Pojawił się folder AskPBar

emil_777 · 9 Lipiec 2007 16:07

Mam nietypowy’ problem:

>> włączam program ‘steam’ ,aby pograć sobie online w cs’a (counter-strike) -pewnie dla większości znana gra- próbuje wejść na jakiś server i wtedy wyskakuje ,że norton wykrył virusa. Ok. Zrobiłem full skana ,wirusa wykryło… wszystko ok. Włączam znowu steam’a wbijam na serva i znowu to samo!! … i tak w kółko do z kończenia świata. Nie wiem co robić bo boje sie ,że jak zrobie formata to nie pomorze… … …

popula · 9 Lipiec 2007 16:17

Na początek przeskanuj on-line EWIDO, a po skanie daj loga z HijackThis i Silent Runners.

Gutek · 9 Lipiec 2007 17:15

Daj logi z HJT + Silent - http://forum.dobreprogramy.pl/viewtopic.php?t=36654

emil_777 · 9 Lipiec 2007 21:00

A oto i on:

Logfile of HijackThis v1.99.1 Scan saved at 22:57:14, on 2007-07-09 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\Explorer.EXE c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ATK0100\HControl.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\ATK0100\ATKOSD.exe c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\PROGRAMY\DANE\Gadu-Gadu\gg.exe D:\PROGRAMY\DANE\Expressivo\expressivo.exe C:\Program Files\Messenger\msmsgs.exe D:\Downloads\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://reviews.speedbit.com/Context/Alt … 9obl9EZWVy ZV9BbWVyaWNhbl9GYXJtZXJfRGVsdXhlLnBhcnQxLnJhcg==&U=aHR0cDovL3JzMTM 1dGcucmFwaWRzaGFyZS5jb20vZmlsZXMvMjk5NjcyMTUvOTUzNDk5L0pvaG5fRGVlcm VfQW1lcmljYW5fRmFybWVyX0RlbHV4ZS5wYXJ0MS5yYXI=&RF=cnMxMzV0Zy5yYXBpZH NoYXJlLmNvbQ==&L=4294967295&LH=4294967295&K=2&INC=5&R=0&V=8.5.5.7&LNG= 1045&PCX=700&PCY=600&HCS=&FCS=None&Ref=2&Aff=NONE R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\PROGRAMY\DANE\Orbitdownloader\orbitcth.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - D:\PROGRAMY\DANE\Expressivo\IH_iexplore.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - D:\PROGRAMY\DANE\MegaIEMn.dll (file missing) O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - D:\PROGRAMY\DANE\Expressivo\IH_iexplore.dll O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL O4 - HKLM…\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM…\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM…\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM…\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe O4 - HKLM…\Run: [ccApp] “c:\Program Files\Common Files\Symantec Shared\ccApp.exe” O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “D:\PROGRAMY\DANE\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU…\Run: [internetCalls] “D:\PROGRAMY\DANE\InternetCalls\internetcalls.exe” -nosplash -minimized O4 - HKCU…\Run: [steam] C:\Program Files\Steam\Steam.exe -silent O8 - Extra context menu item: &Download by Orbit - res://D:\PROGRAMY\DANE\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://D:\PROGRAMY\DANE\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\PROGRAMY\DANE\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://D:\PROGRAMY\DANE\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/active … rdtinf.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 8401252140 O17 - HKLM\System\CCS\Services\Tcpip…{AD15B8B4-2E82-4781-8723-4F2D08DCC6F7}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE O23 - Service: VideoAcceleratorEngine - Unknown owner - D:\PROGRAMY\DANE\DAP\SPEEDB~1\VideoAcceleratorEngine.exe (file missing)

Gutek · 9 Lipiec 2007 21:54

C:\Program Files\AskPBar usuń folder ręcznie

Daj log z Combofix

emil_777 · 11 Lipiec 2007 11:05

… ‘ręcznie’ w sensie usunąć wpis przy pomocą HJT ,czy usunąć folder //ppm>usuń// ??

Joan · 11 Lipiec 2007 13:12

usuń folder z dysku

emil_777 · 11 Lipiec 2007 14:23

nie da sie usunąć, w procesach nic niema /chyba/ w msconfig też patrzyłem i nic nie znalazłem…

emil_777 · 11 Lipiec 2007 15:55

…a o to log z Combofix:

“emil2” - 2007-07-10 23:15:26 - ComboFix 07-07-10.1 - Dodatek Service Pack 2 FAT32 ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32_000006_.tmp.dll C:\WINDOWS\system32_000007_.tmp.dll C:\WINDOWS\system32_000008_.tmp.dll C:\WINDOWS\system32_000009_.tmp.dll C:\WINDOWS\system32_000012_.tmp.dll ((((((((((((((((((((((((( Files Created from 2007-06-10 to 2007-07-10 ))))))))))))))))))))))))))))))) 2007-07-10 23:12 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-09 16:41 2007-07-08 14:58 2007-07-07 12:22 2007-07-05 21:33 2007-07-05 18:31 2007-07-01 16:13 2007-06-30 20:51 2007-06-28 16:54 2007-06-28 16:50 2007-06-28 16:43 2007-06-28 16:43 2007-06-28 16:43 2007-06-28 13:48 2007-06-28 13:48 2007-06-28 13:39 2007-06-28 13:10 2007-06-28 12:51 2007-06-28 12:12 2007-06-28 11:57 2,621,440 --a------ C:\DOCUME~1\ekil2\ntuser.dat 2007-06-28 11:57 2007-06-28 11:57 2007-06-28 11:57 2007-06-28 11:57 2007-06-28 11:57 2007-06-28 11:57 2007-06-28 11:57 2007-06-28 11:57 2007-06-28 11:57 2007-06-28 11:57 2007-06-27 23:00 2007-06-27 23:00 2007-06-26 22:26 4,747,264 --a------ C:\DOCUME~1\Emil\ntuser.dat 2007-06-25 16:26 2007-06-22 20:26 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS 2007-06-20 22:38 2007-06-20 17:02 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2007-06-19 18:44 64,000 --a------ C:\WINDOWS\system32\drivers\e4ldr.sys 2007-06-19 18:44 50,007 --a------ C:\WINDOWS\system32\drivers\adildr.sys 2007-06-19 18:44 46,892 --a------ C:\WINDOWS\system32\ADADIX16.DLL 2007-06-19 18:44 4,981 --a------ C:\WINDOWS\system32\ADADIX2K.DLL 2007-06-19 18:44 24,576 --a------ C:\WINDOWS\enddisk32.exe 2007-06-19 18:44 22,395 --a------ C:\WINDOWS\system32\drivers\fpga.bin 2007-06-19 18:44 176,128 --a------ C:\WINDOWS\autoclk.exe 2007-06-19 18:44 155,648 --a------ C:\WINDOWS\system32\adadix32.dll 2007-06-19 18:44 152,220 --a------ C:\WINDOWS\system32\drivers\L1E4I2.BIN 2007-06-19 18:44 152,220 --a------ C:\WINDOWS\system32\drivers\L1E4I1.BIN 2007-06-19 18:44 152,220 --a------ C:\WINDOWS\system32\drivers\L1E4I0.BIN 2007-06-19 18:44 152,132 --a------ C:\WINDOWS\system32\drivers\L1E4P2.BIN 2007-06-19 18:44 152,132 --a------ C:\WINDOWS\system32\drivers\L1E4P1.BIN 2007-06-19 18:44 152,132 --a------ C:\WINDOWS\system32\drivers\L1E4P0.BIN 2007-06-19 18:44 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9P2.BIN 2007-06-19 18:44 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9P1.BIN 2007-06-19 18:44 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9P0.BIN 2007-06-19 18:44 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9I2.BIN 2007-06-19 18:44 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9I1.BIN 2007-06-19 18:44 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9I0.BIN 2007-06-19 18:44 152,036 --a------ C:\WINDOWS\system32\drivers\L1E4D2.BIN 2007-06-19 18:44 152,034 --a------ C:\WINDOWS\system32\drivers\L1E4D1.BIN 2007-06-19 18:44 152,034 --a------ C:\WINDOWS\system32\drivers\L1E4D0.BIN 2007-06-19 18:44 143,360 --a------ C:\WINDOWS\adiras.exe 2007-06-19 18:44 135,168 --a------ C:\WINDOWS\system32\unaddrv.exe 2007-06-19 18:44 127,456 --a------ C:\WINDOWS\system32\IPDETECT.EXE 2007-06-19 18:44 126,976 --a------ C:\WINDOWS\system32\coclassfast.dll 2007-06-19 18:44 126,489 --a------ C:\WINDOWS\system32\drivers\adiusbaw.sys 2007-06-19 18:44 116,992 --a------ C:\WINDOWS\system32\drivers\e4usbaw.sys 2007-06-19 18:44 2007-06-18 19:29 2007-06-14 22:04 2007-06-13 21:44 2007-06-13 21:44 2007-06-13 21:44 2007-06-13 21:02 110,080 --a------ C:\WINDOWS\system32\Orbitron.scr 2007-06-13 20:28 2007-06-13 20:22 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll 2007-06-13 20:22 2007-06-13 19:35 23 --ahs---- C:\WINDOWS\system32\fddcccfec7_r.dll 2007-06-10 17:17 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-16 10:40:30 1,346 ----a-w C:\WINDOWS\mozver.dat 2007-06-15 20:27:28 75,904 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-06-15 20:27:28 451,802 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-06-08 20:30:26 -------- d-----w C:\Program Files\MUGEN 2007-06-01 10:18:10 -------- d-----w C:\Program Files\QuickTime 2007-05-30 20:05:38 -------- d-----w C:\Program Files\Common Files\GTK 2007-05-26 14:16:56 0 ----a-w C:\WINDOWS\system32\UTSCSI.EXE 2007-05-18 17:17:02 -------- d-----w C:\Program Files\NovaLogic 2007-05-16 15:18:58 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-12 21:44:50 -------- d-----w C:\Program Files\K-Lite Codec Pack 2007-05-10 16:09:06 21,504 ----a-w C:\WINDOWS\jestertb.dll 2007-05-10 15:22:40 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-05-09 18:53:50 770,048 ----a-w C:\WINDOWS\3D World Map.scr 2007-05-06 15:01:14 0 ----a-w C:\WINDOWS\nsreg.dat 2007-05-05 22:22:00 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2007-05-02 14:45:34 546 ----a-w C:\WINDOWS\system32\ABA6F.DAT 2007-04-25 14:23:30 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:14:32 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-04-16 20:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-04-16 20:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{000123B4-9B42-4900-B3F7-F4B073EFC214}] 2007-06-18 13:33 122880 --a------ D:\PROGRAMY\DANE\Orbitdownloader\orbitcth.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2004-12-14 01:56 63136 --a------ c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{85F685C3-20D9-4943-95E4-EB4224056C3F}] 2007-01-23 14:29 102400 --a------ D:\PROGRAMY\DANE\Expressivo\IH_iexplore.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{9ECB9560-04F9-4bbc-943D-298DDF1699E1}] 2005-10-22 20:29 94336 --a------ c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}] 2007-05-23 12:13 140912 --a------ c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}] 2007-05-06 15:34 2415680 -ra------ c:\program files\google\googletoolbar1.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] 2007-05-06 21:45 324536 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{bf00e119-21a3-4fd1-b178-3b8537e75c92}] D:\PROGRAMY\DANE\MegaIEMn.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{F4D76F01-7896-458a-890F-E1F05C46069F}] 2007-06-13 20:28 241664 --a------ C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Alcmtr”=“ALCMTR.EXE” [2005-05-03 06:43 C:\WINDOWS\Alcmtr.exe] “SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2005-10-21 02:26] “ccApp”=“c:\Program Files\Common Files\Symantec Shared\ccApp.exe” [2007-01-22 22:19] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 13:00] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24] “Gadu-Gadu”=“D:\PROGRAMY\DANE\Gadu-Gadu\gg.exe” [2007-05-10 16:36] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “appinit_dlls”=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^ASUS ChkMail.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ASUS ChkMail.lnk backup=C:\WINDOWS\pss\ASUS ChkMail.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Emil^Menu Start^Programy^Autostart^Adobe Gamma.lnk] path=C:\Documents and Settings\Emil\Menu Start\Programy\Autostart\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator] “C:\Program Files\DAP\DAP.EXE” /STARTUP [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp] “C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Expressivo] “D:\PROGRAMY\DANE\Expressivo\expressivo.exe” -t [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] “D:\PROGRAMY\DANE\Gadu-Gadu\gg.exe” /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless] “C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” /tf Intel PROSet/Wireless [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig] “C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InternetCalls] “D:\PROGRAMY\DANE\InternetCalls\internetcalls.exe” -nosplash -minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] “C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] RTHDCPL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] sm56hlpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedOptimizer] D:\PROGRAMY\DANE\DAP\SPEEDO~1\SPO.EXE -s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] C:\Program Files\Steam\Steam.exe -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VS Online] “D:\GRY\MINI\VS Online\VSOnline.exe” /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] D:\PROGRAMY\DANE\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “gusvc”=3 (0x3) “GoogleDesktopManager”=3 (0x3) “Adobe LM Service”=3 (0x3) “S24EventMonitor”=2 (0x2) “RegSrvc”=2 (0x2) “iPod Service”=3 (0x3) “EvtEng”=2 (0x2) *Newly Created Service* - COMHOST Contents of the ‘Scheduled Tasks’ folder 2007-07-06 18:00:02 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Emil.job ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-10 23:17:12 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-10 23:17:44 C:\ComboFix-quarantined-files.txt … 2007-07-10 23:17 — E O F —

Gutek · 11 Lipiec 2007 16:56

Skan AVG Anti-Spyware 7.5 po update + RAPORT

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

Opis RegCleaner - http://www.agavk.p9.pl/strony/progra_regcleaner.php

Zobacz - Obsługa jv16 PowerTools

emil_777 · 11 Lipiec 2007 18:57

Już czyściłem rejestr… pewnie to coś z tym AskPBar bo w procesach nic nie ma ,a usunąć sie nie chce … może ,któreś wpisy po usuwać ,albo coś w tym temacie…/?!?/ przypominam ,że wirus sie aktywuje dopiero wtedy jak sie łącze z jakimś serwerem… CZY KTOŚ MOŻE MI POMÓC ??

Gutek · 11 Lipiec 2007 19:06

Pobierz program SDFix

emil_777 · 13 Lipiec 2007 19:39

/trochę mnie nie było…/

…

Ciekawostka: nie mogę wejść w tryb awaryjny.

…

Opis: po wybraniu opcji tryb awaryjny >…> czarny ekran i migający kursor w lewym górnym rogu.

…

Rozwiązanie : _

Joan · 13 Lipiec 2007 21:50

KLIK

emil_777 · 3 Sierpień 2007 18:26

zrobiłem skana sdfix’em /udało mi sie/ i cos wykryło… usuneło i wreście moge sobie pograć 8)

adam9870 · 3 Sierpień 2007 19:03

Dla pewności proszę wkleić nowy log z ComboFix.

emil_777 · 4 Sierpień 2007 12:21

Oto i on:

“ekil2” - 2007-08-03 20:05:55 - ComboFix 07-07-10.1 - Dodatek Service Pack 2 FAT32 ((((((((((((((((((((((((( Files Created from 2007-07-03 to 2007-08-03 ))))))))))))))))))))))))))))))) 2007-08-03 15:31 2007-08-03 14:15 2007-08-03 09:45 2007-08-02 11:32 2007-08-02 11:13 2007-08-02 11:11 2007-08-02 11:11 2007-08-01 21:27 2007-07-30 20:19 2007-07-30 20:17 2007-07-30 19:37 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-07-30 14:20 2007-07-30 14:18 545 --a------ C:\WINDOWS\UC.PIF 2007-07-30 14:18 545 --a------ C:\WINDOWS\RAR.PIF 2007-07-30 14:18 545 --a------ C:\WINDOWS\PKZIP.PIF 2007-07-30 14:18 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2007-07-30 14:18 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2007-07-30 14:18 545 --a------ C:\WINDOWS\LHA.PIF 2007-07-30 14:18 545 --a------ C:\WINDOWS\ARJ.PIF 2007-07-19 19:09 2007-07-17 13:01 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-07-17 13:01 73,728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-07-17 13:01 654,848 --a------ C:\WINDOWS\system32\x264vfw.dll 2007-07-17 13:01 639,066 --a------ C:\WINDOWS\system32\divx.dll 2007-07-17 13:01 630,784 --a------ C:\WINDOWS\system32\vp7vfw.dll 2007-07-17 13:01 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll 2007-07-17 13:01 39,936 --a------ C:\WINDOWS\system32\huffyuv.dll 2007-07-17 13:01 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-07-17 13:01 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll 2007-07-17 13:01 217,088 --a------ C:\WINDOWS\system32\i420vfw.dll 2007-07-17 13:01 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-07-17 13:01 196,608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-07-17 13:01 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-07-17 13:01 144,384 --a------ C:\WINDOWS\system32\Iacenc.dll 2007-07-17 13:01 1,565,480 --a------ C:\WINDOWS\system32\wmv9vcm.dll 2007-07-17 13:01 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-07-17 13:00 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-07-10 23:12 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-09 16:41 2007-07-08 14:58 2007-07-07 12:22 2007-07-05 21:33 2007-07-05 18:31 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-01 19:27:30 -------- d-----w C:\Program Files\Tajemnice umysłu 2007-07-11 15:20:10 75,904 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-07-11 15:20:10 451,802 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-06-30 18:51:58 -------- d-----w C:\DOCUME~1\ekil2\DANEAP~1\AdobeUM 2007-06-28 14:54:14 -------- d-----w C:\DOCUME~1\ekil2\DANEAP~1\WinRAR 2007-06-28 11:48:28 -------- d-----w C:\DOCUME~1\ekil2\DANEAP~1\DivX 2007-06-28 11:48:24 -------- d-----w C:\DOCUME~1\ekil2\DANEAP~1\Media Player Classic 2007-06-28 11:39:34 -------- d-----w C:\DOCUME~1\ekil2\DANEAP~1\Gadu-Gadu 2007-06-28 10:51:10 -------- d-----w C:\DOCUME~1\ekil2\DANEAP~1\Talkback 2007-06-28 09:57:20 -------- d-----w C:\DOCUME~1\ekil2\DANEAP~1\Symantec 2007-06-20 20:38:42 -------- d-----w C:\Program Files\Common Files\EasyInfo 2007-06-19 16:44:34 -------- d-----w C:\Program Files\SAGEM 2007-06-16 10:40:30 1,346 ----a-w C:\WINDOWS\mozver.dat 2007-06-13 19:44:44 -------- d-----w C:\Program Files\Microsoft Visual Studio 8 2007-06-13 19:44:44 -------- d-----w C:\Program Files\Common Files\Merge Modules 2007-06-13 18:28:28 -------- d—a-w C:\Program Files\AskPBar 2007-06-13 18:22:20 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll 2007-06-13 17:35:52 23 --sha-w C:\WINDOWS\system32\fddcccfec7_r.dll 2007-06-08 20:30:26 -------- d-----w C:\Program Files\MUGEN 2007-05-16 15:18:58 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-10 16:09:06 21,504 ----a-w C:\WINDOWS\jestertb.dll 2007-05-09 18:53:50 770,048 ----a-w C:\WINDOWS\3D World Map.scr 2007-05-06 15:01:14 0 ----a-w C:\WINDOWS\nsreg.dat 2007-05-05 22:22:00 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{000123B4-9B42-4900-B3F7-F4B073EFC214}] 2007-07-13 19:03 184320 --a------ D:\PROGRAMY\DANE\Orbitdownloader\orbitcth.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2004-12-14 01:56 63136 --a------ c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{85F685C3-20D9-4943-95E4-EB4224056C3F}] 2007-01-23 14:29 102400 --a------ D:\PROGRAMY\DANE\Expressivo\IH_iexplore.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{9ECB9560-04F9-4bbc-943D-298DDF1699E1}] 2005-10-22 20:29 94336 --a------ c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}] 2007-05-23 12:13 140912 --a------ c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}] 2007-05-06 15:34 2415680 -ra------ c:\program files\google\googletoolbar1.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] 2007-07-16 22:27 325048 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{bf00e119-21a3-4fd1-b178-3b8537e75c92}] D:\PROGRAMY\DANE\MegaIEMn.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{F4D76F01-7896-458a-890F-E1F05C46069F}] 2007-06-13 20:28 241664 --a------ C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Alcmtr”=“ALCMTR.EXE” [2005-05-03 06:43 C:\WINDOWS\Alcmtr.exe] “SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2005-10-21 02:26] “ccApp”=“c:\Program Files\Common Files\Symantec Shared\ccApp.exe” [2007-01-22 22:19] “Symantec PIF AlertEng”=“C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” [2007-03-12 18:30] “TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2007-05-06 16:54] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 13:00] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24] “Gadu-Gadu”=“D:\PROGRAMY\DANE\Gadu-Gadu\gg.exe” [2007-05-10 16:36] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “appinit_dlls”=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^ASUS ChkMail.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ASUS ChkMail.lnk backup=C:\WINDOWS\pss\ASUS ChkMail.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Emil^Menu Start^Programy^Autostart^Adobe Gamma.lnk] path=C:\Documents and Settings\Emil\Menu Start\Programy\Autostart\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DaemonTools_WhenUSave_Installer] C:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator] “C:\Program Files\DAP\DAP.EXE” /STARTUP [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp] “C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Expressivo] “D:\PROGRAMY\DANE\Expressivo\expressivo.exe” -t [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] “D:\PROGRAMY\DANE\Gadu-Gadu\gg.exe” /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless] “C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” /tf Intel PROSet/Wireless [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig] “C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InternetCalls] “D:\PROGRAMY\DANE\InternetCalls\internetcalls.exe” -nosplash -minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] “C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] RTHDCPL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] sm56hlpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedOptimizer] D:\PROGRAMY\DANE\DAP\SPEEDO~1\SPO.EXE -s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spik] D:\PROGRAMY\DANE\Spik\Spik.exe -autostart [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] C:\Program Files\Steam\Steam.exe -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VS Online] “D:\GRY\MINI\VS Online\VSOnline.exe” /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] D:\PROGRAMY\DANE\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “gusvc”=3 (0x3) “GoogleDesktopManager”=3 (0x3) “Adobe LM Service”=3 (0x3) “S24EventMonitor”=2 (0x2) “RegSrvc”=2 (0x2) “iPod Service”=3 (0x3) “EvtEng”=2 (0x2) *Newly Created Service* - COMHOST Contents of the ‘Scheduled Tasks’ folder 2007-08-03 18:00:02 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Emil.job ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-03 20:08:07 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-03 20:08:35 C:\ComboFix-quarantined-files.txt … 2007-08-03 20:08 C:\ComboFix3.txt … 2007-07-10 23:17 C:\ComboFix2.txt … 2007-07-19 19:32 — E O F —

…napisałem też w innym temacie o pododnym, ->