OlaStunia
(Olastunia)
24 Październik 2007 14:22
#1
Dzisiaj po włączeniu komputera pojawił mi się błąd temp2.exe:
“Wystąpił problem z aplikacją temp2.exe i zostanie ona zamknięta…”
Z tego co czytałam, są to “jakieś” pozostałości po podpięciu zainfekowanego pendriva… :? Proszę o pomoc. . .
Log z HJT:
Logfile of HijackThis v1.99.1 Scan saved at 16:06:10, on 2007-10-24 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE D:\avast\instalki\aswUpdSv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe D:\avast\instalki\ashDisp.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\NEOSTR~1\taskbaricon.exe D:\instalki\Deamon tools\daemon.exe C:\WINDOWS\system32\temp1.exe D:\instalki\ZoneAlarm\zlclient.exe C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe C:\PROGRA~1\NEOSTR~1\ComComp.exe C:\PROGRA~1\NEOSTR~1\Watch.exe D:\instalki\Mozilla\firefox.exe C:\Documents and Settings\Ola\Pulpit\Programy\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O4 - HKLM…\Run: [avast!] D:\avast\instalki\ashDisp.exe O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe O4 - HKLM…\Run: [DAEMON Tools-1033] “D:\instalki\Deamon tools\daemon.exe” -lang 1033 O4 - HKCU…\Run: [Odkurzacz-QC] D:\Odkurzacz\Odkurzacz\odk_qc.exe O4 - Startup: Skrót do zonealarm.lnk = D:\instalki\ZoneAlarm\zonealarm.exe O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll ,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip…{4953CE86-3902-4F51-B310-4EB58CF5195F}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip…{4953CE86-3902-4F51-B310-4EB58CF5195F}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\avast\instalki\aswUpdSv.exe O23 - Service: avast! Mail Scanner - Unknown owner - D:\avast\instalki\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - D:\avast\instalki\ashWebSv.exe" /service (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Log z Silent Runners:
“Silent Runners.vbs”, revision R51, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Odkurzacz-QC” = “D:\Odkurzacz\Odkurzacz\odk_qc.exe” [“Franmo Software”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “avast!” = “D:\avast\instalki\ashDisp.exe” [“ALWIL Software”] “WooCnxMon” = “C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [empty string] “SpeedTouch USB Diagnostics” = ““C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon” [“THOMSON Telecom Belgium”] “WOOWATCH” = “C:\PROGRA~1\NEOSTR~1\Watch.exe” [“France Télécom R&D”] “WOOTASKBARICON” = “C:\PROGRA~1\NEOSTR~1\taskbaricon.exe” [“France Télécom R&D”] “DAEMON Tools-1033” = ““D:\instalki\Deamon tools\daemon.exe” -lang 1033” [“DAEMON’S HOME”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “Adobe PDF Reader Link Helper” \InProcServer32(Default) = “C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Eksplorator pulpitów” -> {HKLM…CLSID} = “Eksplorator pulpitów” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{D9872D13-7651-4471-9EEE-F0A00218BEBB}” = “Multiscan” -> {HKLM…CLSID} = “ZLAVShExt Class” \InProcServer32(Default) = “D:\instalki\ZoneAlarm\zlavscan.dll” [“Zone Labs, LLC”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “D:\avast\instalki\ashShell.dll” [“ALWIL Software”] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}” -> {HKLM…CLSID} = “WPDShServiceObj Class” \InProcServer32(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll” [MS] HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <> “load” = “C:\WINDOWS\svchost.exe” [empty string] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “D:\avast\instalki\ashShell.dll” [“ALWIL Software”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] ZLAVShExt(Default) = “{D9872D13-7651-4471-9EEE-F0A00218BEBB}” -> {HKLM…CLSID} = “ZLAVShExt Class” \InProcServer32(Default) = “D:\instalki\ZoneAlarm\zlavscan.dll” [“Zone Labs, LLC”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “D:\avast\instalki\ashShell.dll” [“ALWIL Software”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] ZLAVShExt(Default) = “{D9872D13-7651-4471-9EEE-F0A00218BEBB}” -> {HKLM…CLSID} = “ZLAVShExt Class” \InProcServer32(Default) = “D:\instalki\ZoneAlarm\zlavscan.dll” [“Zone Labs, LLC”] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “NoSharedDocuments” = (REG_DWORD) hex:0x00000001 {User Configuration|Administrative Templates|Windows Components|Windows Explorer| Remove Shared Documents from My Computer} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} “NoInternetOpenWith” = (REG_DWORD) hex:0x00000001 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Ola\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Startup items in “Ola” & “All Users” startup folders: ----------------------------------------------------- C:\Documents and Settings\Ola\Menu Start\Programy\Autostart “Skrót do zonealarm” -> shortcut to: “D:\instalki\ZoneAlarm\zonealarm.exe” [“Zone Labs, LLC”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = “ToolBand Class” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {E2E2DD38-D088-4134-82B7-F2BA38496583}\ “MenuText” = “@xpsp3res.dll ,-20001” “Exec” = “%windir%\Network Diagnostic\xpnetdiag.exe” [MS] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <> “{08C06D61-F1F3-4799-86F8-BE1A89362C85}” = (no title provided) -> {HKLM…CLSID} = “Search Class” \InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL” [empty string] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! iAVS4 Control Service, aswUpdSv, ““D:\avast\instalki\aswUpdSv.exe”” [“ALWIL Software”] NVIDIA Driver Helper Service, NVSvc, “C:\WINDOWS\System32\nvsvc32.exe” [“NVIDIA Corporation”] TrueVector Internet Monitor, vsmon, “C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service” [“Zone Labs, LLC”] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzsnt05\Driver = “hpzsnt05.dll” [“HP”] ---------- (launch time: 2007-10-24 16:14:31) <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 44 seconds. ---------- (total run time: 201 seconds)
LostWorld
(LostWorld)
24 Październik 2007 14:34
#2
Tak to infekcja z pena , należało by sformatować ale jak włożysz to infekcja pojawi się znowu.
Combofix
powinien to usunąć
Opis użycia ComboFix jest na tej stronie z linku.
Log może być długi, więc zapisz go sobie gdzieś, a potem wklej na http://wklej.org/ , a tu daj tylko link.
Nie wiem jak to jest w praktyce bo nigdy nie miałem takiej infekcji więc…
Proponuję program PRT dostępny do pobrania tutaj :
http://www.searchengines.pl/index.php?s … ntry428224
Wtedy infekcja powinna być usuwana automatycznie przy włożonym pendrive i z dysku , ale tak jak już mówiłem nigdy nie miałem tej infekcji więc moja wiedza ogranicza się do tej rady.
jessica
(jessica)
24 Październik 2007 15:04
#4
Wklej do Notatnika :
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e46f3c7-80c3-11dc-80af-000e50e7460f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b643feaa-427a-11dc-9125-806d6172696f}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b643feab-427a-11dc-9125-806d6172696f}]
>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )
– podobnie jak na tym obrazku –>
(jeśli pojawi się pytanie " 1 or 2 " - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: * * Qoobox**.
Daj ten log do kontroli.
jessi
OlaStunia
(Olastunia)
24 Październik 2007 15:29
#5
Zrobiłam wszystko po kolei, oto log:
ComboFix 07-10-23.2 - Ola 2007-10-24 17:19:39.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.45 [GMT 2:00] Running from: C:\Documents and Settings\Ola\Pulpit\ComboFix.exe Command switches used :: C:\Documents and Settings\Ola\Pulpit\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-09-24 to 2007-10-24 ))))))))))))))))))))))))))))))) . 2007-10-24 16:44 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-24 16:41 2007-10-24 15:51 2007-10-22 18:46 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys 2007-10-22 18:46 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys 2007-10-21 21:18 2007-10-21 21:14 2007-10-21 21:14 2007-10-20 18:41 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll 2007-10-18 18:55 2007-10-16 17:36 2007-10-16 17:35 2007-10-14 10:12 2007-10-14 10:11 2007-10-10 15:25 2007-10-10 15:25 2007-10-10 15:24 2007-10-10 15:22 2007-10-07 10:25 2007-10-07 10:25 71,539 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys 2007-09-30 00:11 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-20 12:23 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-09-30 14:40 --------- d-----w C:\Program Files\Winamp 2007-09-30 11:34 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\Skype 2007-09-25 14:45 --------- d-----w C:\Program Files\Common Files\GraphBoard 2.50 2007-09-22 17:47 --------- d-----w C:\Program Files\ReflexiveArcade 2007-09-22 12:10 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll 2007-09-21 21:17 25,992 ----a-w C:\WINDOWS\system32\pgdfgsvc.exe 2007-09-13 19:37 --------- d-----w C:\Program Files\SkanerOnline 2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr 2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-09-05 09:12 --------- d-----w C:\Program Files\Common Files\Adobe 2007-09-04 07:12 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\Corel 2007-09-04 06:31 --------- d-----w C:\Program Files\Corel 2007-09-03 09:53 --------- d-----w C:\Program Files\Skype 2007-09-03 09:52 --------- d-----w C:\Program Files\Common Files\Skype 2007-08-05 00:11 606,848 ----a-w C:\WINDOWS\flashax.exe 2007-08-05 00:11 12,288 ----a-w C:\WINDOWS\impborl.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “avast!”=“D:\avast\instalki\ashDisp.exe” [2007-09-06 12:06] “WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [2003-10-16 18:07] “SpeedTouch USB Diagnostics”=“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” [2004-01-26 11:38] “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2003-10-16 18:07] “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\taskbaricon.exe” [2003-10-16 18:07] “DAEMON Tools-1033”=“D:\instalki\Deamon tools\daemon.exe” [2004-08-22 17:05] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Odkurzacz-QC”=“D:\Odkurzacz\Odkurzacz\odk_qc.exe” [2007-05-03 10:01] C:\Documents and Settings\Ola\Menu Start\Programy\Autostart\ Skr˘t do zonealarm.lnk - D:\instalki\ZoneAlarm\zonealarm.exe [2007-08-04 17:34:10] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoSharedDocuments”=1 (0x1) R1 smdsp;smdsp;C:\WINDOWS\system32\drivers\smdsp.sys S0 NVDual;NVDual;C:\WINDOWS\system32\DRIVERS\nvDual.sys S1 smhw;smhw;C:\WINDOWS\system32\drivers\smhw.sys S2 smsrl;smsrl;C:\WINDOWS\system32\drivers\smsrl.sys S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-24 17:22:14 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-24 17:23:26 C:\ComboFix2.txt … 2007-10-24 16:46 . — E O F —
adam9870
(adam9870)
24 Październik 2007 15:57
#6
Jest Ok
Drobna kosmetyka:
Start => uruchom => msconfig => zakładka Uruchamianie => możesz odznaczyć w/w.
Proponuję usunąć aplikację dostępową neostrady, a połączenie skonfigurować ręcznie: http://forum.dobreprogramy.pl/viewtopic.php?t=91864
Ponadto proponuję wykonać podstawowe czynności mające na celu przyśpieszenie działania systemu jak: czyszczenie rejestru , defragmentacja dysku , defragmentacja rejestru oraz usunięcie zbędnych plików . Zapoznaj się także z tematem XP - Optymalizacja, odchudzanie .