Moj komputer rozsyła spam, zamieszczam log

Dzioorga · 28 Listopad 2007 21:40

Mam problem, moj komputer rozsyła spam, proszę o pomoc.

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:17:58, on 2007-11-28 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\ATK0100\HControl.exe C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\ASUS\NB Probe\NBProbe.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Lexmark 5200 series\lxbtbmon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe C:\Program Files\Last.fm\LastFMHelper.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM…\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe” O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM…\Run: [soundMAX] “C:\Program Files\Analog Devices\SoundMAX\Smax4.exe” /tray O4 - HKLM…\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe O4 - HKLM…\Run: [NB Probe] C:\Program Files\ASUS\NB Probe\NBProbe.exe O4 - HKLM…\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [Lexmark 5200 series] “C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe” O4 - HKLM…\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16 O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [sDTray] “C:\Program Files\Spyware Doctor\SDTrayApp.exe” O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart O4 - HKCU…\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms … b31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi … b31267.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour … se4009.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me … b31267.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/ … taller.exe O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So … b31267.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe – End of file - 10400 bytes

Gutek · 28 Listopad 2007 22:56

usuń wpis HJT

Daj log z ComboFix

Dzioorga · 29 Listopad 2007 11:18

wyrzuciłam tamten wpis, a tu log z combofix:

ComboFix 07-11-19.4C - user 2007-11-29 12:07:22.2 - FAT32 x86

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.78 [GMT 1:00]

Running from: E:\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Previous Run -------

.

D:\Autorun.inf

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\LEGACY_ICF

((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-29 )))))))))))))))))))))))))))))))

.

2007-11-28 22:17

2007-11-28 22:05

2007-11-28 22:04

2007-11-28 22:04 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

2007-11-28 22:04 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2007-11-28 22:04 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2007-11-28 22:04 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2007-11-28 22:04 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2007-11-27 10:31 24,064 --a------ C:\WINDOWS\system32\icf.exe

2007-11-25 19:17

2007-11-15 17:34

2007-11-05 22:08

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-28 19:02 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\Panasonic

2007-10-28 18:00 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\Apple Computer

2007-10-25 16:44 8,488,960 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll

2007-10-20 21:27 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\Super-Cow

2007-10-17 17:42 --------- d-----w C:\Program Files\Virtual Earth 3D

2007-10-04 19:41 --------- d-----w C:\Program Files\Microsoft Works

2007-10-04 19:40 --------- d-----w C:\Program Files\Microsoft.NET

2007-10-04 19:37 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help

2007-09-06 11:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-09-06 11:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr

2007-07-03 14:31 774,144 ----a-w C:\Program Files\RngInterstitial.dll

2007-04-07 16:36 61,194 ----a-w C:\Program Files\setuplog.txt

.

((((((((((((((((((((((((((((( snapshot@2007-11-29_11.59.24.93 )))))))))))))))))))))))))))))))))))))))))

.

2007-11-29 11:04:18 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_60c.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 13:00]

“OM_Monitor”=“C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe” [2006-05-16 17:51]

“updateMgr”=“c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” [2006-03-30 16:45]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“HControl”=“C:\WINDOWS\ATK0100\HControl.exe” [2005-07-28 09:29]

“RemoteControl”=“C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe” [2004-11-02 20:24]

“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50]

“SoundMAXPnP”=“C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe” [2004-10-14 10:11]

“SoundMAX”=“C:\Program Files\Analog Devices\SoundMAX\Smax4.exe” [2004-09-23 13:41]

“ASUS Live Update”=“C:\Program Files\ASUS\ASUS Live Update\ALU.exe” [2003-09-19 12:54]

“NB Probe”=“C:\Program Files\ASUS\NB Probe\NBProbe.exe” [2005-07-27 17:07]

“Power_Gear”=“C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe” [2005-06-16 15:48]

“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2005-05-11 09:03]

“ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2005-05-31 21:05]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-09-06 12:06]

“OM_Monitor”=“C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe” [2006-05-16 17:50]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11]

“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-04-06 21:18]

“Lexmark 5200 series”=“C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe” [2004-02-24 19:15]

“LXBTCATS”=“C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll” [2004-02-23 15:47]

“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2007-07-03 09:26]

“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2007-05-15 00:22]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 13:00]

C:\Documents and Settings\user\Menu Start\Programy\Autostart\

Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

ASUS ChkMail.lnk - C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe [2006-03-27 16:28:12]

Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-05-28 15:25:20]

AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 16:18:22]

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-07-12 15:06:52]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

R2 ghaio;ghaio;??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys

R3 ASNDIS5;ASNDIS5 Protocol Driver;??\C:\WINDOWS\system32\ASNDIS5.SYS

R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys

R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys

S3 Asushwio;Asushwio;??\C:\WINDOWS\system32\drivers\Asushwio.sys

S3 ipswuio;ipswuio;C:\WINDOWS\system32\DRIVERS\ipswuio.sys

S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys

S3 usbstor;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

S3 ZDCndis5;ZDCndis5 Protocol Driver;??\C:\WINDOWS\system32\ZDCndis5.SYS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{2302f176-20b6-11db-a40f-0017311fa8f6}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

\Shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{2980c5c2-878b-11dc-a608-0017311fa8f6}]

\Shell\AutoRun\command - EXPLORER.EXE

\Shell\explore\Command - EXPLORER.EXE

\Shell\open\Command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{a7dbfd6c-09f3-11dc-a529-0017311fa8f6}]

\Shell\AutoRun\command - EXPLORER.EXE

\Shell\explore\Command - EXPLORER.EXE

\Shell\open\Command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{d0de0aea-1d83-11dc-a55d-0017311fa8f6}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

\Shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{d0de0aec-1d83-11dc-a55d-0017311fa8f6}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

\Shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{e94742a0-fc7b-11db-a51a-0017311fa8f6}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

\Shell\Open(&0)\command - Recycled\ctfmon.exe

.

**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-29 12:10:49

Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-11-29 12:11:25

.

— E O F —

Gutek · 29 Listopad 2007 22:48

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Dzioorga · 30 Listopad 2007 08:27

Teraz wszystko jest ok. Bardzo dziekuję za pomoc!