Jak najłatwiej usunąć > Malware.Psguard < (CF log

kid_m · 12 Listopad 2007 20:24

Jak w temacie… Niewiele widzę w tym logu… Ale komputer mam wyraźnie spowolniony. Ad-aware znajduje “malware.psguard”, TAC 7 (winhound.com). Proszę o pomoc.

ComboFix 07-11-08.1 - montaigne 2007-11-12 21:13:10.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.277 [GMT 1:00] Running from: C:\Documents and Settings\montaigne\Pulpit\combo fix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\montaigne\Dane aplikacji\install.dat C:\WINDOWS\regedit.com . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\nm ((((((((((((((((((((((((( Files Created from 2007-10-12 to 2007-11-12 ))))))))))))))))))))))))))))))) . 2007-11-12 21:12 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-12 20:50 2007-11-10 02:48 2007-11-10 00:31 2007-11-10 00:13 2007-11-09 21:46 2007-11-09 21:24 2007-11-08 17:18 2007-11-08 15:22 2007-11-08 15:22 2007-11-07 16:03 2007-11-07 16:03 2007-11-07 15:50 142,976 --a------ C:\WINDOWS\system32\dllcache\usbport.sys 2007-11-07 15:45 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-12 20:16 --------- d-----w C:\Program Files\AutoConnect 2007-11-12 11:53 --------- d-----w C:\Program Files\eMule 2007-11-08 15:31 --------- d-----w C:\Program Files\Winamp 2007-11-08 13:28 --------- d-----w C:\Program Files\Opera 2007-11-07 15:07 --------- d-----w C:\Program Files\Mozilla Thunderbird 2007-11-07 15:06 --------- d-----w C:\Program Files\Common Files\Adobe 2007-11-07 14:43 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-11-07 13:41 --------- d-----w C:\Program Files\MarBit 2007-03-04 18:53:57 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “razer”=“C:\Program Files\Razer\razerhid.exe” [2005-05-17 17:21] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “AtiTrayTools”=“C:\Program Files\Radeon Omega Drivers\v3.8.221\ATI Tray Tools\atitray.exe” [] “AutoConnect”=“C:\Program Files\AutoConnect\AutoConnect.exe” [2004-08-28 19:27] “DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2007-08-16 12:24] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “AppInit_DLLs”=wbsys.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^montaigne^Menu Start^Programy^Autostart^uTorrent 1.6.1.exe] path=C:\Documents and Settings\montaigne\Menu Start\Programy\Autostart\uTorrent 1.6.1.exe backup=C:\WINDOWS\pss\uTorrent 1.6.1.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA] atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aupd] C:\WINDOWS\system32\symsvcsa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] “C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” /min [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare] “C:\Program Files\BearShare\BearShare.exe” /pause [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlPanel] C:\WINDOWS\system32\cmd32.exe internat.dll,LoadKeyboardProfile [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Explorer32] C:\WINDOWS\system32\efsdfgxg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\intell32.exe] C:\WINDOWS\system32\intell32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] “C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Konnekt] “C:\Program Files\Konnekt\konnekt.exe” /autostart [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility] Logi_MwX.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PayTime] C:\WINDOWS\system32\paytime.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\razer] C:\Program Files\Razer\razerhid.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run] C:\WINDOWS\inet20099\winlogon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shell] “C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] “C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” -Embedding -boot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\usbn] C:\WINDOWS\system32\usbn.exe -go -c200 -w1 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] “C:\Program Files\Winamp\Winampa.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows installer] C:\winstall.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinHound] C:\Program Files\WinHound\WinHound.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xp_system] C:\WINDOWS\inet20099\winlogon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\µTorrent] “C:\Documents and Settings\montaigne\Pulpit\utorrent.exe” R3 Razerlow;Razerlow USB Filter Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys S1 atitray;atitray;??\C:\Program Files\Radeon Omega Drivers\v3.8.221\ATI Tray Tools\atitray.sys S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys S3 SQLWriter;SQL Server VSS Writer;“C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe” S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{d9d87f94-78b0-11dc-92ad-00e04ce88c00}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe \Shell\Open(&0)\command - Recycled\ctfmon.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{f367c3c2-9331-11da-a3d2-4d6564696130}] \Shell\AutoRun\command - H:\AutoRun.exe .

Gutek · 12 Listopad 2007 20:58

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Optymalizacja XP: http://forum.dobreprogramy.pl/viewtopic.php?t=76580 + optymalizacja Autostartu

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

Opis RegCleaner - http://www.agavk.p9.pl/strony/progra_regcleaner.php

Zobacz - Obsługa jv16 PowerTools

kid_m · 13 Listopad 2007 00:35

dzięki !