Nie mozna znalesc pliku...,nie otwieraja sie zdjcia itp

trelemorele18 · 30 Czerwiec 2007 22:04

Logfile of HijackThis v1.99.1 Scan saved at 00:03:33, on 2007-07-01 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Video ActiveX Access\iesmn.exe C:\Program Files\Video ActiveX Access\imsmain.exe C:\Program Files\Video ActiveX Access\iesmin.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\VirusProtectPro 3.3\VirusProtectPro 3.3.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\System32\WScript.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\mateo\USTAWI~1\Temp\Rar$EX00.375\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: (no name) - {184746EC-9E9D-4C7D-B9E7-9039EBD801A9} - C:\Program Files\Video ActiveX Access\iesplg.dll O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Video ActiveX Access\iesbpl.dll O4 - HKLM…\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip…{D22403B2-D219-4FEF-98C8-E9CE43316C7B}: NameServer = 10.0.0.2 O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++} “user32.dll” = “C:\Program Files\Video ActiveX Access\iesmn.exe” [null data] “rare” = “C:\Program Files\Video ActiveX Access\imsmain.exe” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “!AVG Anti-Spyware” = ““C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized” [“GRISOFT s.r.o.”] “QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {184746EC-9E9D-4C7D-B9E7-9039EBD801A9}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Video ActiveX Access\iesplg.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{A5110426-177D-4e08-AB3F-785F10B4439C}” = “Sony Ericsson File Manager” -> {HKLM…CLSID} = “Sony Ericsson File Manager” \InProcServer32(Default) = “C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll” [“Sony Ericsson Mobile Communications AB”] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” -> {HKLM…CLSID} = “RealOne Player Context Menu Class” \InProcServer32(Default) = “C:\Program Files\Real Alternative\rpshell.dll” [“RealNetworks, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\ <> “{94524218-9af3-4643-9687-cbc2880e54da}” = “fagging” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nuqjici.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “AVG Anti-Spyware 7.5” -> {HKLM…CLSID} = “CShellExecuteHookImpl Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [“GRISOFT s.r.o.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“GRISOFT s.r.o.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“GRISOFT s.r.o.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “DisableRegistryTools” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\mateo\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00}” -> {HKLM…CLSID} = “Protection Bar” \InProcServer32(Default) = “C:\Program Files\Video ActiveX Access\iesbpl.dll” [null data] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00}” = (no title provided) -> {HKLM…CLSID} = “Protection Bar” \InProcServer32(Default) = “C:\Program Files\Video ActiveX Access\iesbpl.dll” [null data] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00}(Default) = “Protection Bar” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\Program Files\Video ActiveX Access\iesbpl.dll” [null data] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe” [“GRISOFT s.r.o.”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 38 seconds, including 2 seconds for message boxes)

Agaton · 1 Lipiec 2007 04:59

trelemorele18

Ważny komunikat dotyczący tytułowania tematów

Przedstaw powód założenia tematu - tytuł “trojan” niewiele tu mówi.

Opisz problem zgodnie z cytowanym zaleceniem - w przeciwnym wypadku temat może zaliczyć Kosz.

system · 1 Lipiec 2007 07:21

W trybie awaryjnym zastosuj narzędzie SmitFraudFix w opcji 2.

Wklejasz nowe logi + log z SmitFraudFix.

trelemorele18 · 4 Lipiec 2007 23:07

jak moge bardziej opisac … po prostu mam trojana i miesa mi w kompie ni jak go uunac nie moge, teraz nie mam pulpitu i nie moge oworzyc zadnego zdjecia, przy tarcie systemu niektore programy otwieraja mi sie podwojnie np gg. Co mam robic ? wkleic jakies logi ?

aha jeszcze jak wlaczam kompa to mi pisze ze nie moze znalesc jakis tam plików :?

qrczak13 · 4 Lipiec 2007 23:26

Po wykonaniu w/w daj log z ComboFix oraz zawartość pliku c:\rapport.txt.

asterisk · 4 Lipiec 2007 23:27

Jakich plików

BTW

Byłeś o coś proszony:x

trelemorele18 · 5 Lipiec 2007 07:04

"system windows ni moze odnalesc pliku “’ (i tu sa takie cztery kwadraciki’”

“Nie mozna załadowac lub uruchomic w rejestrze pliku “te cztery kwadraciki” Upewnij sie ze plik istnieje na tym komp badz usun odwołanie do niego w rejestrze” to sa komunikatyz pulpitu wyskakuje jeszcze jeden ale zazwy tego pliku nie potrafie przepisać jest tam mnostwo tych kwadracików i jakis dziwnych znaczkow tylko tym razem to nie jest raport z pulpitu.

“mateo” - 2007-07-05 8:57:28 - ComboFix 07-07-04.4 - Dodatek Service Pack 2 ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\ALLUSE~1\DANEAP~1.\TEMP ((((((((((((((((((((((((( Files Created from 2007-06-05 to 2007-07-05 ))))))))))))))))))))))))))))))) 2007-07-05 08:50 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-07-05 08:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-07-05 08:50 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-07-05 00:30 42,743 --a------ C:\WINDOWS\mssadv.dll 2007-07-01 15:52 450 --a------ C:\WINDOWS\system32\tmp.reg 2007-06-20 21:01 2007-06-18 21:53 2007-06-18 21:52 2007-06-18 21:52 2007-06-18 15:20 2007-06-18 15:19 2007-06-18 15:19 2007-06-17 13:27 2007-06-17 13:27 2007-06-17 13:26 2007-06-17 13:26 2007-06-17 13:26 2007-06-17 13:26 2007-06-17 13:25 6,144 --a------ C:\WINDOWS\system32\drivers\k750cm.sys 2007-06-17 13:25 5,744 --a------ C:\WINDOWS\system32\drivers\k750wh.sys 2007-06-17 13:25 2007-06-17 13:25 2007-06-15 14:54 2007-06-14 23:20 2007-06-14 23:17 569,344 -ra------ C:\WINDOWS\system32\imagr5.dll 2007-06-14 23:17 544,768 -ra------ C:\WINDOWS\system32\imagx5.dll 2007-06-14 23:17 38,912 -ra------ C:\WINDOWS\system32\picn20.dll 2007-06-14 23:17 283,920 -ra------ C:\WINDOWS\system32\ImagXpr5.dll 2007-06-14 23:17 155,648 -ra------ C:\WINDOWS\system32\NeroCheck.exe 2007-06-14 23:17 2007-06-14 23:17 2007-06-13 18:46 2007-06-12 22:18 2007-06-12 22:18 2007-06-12 18:32 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-06-12 18:32 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-06-12 18:32 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-06-12 18:31 77,312 --a------ C:\WINDOWS\system32\usbui.dll 2007-06-12 18:31 524,567 --a------ C:\WINDOWS\system32\ati3d1ag.dll 2007-06-12 18:31 516,768 --a------ C:\WINDOWS\system32\ativvaxx.dll 2007-06-12 18:31 385,152 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-06-12 18:31 229,376 --a------ C:\WINDOWS\system32\ati2cqag.dll 2007-06-12 18:31 215,040 --a------ C:\WINDOWS\system32\ati2dvag.dll 2007-06-12 18:31 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys 2007-06-12 18:31 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll 2007-06-12 18:29 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL 2007-06-12 18:29 9,168 --a------ C:\WINDOWS\system\VER.DLL 2007-06-12 18:29 85,532 --a------ C:\WINDOWS\system32\dgsetup.dll 2007-06-12 18:29 83,456 --a------ C:\WINDOWS\system\OLECLI.DLL 2007-06-12 18:29 8,704 --a------ C:\WINDOWS\system32\batt.dll 2007-06-12 18:29 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll 2007-06-12 18:29 75,776 --a------ C:\WINDOWS\system32\storprop.dll 2007-06-12 18:29 70,144 --a------ C:\WINDOWS\NOTEPAD.EXE 2007-06-12 18:29 70,096 --a------ C:\WINDOWS\system\AVICAP.DLL 2007-06-12 18:29 7,168 --a------ C:\WINDOWS\system32\kbdcz.dll 2007-06-12 18:29 69,552 --a------ C:\WINDOWS\system\MMSYSTEM.DLL 2007-06-12 18:29 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll 2007-06-12 18:29 6,656 --a------ C:\WINDOWS\system32\kbdycl.dll 2007-06-12 18:29 6,656 --a------ C:\WINDOWS\system32\kbdsl1.dll 2007-06-12 18:29 6,656 --a------ C:\WINDOWS\system32\kbdsl.dll 2007-06-12 18:29 6,656 --a------ C:\WINDOWS\system32\kbdhu.dll 2007-06-12 18:29 6,656 --a------ C:\WINDOWS\system32\kbdcz2.dll 2007-06-12 18:29 6,656 --a------ C:\WINDOWS\system32\kbdcz1.dll 2007-06-12 18:29 6,656 --a------ C:\WINDOWS\system32\kbdcr.dll 2007-06-12 18:29 6,656 --a------ C:\WINDOWS\system32\KBDAL.DLL 2007-06-12 18:29 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll 2007-06-12 18:29 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll 2007-06-12 18:29 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll 2007-06-12 18:29 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll 2007-06-12 18:29 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll 2007-06-12 18:29 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll 2007-06-12 18:29 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll 2007-06-12 18:29 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll 2007-06-12 18:29 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll 2007-06-12 18:29 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll 2007-06-12 18:29 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll 2007-06-12 18:29 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll 2007-06-12 18:29 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll 2007-06-12 18:29 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll 2007-06-12 18:29 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll 2007-06-12 18:29 5,632 --a------ C:\WINDOWS\system32\kbdro.dll 2007-06-12 18:29 5,632 --a------ C:\WINDOWS\system32\kbdhu1.dll 2007-06-12 18:29 5,120 --a------ C:\WINDOWS\system\SHELL.DLL 2007-06-12 18:29 33,376 --a------ C:\WINDOWS\system\COMMDLG.DLL 2007-06-12 18:29 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-06-12 18:29 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL 2007-06-12 18:29 19,200 --a------ C:\WINDOWS\system\TAPI.DLL 2007-06-12 18:29 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll 2007-06-12 18:29 15,360 --a------ C:\WINDOWS\TASKMAN.EXE 2007-06-12 18:29 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-06-12 18:29 127,008 --a------ C:\WINDOWS\system\MSVIDEO.DLL 2007-06-12 18:29 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys 2007-06-12 18:29 109,488 --a------ C:\WINDOWS\system\AVIFILE.DLL 2007-06-12 18:29 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll 2007-06-12 18:29 2007-06-12 18:29 2007-06-12 18:29 2007-06-12 18:29 2007-06-12 18:29 2007-06-12 18:29 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-12 14:47:19 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-06-12 14:47:19 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-06-12 14:40:30 -------- d-----w C:\Program Files\Usługi online ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-14 18:54] “mssadv.exe”="?" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 16:36] “mssadv.exe”="" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [2007-05-30 14:29] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA] atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare] “C:\Program Files\BearShare\BearShare.exe” /pause [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HydarVisionDesktopManager] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] “C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-05 08:58:16 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-05 8:58:44 — E O F —

macie jeszcze to moze sie pzyda

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”] “mssadv.exe” = “(empty string)” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “!AVG Anti-Spyware” = ““C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized” [“GRISOFT s.r.o.”] “mssadv.exe” = “***” (unwritable string) [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{A5110426-177D-4e08-AB3F-785F10B4439C}” = “Sony Ericsson File Manager” -> {HKLM…CLSID} = “Sony Ericsson File Manager” \InProcServer32(Default) = “C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll” [“Sony Ericsson Mobile Communications AB”] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” -> {HKLM…CLSID} = “RealOne Player Context Menu Class” \InProcServer32(Default) = “C:\Program Files\Real Alternative\rpshell.dll” [“RealNetworks, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “AVG Anti-Spyware 7.5” -> {HKLM…CLSID} = “CShellExecuteHookImpl Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [“GRISOFT s.r.o.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“GRISOFT s.r.o.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“GRISOFT s.r.o.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe” [“GRISOFT s.r.o.”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 28 seconds, including 2 seconds for message boxes)

Gutek · 5 Lipiec 2007 10:05

Ściągnij The Avenger,

wypakuj > uruchom > Input script manually > klikasz w lupkę > w nowo otwartym oknie wklejasz:

Po wklejeniu > Done > klik na zielone światło > ok i restart. Po restarcie wchodzisz do The Avenger i wklejasz raport C:\avenger.txt

trelemorele18 · 5 Lipiec 2007 12:04

wyskoczył mi taki bład : “syntax error in line - does not appear to be a valid registry path. Line will be ignored”

////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Syntax error in line — does not appear to be a valid registry path. Line will be ignored. Error code: 1813 Line: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" | "mssadv.exe ////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\gsmrbtwq ******************* Script file located at: ??\C:\WINDOWS\system32\fmkxgcpq.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\mssadv.dll deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|mssadv.exe deleted successfully. Completed script processing. ******************* Finished! Terminate.

Gutek · 5 Lipiec 2007 15:54

Daj nowy log z Combofix-a

trelemorele18 · 5 Lipiec 2007 16:02

“mateo” - 2007-07-05 17:59:49 - ComboFix 07-07-04.4 - Dodatek Service Pack 2 ((((((((((((((((((((((((( Files Created from 2007-06-05 to 2007-07-05 ))))))))))))))))))))))))))))))) 2007-07-05 08:50 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-07-05 08:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-07-05 08:50 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-07-01 15:52 450 --a------ C:\WINDOWS\system32\tmp.reg 2007-06-20 21:01 2007-06-18 21:53 2007-06-18 21:52 2007-06-18 21:52 2007-06-18 15:20 2007-06-18 15:19 2007-06-18 15:19 2007-06-17 13:27 2007-06-17 13:27 2007-06-17 13:26 2007-06-17 13:26 2007-06-17 13:26 2007-06-17 13:26 2007-06-17 13:25 6,144 --a------ C:\WINDOWS\system32\drivers\k750cm.sys 2007-06-17 13:25 5,744 --a------ C:\WINDOWS\system32\drivers\k750wh.sys 2007-06-17 13:25 2007-06-17 13:25 2007-06-15 14:54 2007-06-14 23:20 2007-06-14 23:17 569,344 -ra------ C:\WINDOWS\system32\imagr5.dll 2007-06-14 23:17 544,768 -ra------ C:\WINDOWS\system32\imagx5.dll 2007-06-14 23:17 38,912 -ra------ C:\WINDOWS\system32\picn20.dll 2007-06-14 23:17 283,920 -ra------ C:\WINDOWS\system32\ImagXpr5.dll 2007-06-14 23:17 155,648 -ra------ C:\WINDOWS\system32\NeroCheck.exe 2007-06-14 23:17 2007-06-14 23:17 2007-06-13 18:46 2007-06-12 22:18 2007-06-12 22:18 2007-06-12 18:32 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-06-12 18:32 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-06-12 18:32 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-06-12 18:31 77,312 --a------ C:\WINDOWS\system32\usbui.dll 2007-06-12 18:31 524,567 --a------ C:\WINDOWS\system32\ati3d1ag.dll 2007-06-12 18:31 516,768 --a------ C:\WINDOWS\system32\ativvaxx.dll 2007-06-12 18:31 385,152 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-06-12 18:31 229,376 --a------ C:\WINDOWS\system32\ati2cqag.dll 2007-06-12 18:31 215,040 --a------ C:\WINDOWS\system32\ati2dvag.dll 2007-06-12 18:31 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys 2007-06-12 18:31 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll 2007-06-12 18:29 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL 2007-06-12 18:29 9,168 --a------ C:\WINDOWS\system\VER.DLL 2007-06-12 18:29 85,532 --a------ C:\WINDOWS\system32\dgsetup.dll 2007-06-12 18:29 83,456 --a------ C:\WINDOWS\system\OLECLI.DLL 2007-06-12 18:29 8,704 --a------ C:\WINDOWS\system32\batt.dll 2007-06-12 18:29 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll 2007-06-12 18:29 75,776 --a------ C:\WINDOWS\system32\storprop.dll 2007-06-12 18:29 70,144 --a------ C:\WINDOWS\NOTEPAD.EXE 2007-06-12 18:29 70,096 --a------ C:\WINDOWS\system\AVICAP.DLL 2007-06-12 18:29 7,168 --a------ C:\WINDOWS\system32\kbdcz.dll 2007-06-12 18:29 69,552 --a------ C:\WINDOWS\system\MMSYSTEM.DLL 2007-06-12 18:29 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll 2007-06-12 18:29 6,656 --a------ C:\WINDOWS\system32\kbdycl.dll 2007-06-12 18:29 6,656 --a------ C:\WINDOWS\system32\kbdsl1.dll 2007-06-12 18:29 6,656 --a------ C:\WINDOWS\system32\kbdsl.dll 2007-06-12 18:29 6,656 --a------ C:\WINDOWS\system32\kbdhu.dll 2007-06-12 18:29 6,656 --a------ C:\WINDOWS\system32\kbdcz2.dll 2007-06-12 18:29 6,656 --a------ C:\WINDOWS\system32\kbdcz1.dll 2007-06-12 18:29 6,656 --a------ C:\WINDOWS\system32\kbdcr.dll 2007-06-12 18:29 6,656 --a------ C:\WINDOWS\system32\KBDAL.DLL 2007-06-12 18:29 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll 2007-06-12 18:29 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll 2007-06-12 18:29 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll 2007-06-12 18:29 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll 2007-06-12 18:29 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll 2007-06-12 18:29 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll 2007-06-12 18:29 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll 2007-06-12 18:29 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll 2007-06-12 18:29 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll 2007-06-12 18:29 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll 2007-06-12 18:29 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll 2007-06-12 18:29 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll 2007-06-12 18:29 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll 2007-06-12 18:29 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll 2007-06-12 18:29 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll 2007-06-12 18:29 5,632 --a------ C:\WINDOWS\system32\kbdro.dll 2007-06-12 18:29 5,632 --a------ C:\WINDOWS\system32\kbdhu1.dll 2007-06-12 18:29 5,120 --a------ C:\WINDOWS\system\SHELL.DLL 2007-06-12 18:29 33,376 --a------ C:\WINDOWS\system\COMMDLG.DLL 2007-06-12 18:29 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-06-12 18:29 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL 2007-06-12 18:29 19,200 --a------ C:\WINDOWS\system\TAPI.DLL 2007-06-12 18:29 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll 2007-06-12 18:29 15,360 --a------ C:\WINDOWS\TASKMAN.EXE 2007-06-12 18:29 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-06-12 18:29 127,008 --a------ C:\WINDOWS\system\MSVIDEO.DLL 2007-06-12 18:29 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys 2007-06-12 18:29 109,488 --a------ C:\WINDOWS\system\AVIFILE.DLL 2007-06-12 18:29 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll 2007-06-12 18:29 2007-06-12 18:29 2007-06-12 18:29 2007-06-12 18:29 2007-06-12 18:29 2007-06-12 18:29 2007-06-12 18:29 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-12 14:47:19 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-06-12 14:47:19 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-06-12 14:40:30 -------- d-----w C:\Program Files\Usługi online ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-14 18:54] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 16:36] “mssadv.exe”="" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [2007-05-30 14:29] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA] atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare] “C:\Program Files\BearShare\BearShare.exe” /pause [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HydarVisionDesktopManager] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] “C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-05 18:00:45 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-05 18:01:20 C:\ComboFix2.txt … 2007-07-05 08:58 — E O F —

Gutek · 5 Lipiec 2007 16:17

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Dokończyć skanerami online - Skanery do wyboru

Optymalizacja XP: http://forum.dobreprogramy.pl/viewtopic.php?t=76580

trelemorele18 · 5 Lipiec 2007 17:20

wszystko wyczysciłem tempy itd przekanowałem kompa-czysty ale nadal nie działa mi Podgląd obrazów i faksów systemu Win. Nie moge otworzyc zadnego pliku jpg.

aaa jak wybrałem na slepo jakis pulpit to wokol ikonek mam niebieskie otoczki :shock:

qrczak13 · 5 Lipiec 2007 21:33

Spróbuj:

Narzędzia > opcje > typy plików > szukasz jpg > podświetlasz > zmień > i wybierz podgląd obrazów…

prawym na mój komp > właściwości > zaawansowane > wydajność > ustawienia > efekty wizualne > zaznacz użyj cieni dla etykiet ikon pulpitu