Internet i system zwalnia

Maxsz · 23 Październik 2007 08:03

Witam!

Internet i system strasznie mi zwalnia. svshost.exe już wywaliłem. Obawiam się jednak, że jest coś jeszcze. Proszę o sprawdzenie i pozdrawiam.

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:59:02, on 2007-10-23 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\explorer.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\Mixer.exe C:\WINDOWS\NCLAUNCH.EXe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dziennik.pl/Default.aspx?TabId=14 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - Default URLSearchHook is missing F2 - REG:system.ini: Shell=explorer.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - C:\WINDOWS\system32\ati2dvagvs.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: WeeklyExecuter Class - {f015f320-ab08-11db-abbd-0800200c9a66} - C:\WINDOWS\inetloader.dll O2 - BHO: SpoofBHO Class - {F631AAE2-4C20-11DC-8929-D3F855D89593} - C:\WINDOWS\se_spoof.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM…\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe O4 - HKLM…\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKCU…\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 … plugin.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 2602806625 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/ … 586-jc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s … wflash.cab O20 - AppInit_DLLs: ,wbsys.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe – End of file - 4714 bytes

jessica · 23 Październik 2007 08:21

Możesz usunąć te zaznaczone na czerwono pliki swoim dotychczasowym sposobem, albo:

Ściągnij -->ComboFix.

Wklej do Notatnika :

File::

C:\WINDOWS\system32\ati2dvagvs.dll

C:\WINDOWS\inetloader.dll

C:\WINDOWS\se_spoof.dll

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Potem, bez względu na to, którym sposobem usuwałeś:

Hijackscan(Do a system scan only)zaznacz je Fix checked.

Jeśli użyjesz ComboFixa, to daj z niego log.

jessi

Maxsz · 23 Październik 2007 08:42

Użyłem ComboFixa i wstawiam z niego log:

ComboFix 07-10-23.2 - Ela i Max 2007-10-23 10:32:02.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.673 [GMT 2:00] Running from: C:\Documents and Settings\Ela i Max\Pulpit\ComboFix.exe Command switches used :: C:\Documents and Settings\Ela i Max\Pulpit\CFScript.txt * Created a new restore point FILE:: C:\WINDOWS\inetloader.dll C:\WINDOWS\se_spoof.dll C:\WINDOWS\system32\ati2dvagvs.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\inetloader.dll C:\WINDOWS\NDNuninstall6_38.exe C:\WINDOWS\NDNuninstall7_48.exe C:\WINDOWS\se_spoof.dll C:\WINDOWS\system32\ati2dvagvs.dll C:\WINDOWS\system32\atmfda.dll C:\WINDOWS\system32\bidisplv.dll C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_NPF -------\NPF ((((((((((((((((((((((((( Files Created from 2007-09-23 to 2007-10-23 ))))))))))))))))))))))))))))))) . 2007-10-23 10:31 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-23 09:43 2007-10-23 09:22 2007-10-23 09:22 2007-10-22 23:58 0 --a------ C:\WINDOWS\nsreg.dat 2007-10-17 08:51 94,208 --a------ C:\WINDOWS\system32\vbpng1.dll 2007-10-17 08:51 53,248 --a------ C:\WINDOWS\system32\zlib.dll 2007-10-15 16:41 2007-10-15 15:12 2007-10-12 00:08 2007-10-12 00:08 2007-10-12 00:08 3,036,456 --a------ C:\WINDOWS\system32\BCGCBPRO860u80.dll 2007-10-12 00:08 1,757,184 --a------ C:\WINDOWS\system32\imagX7.dll 2007-10-12 00:08 802,816 --a------ C:\WINDOWS\system32\imagXRA7.dll 2007-10-12 00:08 497,296 --a------ C:\WINDOWS\system32\imagXpr7.dll 2007-10-12 00:08 368,640 --a------ C:\WINDOWS\system32\TwnLib4.dll 2007-10-12 00:08 258,048 --a------ C:\WINDOWS\system32\imagXR7.dll 2007-10-12 00:08 33,576 --a------ C:\WINDOWS\system32\BCGPOleAcc.dll 2007-10-11 16:10 2007-10-09 20:28 2007-10-09 20:28 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-10-09 20:28 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-10-09 20:28 740,442 --a------ C:\WINDOWS\system32\divx.dll 2007-10-09 20:28 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-10-09 20:28 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll 2007-10-09 20:28 73,728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-10-09 20:28 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-10-09 09:20 2007-10-09 09:20 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-10-07 18:56 2007-10-01 21:02 2007-10-01 21:02 24,064 --------- C:\WINDOWS\system32\msxml3a.dll 2007-09-23 23:34 2007-09-23 23:32 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-23 07:15 --------- d-----w C:\Program Files\Lavasoft 2007-10-23 07:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-10-22 17:34 --------- d-----w C:\Documents and Settings\Ela i Max\Dane aplikacji\uTorrent 2007-10-16 19:14 --------- d-----w C:\Program Files\AlienGUIse 2007-10-16 09:58 --------- d-----w C:\Program Files\Winamp 2007-10-11 21:16 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-10-11 21:10 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-10-01 19:01 --------- d-----w C:\Program Files\CyberLink 2007-10-01 09:26 --------- d-----w C:\Program Files\MegauploadToolbar 2007-09-22 11:59 --------- d-----w C:\Program Files\Yamicsoft 2007-09-22 11:44 --------- d-----w C:\Program Files\Common Files\Ahead 2007-09-20 18:00 --------- d-----w C:\Program Files\Gadu-Gadu 2007-09-18 11:59 --------- d-----w C:\Program Files\CoffeeCup Software 2007-09-14 18:27 --------- d-----w C:\Documents and Settings\Ela i Max\Dane aplikacji\SopCast 2007-09-14 18:11 --------- d-----w C:\Program Files\SopCast 2007-09-10 12:35 --------- d-----w C:\Program Files\Gra w ciemno v2 2007 2007-09-01 13:19 --------- d-----w C:\Program Files\Ortalion Entertainment 2007-08-29 18:50 --------- d-----w C:\Program Files\Avery Dennison 2007-08-28 21:25 --------- d-----w C:\Program Files\ESTsoft 2007-06-13 13:23:49 937,984 --sh–r C:\WINDOWS\system32\svshost.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” [2004-08-25 15:25] “ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2004-08-25 13:52] “RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2005-12-07 22:57] “LanguageShortcut”=“C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” [2006-05-18 11:29] “C-Media Mixer”=“Mixer.exe” [2002-10-15 20:00 C:\WINDOWS\mixer.exe] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NCLaunch”=“C:\WINDOWS\NCLAUNCH.EXe” [2007-02-28 15:47] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “appinit_dlls”= ,wbsys.dll S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys S3 HWACCESS;HWACCESS;??\C:\WINDOWS\SYSTEM32\HWACCESS.SYS S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS . ************************************************************************** catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-23 10:34:46 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-23 10:36:30 - machine was rebooted . — E O F —

Już ich nie było.

Złączono Posta : 23.10.2007 (Wto) 14:34

Teraz jest ok?

Pozdrawiam i dzięki za pomoc!

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:33:31, on 2007-10-23 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\Mixer.exe C:\WINDOWS\NCLAUNCH.EXe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\uTorrent\utorrent.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dziennik.pl/Default.aspx?TabId=14 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM…\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe O4 - HKLM…\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKCU…\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 … plugin.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 2602806625 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/ … 586-jc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s … wflash.cab O20 - AppInit_DLLs: ,wbsys.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe – End of file - 4406 bytes

adam9870 · 23 Październik 2007 13:24

Otwórz Notatnik i wklej w nim to:

Z menu Notatnika wybierz Plik >>> Zapisz jako >>> zapisz plik pod nazwą CFScript w miejscu, w którym zapisałeś ComboFixa, czyli w bezpośrednio na Pulpicie.

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe) - tak jak to zostało przedstawione na poniższym obrazku:

Jeśli po przeciągnięciu pliki CFScrit.txt na ikonkę ComboFixa ujrzysz komunikat - “1 or 2” - odpowiedz na niego wciskając klawisz 1.

Po restarcie skasuj folder C:\Qoobox.

Proponuję usunąć Megaupload Toolbar ponieważ jest to Toolbar wątpliwej reputacji. Bowiem zbiera dane o użytkowniki i gdzieś je wysyła, nie wiadomo gdzie.

Po wykonaniu ww. czynności, wklej nowy log z ComboFix.

Maxsz · 23 Październik 2007 15:15

Oto log z ComboFix. I jeszcze jedno: odinstalowalem ten Megaupload Toolbar i teraz jakis blad mi przy starcie systemy wyskakuje

ComboFix 07-10-23.2 - Ela i Max 2007-10-23 17:04:57.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.660 [GMT 2:00] Running from: C:\Documents and Settings\Ela i Max\Pulpit\ComboFix.exe Command switches used :: C:\Documents and Settings\Ela i Max\Pulpit\CFScript.txt * Created a new restore point FILE:: C:\WINDOWS\system32\svshost.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\svshost.exe . ((((((((((((((((((((((((( Files Created from 2007-09-23 to 2007-10-23 ))))))))))))))))))))))))))))))) . 2007-10-23 11:31 2007-10-23 10:31 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-23 09:43 2007-10-23 09:22 2007-10-23 09:22 2007-10-22 23:58 0 --a------ C:\WINDOWS\nsreg.dat 2007-10-17 08:51 94,208 --a------ C:\WINDOWS\system32\vbpng1.dll 2007-10-17 08:51 53,248 --a------ C:\WINDOWS\system32\zlib.dll 2007-10-15 16:41 2007-10-15 15:12 2007-10-12 00:08 2007-10-12 00:08 2007-10-12 00:08 3,036,456 --a------ C:\WINDOWS\system32\BCGCBPRO860u80.dll 2007-10-12 00:08 1,757,184 --a------ C:\WINDOWS\system32\imagX7.dll 2007-10-12 00:08 802,816 --a------ C:\WINDOWS\system32\imagXRA7.dll 2007-10-12 00:08 497,296 --a------ C:\WINDOWS\system32\imagXpr7.dll 2007-10-12 00:08 368,640 --a------ C:\WINDOWS\system32\TwnLib4.dll 2007-10-12 00:08 258,048 --a------ C:\WINDOWS\system32\imagXR7.dll 2007-10-12 00:08 33,576 --a------ C:\WINDOWS\system32\BCGPOleAcc.dll 2007-10-11 16:10 2007-10-09 20:28 2007-10-09 20:28 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-10-09 20:28 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-10-09 20:28 740,442 --a------ C:\WINDOWS\system32\divx.dll 2007-10-09 20:28 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-10-09 20:28 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll 2007-10-09 20:28 73,728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-10-09 20:28 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-10-09 09:20 2007-10-09 09:20 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-10-07 18:56 2007-10-01 21:02 2007-10-01 21:02 24,064 --------- C:\WINDOWS\system32\msxml3a.dll 2007-09-23 23:34 2007-09-23 23:32 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-23 12:33 --------- d-----w C:\Documents and Settings\Ela i Max\Dane aplikacji\uTorrent 2007-10-23 07:15 --------- d-----w C:\Program Files\Lavasoft 2007-10-23 07:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-10-16 19:14 --------- d-----w C:\Program Files\AlienGUIse 2007-10-16 09:58 --------- d-----w C:\Program Files\Winamp 2007-10-11 21:16 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-10-11 21:10 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-10-01 19:01 --------- d-----w C:\Program Files\CyberLink 2007-09-22 11:59 --------- d-----w C:\Program Files\Yamicsoft 2007-09-22 11:44 --------- d-----w C:\Program Files\Common Files\Ahead 2007-09-20 18:00 --------- d-----w C:\Program Files\Gadu-Gadu 2007-09-20 17:56 21,504 ----a-w C:\WINDOWS\system32\adptifav.dll 2007-09-18 11:59 --------- d-----w C:\Program Files\CoffeeCup Software 2007-09-18 09:08 21,504 ----a-w C:\WINDOWS\system32\atkctrsb.dll 2007-09-17 18:41 21,504 ----a-w C:\WINDOWS\system32\ati2dvagvva.dll 2007-09-16 17:53 21,504 ----a-w C:\WINDOWS\system32\atmfdaa.dll 2007-09-15 12:56 21,504 ----a-w C:\WINDOWS\system32\ati2dvagvv.dll 2007-09-14 18:27 --------- d-----w C:\Documents and Settings\Ela i Max\Dane aplikacji\SopCast 2007-09-14 18:11 --------- d-----w C:\Program Files\SopCast 2007-09-13 22:02 21,504 ----a-w C:\WINDOWS\system32\avwava.dll 2007-09-12 15:33 21,504 ----a-w C:\WINDOWS\system32\authza.dll 2007-09-11 13:19 21,504 ----a-w C:\WINDOWS\system32\ATIDEMGRb.dll 2007-09-10 12:35 --------- d-----w C:\Program Files\Gra w ciemno v2 2007 2007-09-10 06:00 21,504 ----a-w C:\WINDOWS\system32\acctresa.dll 2007-09-08 18:55 21,504 ----a-w C:\WINDOWS\system32\Audio3Db.dll 2007-09-08 15:12 21,504 ----a-w C:\WINDOWS\system32\adptifa.dll 2007-09-07 13:31 21,504 ----a-w C:\WINDOWS\system32\ati2dvagv.dll 2007-09-06 08:53 21,504 ----a-w C:\WINDOWS\system32\blackboxav.dll 2007-09-05 08:24 21,504 ----a-w C:\WINDOWS\system32\adsndss.dll 2007-09-04 07:48 21,504 ----a-w C:\WINDOWS\system32\advpacksv.dll 2007-09-03 07:17 21,504 ----a-w C:\WINDOWS\system32\acluiv.dll 2007-09-01 13:19 --------- d-----w C:\Program Files\Ortalion Entertainment 2007-09-01 06:48 21,504 ----a-w C:\WINDOWS\system32\bidisplvs.dll 2007-08-31 22:47 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-08-31 05:15 21,504 ----a-w C:\WINDOWS\system32\adsldpcs.dll 2007-08-29 22:35 21,504 ----a-w C:\WINDOWS\system32\appmgmtsv.dll 2007-08-29 18:50 --------- d-----w C:\Program Files\Avery Dennison 2007-08-28 21:29 21,504 ----a-w C:\WINDOWS\system32\aaaamons.dll 2007-08-28 21:25 --------- d-----w C:\Program Files\ESTsoft 2007-08-28 14:51 21,504 ----a-w C:\WINDOWS\system32\actxprxya.dll 2007-08-27 08:16 21,504 ----a-w C:\WINDOWS\system32\bootvidb.dll 2007-08-26 08:15 21,504 ----a-w C:\WINDOWS\system32\ati2evxxs.dll 2007-08-24 20:32 21,504 ----a-w C:\WINDOWS\system32\ati2cqagb.dll 2007-08-23 20:30 21,504 ----a-w C:\WINDOWS\system32\capicoma.dll 2007-08-22 19:43 21,504 ----a-w C:\WINDOWS\system32\adsldpcb.dll 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-20 08:54 21,504 ----a-w C:\WINDOWS\system32\amstreamb.dll 2007-08-19 08:48 21,504 ----a-w C:\WINDOWS\system32\catsrva.dll 2007-08-18 08:31 21,504 ----a-w C:\WINDOWS\system32\adsnta.dll 2007-08-16 18:56 21,504 ----a-w C:\WINDOWS\system32\advpacks.dll 2007-08-15 11:54 21,504 ----a-w C:\WINDOWS\system32\autodiscv.dll 2007-08-14 11:08 21,504 ----a-w C:\WINDOWS\system32\aaaamonb.dll 2007-08-13 07:07 21,504 ----a-w C:\WINDOWS\system32\ativcoxxv.dll 2007-08-11 16:38 21,504 ----a-w C:\WINDOWS\system32\ccfgnta.dll 2007-08-10 13:56 21,504 ----a-w C:\WINDOWS\system32\advapi32s.dll 2007-08-07 21:40 21,504 ----a-w C:\WINDOWS\system32\bidisplb.dll 2007-08-06 19:37 21,504 ----a-w C:\WINDOWS\system32\browsewma.dll 2007-08-05 16:03 21,504 ----a-w C:\WINDOWS\system32\blackboxa.dll 2007-08-02 20:07 21,504 ----a-w C:\WINDOWS\system32\advapi32a.dll 2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll . ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ----a-w 15,360 2004-08-03 22:44:20 C:\WINDOWS\system32\bak\ctfmon.exe ----a-w 15,360 2004-08-03 22:44:20 C:\WINDOWS\system32\ctfmon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” [2004-08-25 15:25] “ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2004-08-25 13:52] “RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2005-12-07 22:57] “LanguageShortcut”=“C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” [2006-05-18 11:29] “C-Media Mixer”=“Mixer.exe” [2002-10-15 20:00 C:\WINDOWS\mixer.exe] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NCLaunch”=“C:\WINDOWS\NCLAUNCH.EXe” [2007-02-28 15:47] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] “megauploadtoolbar”=C:\DOCUME~1\ELAIMA~1\USTAWI~1\Temp\tbuninstall.exe -df “C:\Program Files\MegauploadToolbar” [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “appinit_dlls”= ,wbsys.dll S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys S3 HWACCESS;HWACCESS;??\C:\WINDOWS\SYSTEM32\HWACCESS.SYS S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS . ************************************************************************** catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-23 17:06:10 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-23 17:06:52 C:\ComboFix2.txt … 2007-10-23 10:36 . — E O F —

Złączono Posta : 23.10.2007 (Wto) 17:43

Jest jeszcze coś do wywalenia?

Gutek · 23 Październik 2007 22:03

Pobierz program SDFix

Maxsz · 24 Październik 2007 18:11

Wstawiam log z SDFixa.

SDFix: Version 1.111 Run by Administrator on 2007-10-24 at 20:02 Microsoft Windows XP [Wersja 5.1.2600] Running From: c:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting… Normal Mode: Checking Files: No Trojan Files Found Removing Temp Files… ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] “C:\Program Files\uTorrent\utorrent.exe”=“C:\Program Files\uTorrent\utorrent.exe:*:Enabled:uTorrent” “C:\Program Files\Gadu-Gadu\gg.exe”=“C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program g˘wny” [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- Files with Hidden Attributes: Sat 1 Sep 2007 56 …SHR — “C:\WINDOWS\system32\36B2C336AA.sys” Sat 1 Sep 2007 3,766 A.SH. — “C:\WINDOWS\system32\KGyGaAvL.sys” Sat 28 Jul 2007 52,224 …SHR — “C:\Program Files\Selteco\Alligator Flash Designer 7 PL\Setup.exe” Finished!

Gutek · 24 Październik 2007 18:52

Jest już Ok

Krzychuu · 24 Październik 2007 19:44

Kosmetyka:

Przejrzyj:

Optymalizacja i odchudzanie Windowsa XP - opis krok po kroku

Czyszczenie i optymalizacja

Optymalizacja systemu windows xp

Optymalizacja XP

Przejrzyj Optymalizację Autostartu.

Czyszczenie rejestru -> jv16 PowerTools lub RegCleaner.