Logfile of HijackThis v1.99.1
Scan saved at 20:54:05, on 2006-07-11
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [˙_zskp`wzwhl^pdciyvsw50inkrwksz_] c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WOOKIT] C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\RunServices: [˙_zskp`wzwhl^pdciyvsw50inkrwksz_] c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.exe
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [˙_zskp`wzwhl^pdciyvsw50inkrwksz_] c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151186987468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151187154984
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C54FEF28-13DF-427A-9E3A-3B8D52C8D44B}: NameServer = 194.204.152.34 217.98.63.164
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Dokumenty\Settings\artm_new.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Unknown owner - C:\Program Files\Norton Internet Security\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: COM Host (comHost) - Unknown owner - C:\Program Files\Norton Internet Security\comHost.exe (file missing)
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbscoms.exe
O23 - Service: Usługa Auto-Protect programu Norton AntiVirus (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Usługa Norton Protection Center (NSCService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
Ściągnij Gmer’a, Przejdź do zakładki cmd i wklej:
w zakładce procesy wybierz opcje zabij wszystko, wybierz Pliki, przejdź do folderu C:\windows\system32 , znajdź _zskwrkni05wsvyicdp^lhwzwp.exe** i **\_zskwrkni05wsvyicdp^lhwzw
p.dll
, podświetl i wybierz usuń.
W cmd wybierz uruchom, w procesy wybierz 3 kropki, uruchom hijackthis i skasuj wpisy:
Restart i Daj log z Gmer’a, ściągnij>>>uruchom>>>przejdź do zakładki “rootkit”>>>wybierz “szukaj”>>>czekaż cierpliwie aż program zakończy prace>>>klikasz “kopiuj”>>>ctrl + v i wklej do posta. + silent runners
Następny problem po uruchomieniu "Gmer"a resetuje się komputer czyli nie mogę zrobić loga
Kiedy Gmer się resetuje ?? Jak robisz loga czy zaraz po uruchomieniu ?? Czy może przy wybraniu opcji ZABIJ WSZYSTKO ??
wczoraj przy robieniu loga prawie pod konirc restart przed chwilą zaraz po uruchomieni restart następne uruchomienie wkleiłem cytat i zabij wszystko i tu kompa nie mogłem zrestartować uzyłem przycisku na jednostce Po uruchomieni bedąc w folderze system 32 znów restart i nie zdążyłem usuną próbuję jeszcze raz
Rozumiem że plików też nie udało się usunąć.
Wpisz w uruchom
Następnie ściągnij killbox http://www.downloads.subratam.org/KillBox.zip Zaznaczasz opcję Delete on reboot + ALL FILES następnie w polu Full Path of File to Delete wklej ścieżki
c:\windows\system32_zskwrkni05wsvyicdp^lhwzw`p.exe
c:\windows\system32_zskwrkni05wsvyicdp^lhwzw`p.dll
C:\Documents and Settings\All Users\Dokumenty\Settings\artm_new.dll
Następnie x- czerwony i restart kompa-dopiero dasz potwierdzenie jak wkleisz ostanią ścieżke pliku
Po wszystki nowe logi Hijackthis silent runners(info w przyklejonych) i dodatkowo wrzuć loga z programu L2Mfix Zrobionego z opcji nr 1. Chce coś sprawdzić czy ten rootkit nie ładuje się w winlogon
do tej pory udało mi sie usunąc te pliki po 2 restartach i nie wiem jak w procesach wybrać 3kropki
No usuwaj wpisy też
To usunołeś ??
Po wszystkim nowe logi i tego dodatkowo L2Mfix co napisałem wyżej
tak usunołem ten cytat zatrzymałem się na tych 3 kropkach jak to zrobić sory jestem laikem
Jeśli usunołeś pliki zostaw już te rzy kropki wklej nowe logi to zobaczymy. Te wpisy możesz usunąć w programie hijackthis poleceniem fixchecked. Info na temat usuwania wpisów w hijackthis w przyklejonych
problem z logiem z Gmera reset pod koniec pracy probuję jeszcze raz
Zostało
Narazie log z gmera zostaw. Miałes wkleic loga jeszcze z programu silent runners i L2Mfix
Nie wiem czy fix-y zadziałają więc przejdz do klucza i usuwaj ręcznie
Wpisz w uruchom regedit i ok
i usuń z prawokliku myszki
Następny
i usuń z prawokliku myszki
Następny jak już to wal i tego
Do usuwania zobacz czy pójdzie killboxem te pliki
c:\windows\system32_zskwrkni05wsvyicdp^lhwzw`p.exe
c:\windows\system32_zskwrkni05wsvyicdp^lhwzw`p.dll
No i wklej wreście tego loga z programu L2Mfix
L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\artm_newreg]
"DllName"="C:\\Documents and Settings\\All Users\\Dokumenty\\Settings\\artm_new.dll"
"Startup"="artm_newreg"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
"Neostrada TP 6.1"="IEAKFT"
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Karta waciwoci pliku multimedialnego"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ZarzĄdzanie skanerem ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Strona zabezpieczeä NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Strona waciwoci OLE Docfile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Rozszerzenia powoki dla udost©pniania zasob˘w"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL karty graficznej"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL monitora wywietlania"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL kadrowania wywietlania"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Strona zabezpieczeä usugi DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Strona zgodnoci"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Program obsugi danych wycinkowych powoki"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Rozszerzenie Disc Copy"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Rozszerzenia powoki dla obiekt˘w Microsoft Windows Network"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ZarzĄdzanie monitorem ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ZarzĄdzanie drukarkĄ ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Rozszerzenia powoki dla kompresji plik˘w"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Rozszerzenie powoki drukarek sieci Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu kontekstowe szyfrowania"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Akt˘wka"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Rozszerzenie ikony HyperTerminalu"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Strona zabezpieczeä drukarek"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Rozszerzenia powoki dla udost©pniania zasob˘w"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="PoĄczenia sieciowe"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="PoĄczenia sieciowe"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Skanery i aparaty fotograficzne"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Skanery i aparaty fotograficzne"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Skanery i aparaty fotograficzne"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Skanery i aparaty fotograficzne"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Skanery i aparaty fotograficzne"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Rozszerzenia powoki dla hosta skrypt˘w systemu Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Zaplanowane zadania"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Pasek zadaä i menu Start"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Wyszukaj"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsuga techniczna"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Pomoc i obsuga techniczna"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Uruchom..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Czcionki"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Narz©dzia administracyjne"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Strona waciwoci Poprzednie wersje"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Poprzednie wersje"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Pasek narz©dzi programu Microsoft Internet"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Stan pobierania"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Folder powoki zwi©kszonej"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Folder powoki zwi©kszonej 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Pasek przeglĄdarki Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Pasek wyszukiwania"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Wyszukiwanie w okienku"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Wyszukiwanie w sieci Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Narz©dzie opcji drzewa rejestru"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adres"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Pole edycji adresu"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Autouzupenianie Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="Wyodr©bnianie obraz˘w Trident"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Lista autouzupeniania MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Niestandardowa lista autouzupeniania MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Dost©pny"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Pasek podr©czny ledzenia"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lista autouzupeniania historii Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Lista autouzupeniania folderu powoki Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Kontener wielu list autouzupeniania Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu witryny paska powoki"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Pasek pulpitu powoki"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Pomoc dla uľytkownika"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Globalne ustawienia folder˘w"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historia"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Tymczasowe pliki internetowe"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Ekran powitalny pakietu IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Pasek eksploratora"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Folder pami©ci podr©cznej ActiveX"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Folder subskrypcji"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Menedľer aplikacji powoki"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Wyliczanie zainstalowanych aplikacji"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publikator aplikacji Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+program wyodr©bniajĄcy miniatury plik˘w"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Informacje podsumowujĄce obsugi miniatur (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Wyodr©bnianie miniatur HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Kreator publikacji w sieci Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Zamawianie odbitek w sieci Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Obiekt powoki kreatora publikacji"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Kreator uzyskiwania profilu usugi Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Konta uľytkownik˘w"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Plik kanau"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Skr˘t kanau"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Obiekt obsugi kanau"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Folder plik˘w trybu offline"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Do os˘b..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Foldery w sieci Web"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{A4DF5659-0801-4A60-9607-1C48695EFDA9}"="Folder przesyania Share-to-Web"
"{472083B0-C522-11CF-8763-00608CC02F24}"="avast"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:
Ok nie ma rootkita w wpisach winlogon jest tylko to co ci napisałem że masz usunąć w rejestrze
Zobacz tym killboxem czy pójdą pliki i usun to co napisałem z rejestru.
Po usuwaniu nowe log hijackthis silent i Szczególnie Gmer z zakładki rootkit oprócz oczywiście L2MFIX .
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run pomyłkowo usunołem cały RUN i tak samo w
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
co robić
Złączono Posta : 11.07.2006 (Wto) 23:55
Logfile of HijackThis v1.99.1
Scan saved at 23:56:47, on 2006-07-11
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\gmer.exe
C:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)
O4 - HKLM\..\Run: [˙_zskp`wzwhl^pdciyvsw50inkrwksz_] c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.exe
O4 - HKLM\..\RunServices: [˙_zskp`wzwhl^pdciyvsw50inkrwksz_] c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.exe
O4 - HKCU\..\Run: [˙_zskp`wzwhl^pdciyvsw50inkrwksz_] c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151186987468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151187154984
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C54FEF28-13DF-427A-9E3A-3B8D52C8D44B}: NameServer = 194.204.152.34 217.98.63.164
O20 - Winlogon Notify: artm_newreg - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Unknown owner - C:\Program Files\Norton Internet Security\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: COM Host (comHost) - Unknown owner - C:\Program Files\Norton Internet Security\comHost.exe (file missing)
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbscoms.exe
O23 - Service: Usługa Auto-Protect programu Norton AntiVirus (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Usługa Norton Protection Center (NSCService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
"Silent Runners.vbs", revision 46, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"˙_zskp`wzwhl^pdciyvsw50inkrwksz_" = "c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.exe" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"˙_zskp`wzwhl^pdciyvsw50inkrwksz_" = "c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.exe" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PCTools Site Guard"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll" ["PC Tools"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PCTools Browser Monitor"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{A4DF5659-0801-4A60-9607-1C48695EFDA9}" = "Folder przesyłania Share-to-Web"
-> {HKLM...CLSID} = "Folder przesyłania Share-to-Web"
\InProcServer32\(Default) = "C:\Program Files\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL" ["Hewlett-Packard"]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
FineReader8\(Default) = "{F7091C74-EBB1-49D7-94C7-FE4886CCC18D}"
-> {HKLM...CLSID} = "FineReader8ExplorerContextMenuHandler"
\InProcServer32\(Default) = "C:\Program Files\ABBYY FineReader 8.0 Professional Edition\FECMenu.dll" ["ABBYY Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies [Description] {enabled Group Policy setting}:
------------------------------------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoActiveDesktop"=dword:00000001
[disables Active Desktop; removes Web tab from Display Properties|
Desktop (tab)|Customize Desktop... (button)|Desktop Items (window)]
{User Configuration|Administrative Templates|Desktop|Active Desktop|
Disable Active Desktop}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop disabled via Group Policy.
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Idylla.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\sstext3d.scr" [MS]
Dalej siedzi czy użyłes killboxa ?? Bo jak tak to muismy zrobić inne usuwanie
Co do rejestru zobacz ten TEMAT
GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-07-12 00:05:33
Windows 5.1.2600 Dodatek Service Pack 2
---- Devices - GMER 1.0.10 ----
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 84022008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 84022008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSEIRP_MJ_READ 84022008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 84022008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 84022008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 84022008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 84022008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 84022008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 84022008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 84022008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 84022008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 84022008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 84022008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 84022008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 84022008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 84022008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 84022008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 84022008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 84022008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 84022008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 84022008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 84022008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 84022008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 84022008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 84022008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 84022008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 84022008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP_POWER 84022008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 84022008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 84022008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSEIRP_MJ_READ 84022008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 84022008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 84022008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 84022008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 84022008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 84022008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 84022008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 84022008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 84022008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 84022008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 84022008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 84022008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 84022008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 84022008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 84022008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 84022008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 84022008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 84022008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 84022008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 84022008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 84022008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 84022008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 84022008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 84022008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 84022008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP_POWER 84022008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 84034F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 84034F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSEIRP_MJ_READ 84034F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 84034F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 84034F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 84034F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 84034F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 84034F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 84034F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 84034F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 84034F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 84034F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 84034F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 84034F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 84034F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 84034F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 84034F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 84034F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 84034F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 84034F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 84034F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 84034F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 84034F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 84034F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 84034F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 84034F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 84034F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP_POWER 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_NAMED_PIPE 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSEIRP_MJ_READ 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_WRITE 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_INFORMATION 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_INFORMATION 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_EA 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_EA 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FLUSH_BUFFERS 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_VOLUME_INFORMATION 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_VOLUME_INFORMATION 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DIRECTORY_CONTROL 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FILE_SYSTEM_CONTROL 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_LOCK_CONTROL 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLEANUP 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_MAILSLOT 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_SECURITY 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_SECURITY 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CHANGE 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_QUOTA 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_QUOTA 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP_POWER 84034F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 84034F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 84034F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSEIRP_MJ_READ 84034F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 84034F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 84034F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 84034F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 84034F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 84034F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 84034F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 84034F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 84034F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 84034F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 84034F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 84034F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 84034F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 84034F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 84034F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 84034F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 84034F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 84034F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 84034F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 84034F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 84034F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 84034F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 84034F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 84034F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 84034F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP_POWER 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_NAMED_PIPE 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLOSEIRP_MJ_READ 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_WRITE 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_INFORMATION 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_INFORMATION 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_EA 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_EA 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_FLUSH_BUFFERS 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_VOLUME_INFORMATION 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_VOLUME_INFORMATION 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DIRECTORY_CONTROL 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_FILE_SYSTEM_CONTROL 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CONTROL 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SHUTDOWN 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_LOCK_CONTROL 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLEANUP 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_MAILSLOT 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_SECURITY 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_SECURITY 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_POWER 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SYSTEM_CONTROL 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CHANGE 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_QUOTA 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_QUOTA 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_PNP 84034F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_PNP_POWER 84034F00
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_CLOSEIRP_MJ_READ 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_WRITE 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_SET_INFORMATION 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_EA 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_SET_EA 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_SHUTDOWN 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_CLEANUP 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_SET_SECURITY 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_POWER 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_SET_QUOTA 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_PNP 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_PNP_POWER 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_CREATE 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_CREATE_NAMED_PIPE 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_CLOSEIRP_MJ_READ 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_WRITE 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_QUERY_INFORMATION 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_SET_INFORMATION 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_QUERY_EA 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_SET_EA 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_FLUSH_BUFFERS 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_QUERY_VOLUME_INFORMATION 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_SET_VOLUME_INFORMATION 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_DIRECTORY_CONTROL 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_FILE_SYSTEM_CONTROL 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_DEVICE_CONTROL 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_SHUTDOWN 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_LOCK_CONTROL 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_CLEANUP 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_CREATE_MAILSLOT 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_QUERY_SECURITY 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_SET_SECURITY 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_POWER 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_SYSTEM_CONTROL 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_DEVICE_CHANGE 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_QUERY_QUOTA 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_SET_QUOTA 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_PNP 8400E008
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_PNP_POWER 8400E008
---- Processes - GMER 1.0.10 ----
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe [152] 0x00EA0000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\WINDOWS\system32\csrss.exe [524] 0x01110000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\WINDOWS\SYSTEM32\winlogon.exe [548] 0x01360000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\WINDOWS\system32\services.exe [592] 0x00A60000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\WINDOWS\system32\lsass.exe [604] 0x00B40000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\WINDOWS\system32\svchost.exe [760] 0x00A30000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\WINDOWS\system32\svchost.exe [808] 0x00B80000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\WINDOWS\System32\svchost.exe [844] 0x013C0000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\WINDOWS\system32\svchost.exe [912] 0x00990000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\WINDOWS\system32\svchost.exe [968] 0x00710000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\WINDOWS\system32\spoolsv.exe [1044] 0x01010000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [1168] 0x003E0000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\Program Files\Alwil Software\Avast4\ashServ.exe [1180] 0x017A0000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\Program Files\Spyware Doctor\sdhelp.exe [1272] 0x00E70000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\WINDOWS\system32\svchost.exe [1336] 0x00AE0000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\WINDOWS\system32\wdfmgr.exe [1352] 0x006B0000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\WINDOWS\Explorer.EXE [1656] 0x00F90000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\WINDOWS\system32\VTTimer.exe [1884] 0x003E0000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\PROGRA~1\NEOSTR~1\CnxMon.exe [1896] 0x003F0000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [1904] 0x00D60000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [1924] 0x00F30000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [1952] 0x003F0000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [1960] 0x01400000 <-- ROOTKIT !
Process C:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.exe ( ***hidden*** ) 1992 <-- ROOTKIT !
Library C:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.exe ( ***hidden*** ) @ C:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.exe [1992] 0x00400000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.exe [1992] 0x10000000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe [1996] 0x01030000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\Program Files\QuickTime\qttask.exe [2016] 0x00D10000 <-- ROOTKIT !
Process C:\WINDOWS\SYSTEM32\findstr.exe ( ***hidden*** ) 3292 <-- ROOTKIT !
Process C:\WINDOWS\system32\cmd.exe ( ***hidden*** ) 3484 <-- ROOTKIT !
Process cmd.exe ( ***hidden*** ) 3968 <-- ROOTKIT !
---- Modules - GMER 1.0.10 ----
Module _________ F745F000
---- Registry - GMER 1.0.10 ----
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@?_zskp`wzwhl^pdciyvsw50inkrwksz_ c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.exe
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices@?_zskp`wzwhl^pdciyvsw50inkrwksz_ c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.exe
Reg \Registry\USER\S-1-5-21-789336058-1682526488-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run@?_zskp`wzwhl^pdciyvsw50inkrwksz_ c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.exe
---- Files - GMER 1.0.10 ----
File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File C:\System Volume Information\_restore{3F1FC80D-DA9B-4089-9749-F5FB23DAB24E}
File C:\System Volume Information\_restore{DAEFAA36-5989-44B1-8AB6-A8BFFD6B89C5}
File C:\WINDOWS\system32\_zskwrkni05S`MR[IPV_G`[`KXL.dll
File C:\WINDOWS\system32\_zskwrkni05S`MR[IPV_G`[`KXL.exe
File C:\WINDOWS\system32\_zskwrkni05WSVYICDP^LHWZW`P.dll
File E:\System Volume Information\MountPointManagerRemoteDatabase
File E:\System Volume Information\tracking.log
File E:\System Volume Information\_restore{3F1FC80D-DA9B-4089-9749-F5FB23DAB24E}
File E:\System Volume Information\_restore{888D7EFA-6EF1-40E4-A7F8-FC229C4D956B}
File E:\System Volume Information\_restore{DAEFAA36-5989-44B1-8AB6-A8BFFD6B89C5}
File F:\System Volume Information\MountPointManagerRemoteDatabase
File F:\System Volume Information\tracking.log
File F:\System Volume Information\_restore{3F1FC80D-DA9B-4089-9749-F5FB23DAB24E}
File F:\System Volume Information\_restore{888D7EFA-6EF1-40E4-A7F8-FC229C4D956B}
File F:\System Volume Information\_restore{DAEFAA36-5989-44B1-8AB6-A8BFFD6B89C5}
---- EOF - GMER 1.0.10 ----
[/code]
[color=darkblue][size=75]Złączono Posta: 12.07.2006 (Sro) 0:08[/size][/color]
wpis w" winlogon :usunołem ato"Zobacz tym killboxem czy pójdą pliki i usun to co napisałem z rejestru. "jakie pliki mam tym killboxem usunąć?a z rejestru usunołem ceły run
Ok zrób tak. Bedziesz miał 2 metody jeśli gmer zawiedzie
Wchodzisz do Gmer-a i w zakładce cmd wlejasz
wybierasz regedit i wklejasz
Następnie przechodzisz do funckji zabij wszystko potem z powrotem do cmd i dla każdego z osobna cmd i regedit wybierasz uruchom. restart kompa
Metoda druga to konsola zobacz jak uruchomić KONSOLĘ
Te same komendy wpisujesz w konsoli tylko przed tym zrób fix.
Otwórz notatnik i wklej w nim to
Następnie plik zapisz jako , Zmień rozszerzenie z TXT na Wszystkie pliki i pod nazwą fix.reg. Po usuwaniu plików w konsoli przechodziśz do trybu awaryjnego i urucho plik fiz.reg.
Po wszystkim nowe logi do kontroli mam nadzieje że pójdzie.
EDIT Miałeś zobaczyś czy usuniesz pliki killboxem podałem ci ścieżke i sposób usuwania.
Współpracuj zemną i czytaj co pisze bo będzie to najdłuższy temt w historii DD. To jest ciężki syf i pomagaj mi to usuwać odpawiadając na to co pisze