 Aug 2004 705,024 A.SH. — “C:\Program Files\Outlook Express\MSIMN.EXE” Sun 22 Jul 2007 4,348 …SH. — “C:\Documents and Settings\All Users\DRM\DRMv1.bak” Fri 26 Oct 2007 444 …HR — “C:\Documents and Settings\User\Dane aplikacji\SecuROM\UserData\securom_v7_01.bak” Finished!

ComboFIX - za chwilkę, muszę wyjść z psem…

Gutek · 19 Listopad 2007 21:58

Daj log z ComboFix - ten działa

Sneek_Destroy · 20 Listopad 2007 13:35

Ha! Już wiem o co chodziło. Wystarczyło datę zmienić w zegarku

Oto log:

ComboFix 07-11-08.3 - User 2007-11-10 14:38:01.1 - NTFSx86 Running from: C:\Documents and Settings\User\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\User\Dane aplikacji\FunWebProducts C:\WINDOWS\system32\f3PSSavr.scr . ((((((((((((((((((((((((( Files Created from 2007-10-10 to 2007-11-10 ))))))))))))))))))))))))))))))) . 2007-11-19 21:27 2007-11-19 21:14 2007-11-19 21:12 2007-11-19 21:04 2007-11-19 19:53 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-19 19:38 2007-11-18 22:14 2007-11-18 21:30 2007-11-18 21:23 2007-11-18 21:16 2007-11-18 21:16 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL 2007-11-18 13:13 2007-11-18 02:08 2007-11-16 19:36 2007-11-16 19:35 2007-11-16 19:35 2007-11-16 19:35 36,864 --a------ C:\WINDOWS\system32\wbsys.dll 2007-11-16 17:37 2007-11-16 12:39 2007-11-15 14:44 2007-11-15 14:44 2007-11-15 14:44 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat 2007-11-13 15:56 2007-11-09 06:48 770,048 --a------ C:\WINDOWS\OTMapEditor.exe 2007-11-09 06:48 249,461 --a------ C:\WINDOWS\Tibia.dat 2007-11-09 06:48 25,643 --a------ C:\WINDOWS\map.exe 2007-11-08 18:39 2007-11-06 16:22 2007-10-30 08:01 2007-10-29 07:12 2007-10-29 06:54 2007-10-28 18:15 2007-10-28 18:15 2007-10-28 08:13 2007-10-27 22:15 2007-10-27 21:39 2007-10-27 21:39 2007-10-27 17:22 39 --a------ C:\WINDOWS\TDEVXCW60.DLL 2007-10-27 17:22 39 --a------ C:\WINDOWS\system32\TEVPXCW60.DLL 2007-10-26 20:15 2007-10-25 15:41 2007-10-25 13:40 2007-10-22 19:47 2007-10-21 20:39 2007-10-21 20:39 2007-10-21 20:38 2007-10-21 20:38 2007-10-21 20:36 2007-10-21 20:36 2007-10-21 20:33 2007-10-21 20:32 2007-10-21 20:30 2007-10-21 20:28 2007-10-21 20:28 2007-10-21 20:28 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2007-10-21 20:27 2007-10-18 17:07 2007-10-16 18:32 2007-10-13 14:39 249,856 --------- C:\WINDOWS\Setup1.exe 2007-10-13 14:39 73,216 --a------ C:\WINDOWS\ST6UNST.EXE . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-20 13:16 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-11-20 13:16 --------- d-----w C:\Program Files\EA GAMES 2007-11-19 18:59 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Hamachi 2007-11-18 21:21 --------- d-----w C:\Program Files\FlashGet 2007-11-18 14:55 --------- d-----w C:\Program Files\Metin2_PL 2007-11-18 01:09 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2007-11-17 18:11 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Skype 2007-11-15 13:44 --------- d-----w C:\Program Files\Skype 2007-11-14 15:01 --------- d—a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2007-11-10 07:40 --------- d-----w C:\Program Files\Gadu-Gadu 2007-10-31 09:11 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Tibia 2007-10-28 11:01 20,480 ----a-w C:\WINDOWS\system32\H@tKeysH@@k.DLL 2007-10-28 07:30 --------- d-----w C:\Program Files\Rockstar Games 2007-10-07 13:59 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-10-07 06:34 --------- d-----w C:\Program Files\Common Files\Adobe 2007-10-01 15:15 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\AutoPowerOn 2007-10-01 15:10 310 ----a-w C:\Documents and Settings\User\Dane aplikacji\regdatels.dat 2007-09-29 16:36 729,088 ----a-w C:\WINDOWS\iun6002.exe 2007-09-24 18:33 --------- d-----w C:\Program Files\Common Files\Screaming Bee 2007-09-24 18:33 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Screaming Bee 2007-09-24 18:33 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Screaming Bee 2007-09-21 17:00 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Apple Computer 2007-09-21 16:56 --------- d-----w C:\Program Files\Apple Software Update 2007-09-21 16:56 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple 2007-09-14 14:12 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Soldat 2007-09-11 09:17 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll 2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-06-28 23:43] “nwiz”=“nwiz.exe” [2007-06-28 23:43 C:\WINDOWS\system32\nwiz.exe] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-09-06 11:06] “NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2007-06-28 23:43] “PCSuiteTrayApplication”=“C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe” [2007-06-18 14:10] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” [2007-03-14 02:43] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” [2007-08-31 16:46] [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “Nokia.PCSync”=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog C:\Documents and Settings\User\Menu Start\Programy\Autostart\ RocketDock.lnk - C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe [2006-05-14 21:47:48] UberIcon.lnk - C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe [2006-02-05 13:20:14] Y’z Shadow.lnk - C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe [2002-09-30 20:09:06] Y’z Toolbar.lnk - C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe [2002-09-29 13:41:10] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoResolveSearch”=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled] WgaLogon.dll 2007-03-15 18:16 236928 C:\WINDOWS\system32\WgaLogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “AppInit_DLLs”=wbsys.dll R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys S3 Amps2prt;Trust Ami PS/2 Port Mouse Driver (6);C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] \Shell\AutoRun\command - I:\RunGame.exe . Contents of the ‘Scheduled Tasks’ folder “2007-11-19 15:24:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job” - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-10 14:39:57 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … C:\WINDOWS\erdnt scan completed successfully hidden files: 1 ************************************************************************** . Completion time: 2007-11-10 14:40:55 . — E O F —

Gutek · 20 Listopad 2007 18:39

Powinno być Ok

Sneek_Destroy · 20 Listopad 2007 18:51

Czyli, ten -||-.exe to… co?

Nie mogę znaleźć nigdzie odpowiedzi… ; )

Gutek · 20 Listopad 2007 19:02

który?

Sneek_Destroy · 20 Listopad 2007 19:34

IEXPLORER.EXE, ten o którym była mowa:)

Gutek · 20 Listopad 2007 21:46

Możesz - http://www.liutilities.com/products/win … iexplorer/