M_a_r_i_o
(Mario 89)
31 Sierpień 2007 15:30
#1
Witam
Od 2 dni coś komp dziwnie chodzi. SpyBot wykrył jakieś wpisy które wyłączały AntyVirus’a, Update i Firewall.
Usunąłem ale dalej chodzi dziwnie jakoś… sie tnie częściej itp
log z HJ jest czysty więc daje z SilentRuners’a
“Silent Runners.vbs”, revision 46, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “SpybotSD TeaTimer” = “C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” [“Safer Networking Limited”] “ctfmon.exe” = “C:\WINDOWS\system32\ctfmon.exe” [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [“ALWIL Software”] “cFosSpeed” = “C:\Program Files\cFosSpeed\cFosSpeed.exe” [“cFos Software GmbH”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {00011268-E188-40DF-A514-835FCD78B1BF}(Default) = (no title provided) -> {HKLM…CLSID} = “IE7pro BHO” \InProcServer32(Default) = “C:\Program Files\IE7pro\IE7pro.dll” [“IE7pro.com ”] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\PROGRA~1\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll” [“Sun Microsystems, Inc.”] {F156768E-81EF-470C-9057-481BA8380DBA}(Default) = (no title provided) -> {HKLM…CLSID} = “gFlash Class” \InProcServer32(Default) = “C:\PROGRA~1\FlashGet\getflash.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MI1933~1\OFFICE11\MLSHEXT.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MI1933~1\OFFICE11\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] “{453D1B6D-BD6A-4FA1-B876-9E4DD848D434}” = “AQQ File Transfer Shell Extension” -> {HKLM…CLSID} = “AQQ File Transfer Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\Wapster\AQQ\System\AQQSHE~1.DLL” [null data] “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” = “UnlockerShellExtension” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “C:\Program Files\Unlocker\UnlockerCOM.dll” [null data] “{640167b4-59b0-47a6-b335-a6b3c0695aea}” = “Portable Media Devices” -> {HKLM…CLSID} = “Portable Media Devices” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{35786D3C-B075-49b9-88DD-029876E11C01}” = “Portable Devices” -> {HKLM…CLSID} = “Portable Devices” \InProcServer32(Default) = “C:\WINDOWS\system32\wpdshext.dll” [MS] “{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}” = “Portable Devices Menu” -> {HKLM…CLSID} = “Portable Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\wpdshext.dll” [MS] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” -> {HKLM…CLSID} = “RealOne Player Context Menu Class” \InProcServer32(Default) = “C:\Program Files\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”] “{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}” = “iTunes” -> {HKLM…CLSID} = “iTunes” \InProcServer32(Default) = “C:\Program Files\iTunes\iTunesMiniPlayer.dll” [“Apple Inc.”] “{45670FA8-ED97-4F44-BC93-305082590BFB}” = “Microsoft.XPS.Shell.Metadata.1” -> {HKLM…CLSID} = “Windows XPS Document Metadata Handler” \InProcServer32(Default) = “C:\WINDOWS\System32\XPSSHHDR.DLL” [MS] “{44121072-A222-48f2-A58A-6D9AD51EBBE9}” = “Microsoft.XPS.Shell.Thumbnail.1” -> {HKLM…CLSID} = “Windows XPS Document Thumbnail Handler” \InProcServer32(Default) = “C:\WINDOWS\System32\XPSSHHDR.DLL” [MS] “{e82a2d71-5b2f-43a0-97b8-81be15854de8}” = “ShellLink for Application References” -> {HKLM…CLSID} = “ShellLink for Application References” \InProcServer32(Default) = “C:\WINDOWS\system32\dfshim.dll” [MS] “{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}” = “Shell Icon Handler for Application References” -> {HKLM…CLSID} = “Shell Icon Handler for Application References” \InProcServer32(Default) = “C:\WINDOWS\system32\dfshim.dll” [MS] “{23170F69-40C1-278A-1000-000100020000}” = “7-Zip Shell Extension” -> {HKLM…CLSID} = “7-Zip Shell Extension” \InProcServer32(Default) = “C:\Program Files\7Zip\7-zip.dll” [“Igor Pavlov”] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}” -> {HKLM…CLSID} = “WPDShServiceObj Class” \InProcServer32(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll” [MS] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ “AppInit_DLLs” = (value not set) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ 7-ZIP(Default) = “{23170F69-40C1-278A-1000-000100020000}” -> {HKLM…CLSID} = “7-Zip Shell Extension” \InProcServer32(Default) = “C:\Program Files\7Zip\7-zip.dll” [“Igor Pavlov”] AQQFileTransfer(Default) = “{453D1B6D-BD6A-4FA1-B876-9E4DD848D434}” -> {HKLM…CLSID} = “AQQ File Transfer Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\Wapster\AQQ\System\AQQSHE~1.DLL” [null data] avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ 7-ZIP(Default) = “{23170F69-40C1-278A-1000-000100020000}” -> {HKLM…CLSID} = “7-Zip Shell Extension” \InProcServer32(Default) = “C:\Program Files\7Zip\7-zip.dll” [“Igor Pavlov”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] UnlockerShellExtension(Default) = “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “C:\Program Files\Unlocker\UnlockerCOM.dll” [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is enabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 12 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {0026439F-A980-4F18-8C95-4F1CBBF9C1D8}\ “ButtonText” = “IE7pro Preferences” “MenuText” = “IE7pro Preferences” “CLSIDExtension” = “{B119EB0C-C021-46CF-85B0-34A760E0D5FE}” -> {HKLM…CLSID} = “IE7pro ToolsExt” \InProcServer32(Default) = “C:\Program Files\IE7pro\IE7pro.dll” [“IE7pro.com ”] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.5.0_12” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_12” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_12\bin\npjpi150_12.dll” [“Sun Microsystems, Inc.”] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to “Reset Web Settings”) Added lines (compared with English-language version): [strings]: START_PAGE_URL=“http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ” [strings]: MS_START_PAGE_URL=“http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ” Missing lines (compared with English-language version): [strings]: 2 lines HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ HIJACK WARNING! “NavigationFailure” = “res://ieframe.dll/navcancl.htm” [MS] HIJACK WARNING! “DesktopItemNavigationFailure” = “res://ieframe.dll/navcancl.htm” [MS] HIJACK WARNING! “NavigationCanceled” = “res://ieframe.dll/navcancl.htm” [MS] HIJACK WARNING! “OfflineInformation” = “res://ieframe.dll/offcancl.htm” [MS] HIJACK WARNING! “PostNotCached” = “res://ieframe.dll/repost.htm” [MS] HIJACK WARNING! “NoAdd-ons” = “res://ieframe.dll/noaddon.htm” [MS] HIJACK WARNING! “NoAdd-onsInfo” = “res://ieframe.dll/noaddoninfo.htm” [MS] HIJACK WARNING! “SecurityRisk” = “res://ieframe.dll/securityatrisk.htm” [MS] HIJACK WARNING! “Tabs” = “res://ieframe.dll/tabswelcome.htm” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\system32\Ati2evxx.exe” [“ATI Technologies Inc.”] avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [“ALWIL Software”] avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] cFosSpeed System Service, cFosSpeedS, ““C:\Program Files\cFosSpeed\spd.exe” -service” [“cFos Software GmbH”] Kerio Personal Firewall 4, KPF4, ““C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe”” [“Kerio Technologies”] LexBce Server, LexBceS, “C:\WINDOWS\system32\LEXBCES.EXE” [“Lexmark International, Inc.”] Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ HP Master Monitor\Driver = “HPBMMON.DLL” [“Hewlett-Packard”] HP Universal Print Monitor\Driver = “HPMCPMW.DLL” [“Hewlett-Packard”] Lexmark Network Port\Driver = “LEXLMPM.DLL” [“Lexmark International, Inc.”] Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer “No” at the first message box. ---------- (total run time: 30 seconds)
za pomoc wielkie dzięki
qrczak13
(qrczak13)
31 Sierpień 2007 19:43
#2
Do notatnika wklej:
Plik > zapisz jako > zmień rozszerzenie z .txt na wszystkie pliki > zapisz pod nazwą Fix.reg np na
pulpicie > dwuklik na Fix.reg > potwierdzasz > restart.
Daj log z ComboFix (opis zrobienia loga na samym dole strony). Combo już działa.
M_a_r_i_o
(Mario 89)
1 Wrzesień 2007 06:52
#3
Można wiedzieć co powoduje ten fix ?
A oto log
“ADMIN” - 2007-09-01 8:55:27 - ComboFix 07-06-27.7 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-08-01 to 2007-09-01 ))))))))))))))))))))))))))))))) 2007-09-01 08:55 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-08-31 18:14 2007-08-31 18:08 2007-08-31 17:41 2007-08-31 07:14 2007-08-31 07:13 2007-08-30 18:46 2007-08-29 08:44 2007-08-28 15:50 2007-08-28 15:49 2007-08-28 15:44 2007-08-27 12:44 2007-08-27 12:44 2007-08-10 13:13 2007-08-08 08:27 684,248 -ra------ C:\WINDOWS\system32\drivers\cfosspeed.sys 2007-08-08 08:24 281,816 --a------ C:\WINDOWS\system32\cfosspeed.dll 2007-08-08 08:14 2007-08-06 20:02 2007-08-06 11:32 2007-08-06 11:30 2007-08-04 10:43 2007-08-04 10:26 69,120 --------- C:\WINDOWS\system32\wlanapi.dll 2007-08-04 10:19 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-09-01 06:53:52 -------- d-----w C:\Program Files\cFosSpeed 2007-08-31 17:13:46 -------- d-----w C:\Program Files\FlashGet 2007-08-31 11:58:31 -------- d-----w C:\Program Files\SpeedFan 2007-08-29 11:04:49 -------- d-----w C:\Program Files\AviScreen classic 2007-08-28 13:01:39 -------- d-----w C:\Program Files\EasyCleaner 2007-08-27 14:11:52 -------- d-----w C:\DOCUME~1\ADMIN\DANEAP~1\Skype 2007-08-26 18:55:17 -------- d-----w C:\Program Files\Opera 2007-08-06 08:53:25 19 -csha-r C:\MSDOS.SYS 2007-08-05 03:53:02 -------- d-----w C:\Program Files\PeerGuardian2 2007-08-04 07:21:30 -------- d-----w C:\Program Files\CDCheck 2007-08-02 17:57:54 -------- d-----w C:\Program Files\Halflife Logo Creator 2007-08-02 11:15:32 -------- d-----w C:\Program Files\Mozilla Thunderbird 2007-07-30 14:20:09 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-07-30 14:10:48 -------- d-----w C:\Program Files\QuickTime 2007-07-27 22:07:21 783,224 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-07-26 17:12:27 -------- d-----w C:\Program Files\McFunSoft Video Solution 2007-07-22 15:42:54 2,882 —ha-w C:\WINDOWS\mozver.dat 2007-07-20 11:46:05 -------- d-----w C:\Program Files\MozBackup 2007-07-17 15:34:24 -------- d-----w C:\Program Files\Sradu 2007-07-14 21:04:48 -------- d-----w C:\Program Files\netbeans-5.5.1 2007-07-14 20:59:58 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-07-14 20:20:05 -------- d-----w C:\Program Files\Apple Software Update 2007-07-14 19:00:38 7,808 ----a-w C:\WINDOWS\system32\drivers\psi_mf.sys 2007-07-14 18:32:13 -------- d-----w C:\Program Files\Odkurzacz 2007-07-11 13:29:39 -------- d-----w C:\Program Files\Lexmark X1100 Series 2007-07-11 09:18:36 -------- dc----w C:\DOCUME~1\ADMIN\DANEAP~1\Vso 2007-07-11 09:18:23 81,920 -c–a-w C:\DOCUME~1\ADMIN\DANEAP~1\ezpinst.exe 2007-07-11 09:18:23 47,360 -c–a-w C:\DOCUME~1\ADMIN\DANEAP~1\pcouffin.sys 2007-07-11 09:18:23 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys 2007-07-03 14:59:24 -------- dc----w C:\DOCUME~1\ADMIN\DANEAP~1\Apple Computer 2007-07-02 17:17:01 80,444 ----a-w C:\WINDOWS\system32\prfc0415.dat 2007-07-02 17:17:01 460,894 ----a-w C:\WINDOWS\system32\prfh0415.dat 2007-06-26 06:10:36 1,104,896 —ha-w C:\WINDOWS\system32\msxml3.dll 2007-06-19 13:32:56 282,112 —ha-w C:\WINDOWS\system32\gdi32.dll 2007-06-13 13:12:07 1,034,752 ----a-w C:\WINDOWS\explorer.exe 2007-06-03 03:56:18 81,920 ----a-w C:\WINDOWS\system32\aakah.dll 2007-06-03 03:56:18 34,272 ----a-w C:\WINDOWS\system32\aakah.sys 2007-06-03 03:56:18 237,568 ----a-w C:\WINDOWS\system32\aaksrv.exe 2007-06-03 03:56:18 20,768 ----a-w C:\WINDOWS\system32\aakbdrv.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {00011268-E188-40DF-A514-835FCD78B1BF}=C:\Program Files\IE7pro\IE7pro.dll [2007-02-10 17:38] {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 04:00] {F156768E-81EF-470C-9057-481BA8380DBA}=C:\PROGRA~1\FlashGet\getflash.dll [2006-09-12 11:50] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-07-28 00:03] “cFosSpeed”=“C:\Program Files\cFosSpeed\cFosSpeed.exe” [2007-06-19 10:19] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” [2007-02-07 16:39] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoRemoteRecursiveEvents”=1 (0x1) “LinkResolveIgnoreLinkInfo”=0 (0x0) “NoResolveSearch”=1 (0x1) “NoUserNameInStartMenu”=1 (0x1) “NoRecentDocsHistory”=1 (0x1) “NoSMMyDocs”=1 (0x1) “NoStartMenuMyMusic”=1 (0x1) “NoSMMyPictures”=1 (0x1) “NoSMHelp”=1 (0x1) “NoSimpleStartMenu”=1 (0x1) “MaxRecentDocs”=5 (0x5) “NoStartMenuMFUprogramsList”=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoSMConfigurePrograms”=1 (0x1) “NoRecentDocsMenu”=1 (0x1) “NoChangeKeyboardNavigationIndicators”=0 (0x0) “NoSharedDocuments”=1 (0x1) “ClearRecentDocsOnExit”=01000000 “NoUserNameInStartMenu”=1 (0x1) “NoRecentDocsHistory”=1 (0x1) “NoLogOff”=0 (0x0) “NoFavoritesMenu”=1 (0x1) “NoSMMyDocs”=1 (0x1) “NoStartMenuMyMusic”=1 (0x1) “NoSMMyPictures”=1 (0x1) “NoSMHelp”=1 (0x1) “NoSimpleStartMenu”=1 (0x1) “MaxRecentDocs”=5 (0x5) “NoStartMenuMFUprogramsList”=1 (0x1) “NoInstrumentation”=0 (0x0) “NoSaveSettings”=0 (0x0) [HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer] “ClearRecentDocsOnExit”=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ] C:\PROGRA~1\Wapster\AQQ\AQQ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare] “C:\Program Files\BearShare\BearShare.exe” /pause [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] “c:\progra~1\cs\steam.exe” -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] “C:\Program Files\Unlocker\UnlockerAssistant.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “UPS”=3 (0x3) “TermService”=3 (0x3) “TapiSrv”=3 (0x3) “SysmonLog”=3 (0x3) “lanmanserver”=2 (0x2) “helpsvc”=2 (0x2) “FastUserSwitchingCompatibility”=3 (0x3) “Eventlog”=2 (0x2) “ERSvc”=2 (0x2) “CiSvc”=3 (0x3) “mnmsrvc”=3 (0x3) “iPod Service”=3 (0x3) “AVP”=3 (0x3) “Pml Driver HPZ12”=2 (0x2) “WZCSVC”=2 (0x2) “Themes”=2 (0x2) “srservice”=2 (0x2) “RDSessMgr”=3 (0x3) “RasMan”=3 (0x3) “RasAuto”=3 (0x3) “Irmon”=2 (0x2) “LmHosts”=2 (0x2) “WMPNetworkSvc”=3 (0x3) “wuauserv”=2 (0x2) “CPUCooLServer”=2 (0x2) “avast! Mail Scanner”=3 (0x3) Contents of the ‘Scheduled Tasks’ folder 2007-07-25 12:01:59 C:\WINDOWS\tasks\AppleSoftwareUpdate.job ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-01 08:58:52 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-09-01 9:00:32 — E O F —
jessica
(jessica)
1 Wrzesień 2007 09:21
#4
Nie widzę w tym logu nic podejrzanego.
A ten Fix powodował usunięcie odpowiednich wartości w kluczach rejestru.
Z tym, że usunięcie przy “appinit” było w pełni uzasadnione, to w pozostałych wartościach uważam, że to było niepotrzebne, bi te wartości klucza były prawidłowe , jeśli ktoś ma “Internet Explorer v. 7”.
Ale to nie moja sprawa…
jessi
M_a_r_i_o
(Mario 89)
1 Wrzesień 2007 16:15
#5
jessica
(jessica)
1 Wrzesień 2007 22:10
#6
Jeśli chcesz, to możesz jeszcze, tak na wszelki wypadek, użyć SDFix
Uwaga: Da się go uruchomić tylko w Trybie Awaryjnym .
Pokaż Report.txt znajdujący się w folderze SDFix.
jessi
M_a_r_i_o
(Mario 89)
2 Wrzesień 2007 10:15
#7
nic nie ma ciekawego w tym logu
a mój ping jeszcze większy