Marcin3
(Marcin!)
29 Czerwiec 2007 08:46
#1
Czesc,
Mam ogromny problem z jakimis spyware/wirusami. Pokazuja mi sie takie alerty:
http://img166.imageshack.us/img166/8160 … hitrx6.jpg
http://img180.imageshack.us/img180/4007 … hitbz8.jpg
http://img256.imageshack.us/img256/6376/shitfo8.png
Co najgorsze otwieraja mi jakies strony z oprogramowaniem. Uzywalem Ad-Aware, SuperAntiSpyware, Kaspersky Antivirus, Spybot SD, XoftspySE. Programy te znalazly duzo smieci, trojanow ale nie chca sobie poradzic z tymi alertami. Poradzcie cos. Z gory dzieki za odp.
Monczkin
(Monczkin)
29 Czerwiec 2007 08:57
#2
Marcin! proszę zacząć używać na forum polskiej pisowni.
http://forum.dobreprogramy.pl/viewtopic.php?t=36654
Przeczytać, zastosować się i wkleić loga w tym temacie.
adam9870
(adam9870)
29 Czerwiec 2007 08:58
#3
Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (wszystkie znaczki maja być na zielono, jeżeli któryś z nich będzie na żółto to go zostaw). Po użyciu narzędzia wymagany jest restart.
Użyj narzędzia SmitFraudFix z opcji numer 2 w trybie awaryjnym.
Po wykonaniu pokaż zawartość pliku c:\rapport.txt plus log z ComboFix . Aby zrobić w nim log należy go uruchomić => nacisnąć klawisz Y => czekać cierpliwie i log powinien być w formie pliku .txt o nazwie combofix na partycji C.
Marcin3
(Marcin!)
29 Czerwiec 2007 09:03
#4
Oto moj log:
Logfile of HijackThis v1.99.1 Scan saved at 10:51:33 AM, on 6/29/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\system32\TDispVol.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ltmoh\Ltmoh.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\WINDOWS\system32\dla\DLACTRLW.exe C:\toshiba\ivp\ism\pinger.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\AutoConnect\AutoConnect.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Marcin\Desktop\HijackThis.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gomyron.com/NjU2NA==/2/3560/homepage/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: MSVPS System - {8E6CFDFE-79A8-421C-B854-04081690CE6B} - C:\WINDOWS\ddesupport.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM…\Run: [TFncKy] TFncKy.exe O4 - HKLM…\Run: [TDispVol] TDispVol.exe O4 - HKLM…\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM…\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM…\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM…\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM…\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM…\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM…\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM…\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM…\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM…\Run: [TPSMain] TPSMain.exe O4 - HKLM…\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM…\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM…\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe O4 - HKLM…\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM…\Run: [intelZeroConfig] “C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe” O4 - HKLM…\Run: [intelWireless] “C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” /tf Intel PROSet/Wireless O4 - HKLM…\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM…\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [CnxDslTaskBar] “C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe” “ZTE Corporation\ZXDSL852” O4 - HKLM…\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe” O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [Adobe Photo Downloader] “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe” O4 - HKLM…\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe” O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU…\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU…\Run: [NBJ] “C:\Program Files\Ahead\Nero BackItUp\NBJ.exe” O4 - HKCU…\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll ,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar … vSniff.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://smplyyouknow.spaces.live.com//Ph … nPUpld.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab O17 - HKLM\System\CCS\Services\Tcpip…{58140082-C4FA-483A-9704-985E298438CE}: NameServer = 83.238.255.76 213.241.79.37 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\system32\textwareilluminatorbaseProtocol.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: msole - {3BAD5850-C1D3-40C9-AD18-EB22963EFBFE} - C:\WINDOWS\msole.dll O21 - SSODL: msdde - {57AE6635-FEE2-49DA-BC49-DE245A8D3CF3} - C:\WINDOWS\msdde.dll O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
Złączono Posta : 29.06.2007 (Pią) 11:44
SmitFraudFix v2.197 Scan done at 11:15:34.50, Fri 06/29/2007 Run from C:\Documents and Settings\Marcin \Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler’s .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files Problem while deleting C:\WINDOWS\ddesupport.dll C:\WINDOWS\msole.dll Deleted C:\WINDOWS\msdde.dll Deleted C:\WINDOWS\privacy_danger\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: WAN (PPP/SLIP) Interface DNS Server Search Order: 83.238.255.76 DNS Server Search Order: 213.241.79.37 HKLM\SYSTEM\CCS\Services\Tcpip…{58140082-C4FA-483A-9704-985E298438CE}: NameServer=83.238.255.76 213.241.79.37 HKLM\SYSTEM\CS1\Services\Tcpip…{58140082-C4FA-483A-9704-985E298438CE}: NameServer=83.238.255.76 213.241.79.37 HKLM\SYSTEM\CS3\Services\Tcpip…{58140082-C4FA-483A-9704-985E298438CE}: NameServer=83.238.255.76 213.241.79.37 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] “System”="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler’s .dll »»»»»»»»»»»»»»»»»»»»»»»» Reboot C:\WINDOWS\ddesupport.dll Deleted »»»»»»»»»»»»»»»»»»»»»»»» End Dzieki wielkie. Juz jest ok. Nic mi nie wyskakuje…ufffffffffffffffff
adam9870
(adam9870)
29 Czerwiec 2007 10:06
#5
Proszę jednak dla pewności wkleić log z ComboFix, tak jak pisałem w swoim pierwszym poście w tym temacie.
Marcin3
(Marcin!)
29 Czerwiec 2007 10:51
#6
Oto log z ComboFix:
ComboFix 07-06-18.2 - C:\Documents and Settings\Marcin\Desktop\ComboFix.exe “” - 2007-06-29 12:13:11 - Service Pack 2 NTFS ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\MARCIN~1\Desktop.\internet explorer.lnk ((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-29 ))))))))))))))))))))))))))))))) 2007-06-29 12:12 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-29 11:16 4,950 --a------ C:\WINDOWS\system32\tmp.reg 2007-06-29 11:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-06-29 11:13 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-06-29 11:13 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-06-29 09:58 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2007-06-29 09:53 2007-06-29 01:20 2007-06-29 01:03 2007-06-29 01:02 2007-06-28 23:53 2007-06-28 21:49 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat 2007-06-28 21:49 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat 2007-06-28 21:47 2007-06-28 21:47 2007-06-28 21:46 63,776 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-06-28 21:46 3,039,264 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-06-28 21:31 2007-06-28 20:38 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys 2007-06-28 20:37 2007-06-28 01:13 2007-06-28 01:12 2007-06-19 12:45 2007-06-16 14:00 2007-06-16 14:00 2007-06-09 11:53 2007-06-09 11:11 2007-06-01 12:36 2007-06-01 12:31 2007-05-30 20:17 2007-05-30 19:28 2007-05-30 19:11 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-29 10:11:45 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-06-29 10:02:36 -------- d-----w C:\Program Files\AutoConnect 2007-06-29 07:38:01 -------- d-----w C:\DOCUME~1\MARCIN~1\APPLIC~1\Azureus 2007-06-29 07:37:57 -------- d-----w C:\Program Files\eMule 2007-06-29 07:24:51 -------- d-----w C:\Program Files\Octoshape Streaming Services 2007-06-28 13:26:46 -------- d-----w C:\DOCUME~1\MARCIN~1\APPLIC~1\Skype 2007-06-27 09:28:20 -------- d-----w C:\DOCUME~1\MARCIN~1\APPLIC~1\iSproggler 2007-06-26 19:59:30 -------- d-----w C:\DOCUME~1\MARCIN~1\APPLIC~1\gtk-2.0 2007-06-23 11:58:02 -------- d-----w C:\DOCUME~1\MARCIN~1\APPLIC~1\Google 2007-06-23 11:56:39 -------- d-----w C:\Program Files\Google 2007-06-19 08:15:43 -------- d-----w C:\Program Files\Gadu-Gadu 2007-06-15 20:12:38 5,193 ----a-w C:\WINDOWS\mozver.dat 2007-06-09 09:43:45 -------- d-----w C:\Program Files\RGB 2007-06-01 19:49:05 -------- d-----w C:\Program Files\GIMP-2.0 2007-06-01 10:36:13 -------- d-----w C:\Program Files\iTunes 2007-06-01 10:28:27 -------- d-----w C:\Program Files\Apple Software Update 2007-05-25 18:02:35 -------- d-----w C:\Program Files\Common Files\GTK 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-12 23:50:35 -------- d-----w C:\Program Files\Zajaczek 4.1 2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-04-06 13:31:40 639,066 ----a-w C:\WINDOWS\system32\DivX.dll 2007-04-04 20:14:40 126,800 ----a-w C:\WINDOWS\HPHins12.dat ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04] {5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-10-06 15:20] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] {8E6CFDFE-79A8-421C-B854-04081690CE6B}=C:\WINDOWS\ddesupport.dll [] {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 21:33] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar4.dll [2007-01-20 00:55] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-06-17 23:38] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “TFncKy”=“TFncKy.exe” [] “TDispVol”=“TDispVol.exe” [2005-03-12 01:03 C:\WINDOWS\system32\TDispVol.exe] “THotkey”=“C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe” [2006-01-06 00:02] “SynTPLpr”=“C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [2005-12-16 10:34] “SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2005-12-16 10:32] “LtMoh”=“C:\Program Files\ltmoh\Ltmoh.exe” [2004-08-18 13:37] “AGRSMMSG”=“AGRSMMSG.exe” [2005-10-15 16:29 C:\WINDOWS\agrsmmsg.exe] “NDSTray.exe”=“NDSTray.exe” [] “Tvs”=“C:\Program Files\Toshiba\Tvs\TvsTray.exe” [2005-11-30 22:25] “TPSMain”=“TPSMain.exe” [2005-06-01 07:00 C:\WINDOWS\system32\TPSMain.exe] “PadTouch”=“C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe” [] “SmoothView”=“C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe” [2005-04-27 02:13] “Pinger”=“c:\toshiba\ivp\ism\pinger.exe” [2005-03-18 03:37] “IntelZeroConfig”=“C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe” [2005-12-05 21:37] “IntelWireless”=“C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” [2005-11-28 20:41] “CFSServ.exe”=“CFSServ.exe” [] “{0228e555-4f9c-4e35-a3ec-b109a192b4c2}”=“C:\Program Files\Google\Gmail Notifier\gnotify.exe” [2005-07-15 23:48] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” [2007-03-14 03:43] “CnxDslTaskBar”=“C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe” [2005-07-21 22:52] “SmcService”=“C:\PROGRA~1\Sygate\SPF\smc.exe” [2004-10-15 20:40] “QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-04-27 09:41] “iTunesHelper”=“C:\Program Files\iTunes\iTunesHelper.exe” [2007-05-26 12:45] “HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2006-02-19 03:41] “Adobe Photo Downloader”=“C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe” [2007-03-09 11:09] “igfxtray”=“C:\WINDOWS\system32\igfxtray.exe” [2005-11-28 07:55] “igfxhkcmd”=“C:\WINDOWS\system32\hkcmd.exe” [2005-11-28 07:52] “igfxpers”=“C:\WINDOWS\system32\igfxpers.exe” [2005-11-28 07:55] “ehTray”=“C:\WINDOWS\ehome\ehtray.exe” [2005-08-05 23:56] “dla”=“C:\WINDOWS\system32\dla\DLACTRLW.exe” [2005-10-06 15:20] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-10 14:00] “TOSCDSPD”=“C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe” [2004-12-30 10:32] “AutoConnect”=“C:\Program Files\AutoConnect\AutoConnect.exe” [2004-08-28 20:27] “swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2007-06-17 23:38] “NBJ”=“C:\Program Files\Ahead\Nero BackItUp\NBJ.exe” [2005-02-10 18:00] “Odkurzacz-MCD”=“C:\Program Files\Odkurzacz\odk_mcd.exe” [2007-05-03 10:02] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 16:36] “SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” [2005-05-31 01:04] “SUPERAntiSpyware”=“C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe” [] [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “NETIANET”=C:\Program Files\Netia\Net\netianet.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “InstallVisualStyle”=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles “InstallTheme”=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{30281128-348a-11db-8f9f-001302880278}] AutoRun\command- E:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7726c7ae-392b-11db-8fb0-001302880278}] AutoRun\command- E:\LaunchU3.exe -a Contents of the ‘Scheduled Tasks’ folder 2007-06-26 20:54:06 C:\WINDOWS\tasks\AppleSoftwareUpdate.job 2007-06-29 10:01:54 C:\WINDOWS\tasks\XoftSpySE 2.job 2007-06-28 21:53:42 C:\WINDOWS\tasks\XoftSpySE.job ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-29 12:23:55 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-29 12:25:23 C:\ComboFix-quarantined-files.txt … 2007-06-29 12:25 — E O F —
Mam nadzieje ze wszystko jest w porzadku juz
qrczak13
(qrczak13)
29 Czerwiec 2007 19:16
#7
Do notatnika wklej:
Plik > zapisz jako > zmień rozszerzenie z .txt na wszystkie pliki > zapisz pod nazwą Fix.reg np na
pulpicie > dwuklik na Fix.reg > potwierdzasz > restart.
Czyszczenie rejestru - jv16 PowerTools 2006 1.5.2.350
Poczytaj o zbędnikach w autostarcie.
Optymalizacja i odchudzanie Windows XP