Prosze o pomoc czy sa szanse usunac go bez Formatu Systemu

Scan z hijackthis

[C]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:34:14, on 2009-06-18

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Winamp\winampa.exe

C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

C:\WINDOWS\svchost.pif

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

E:\Daniel\Gry\Steam.exe

C:\Program Files\Nowe Gadu-Gadu\gg.exe

C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dumeter.com/register.php?LangID=EN

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll

O2 - BHO: Little Fighter 2 Toolbar Helper - {AE90C38C-97CF-4696-B290-C7973DC9675E} - C:\Program Files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll

O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll

O3 - Toolbar: Little Fighter 2 Toolbar - {C3CD744D-2FAE-4640-8297-16B5DA423104} - C:\Program Files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll

O4 - HKLM…\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”

O4 - HKLM…\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

O4 - HKLM…\Run: [KernelFaultFix] C:\WINDOWS\svchost.pif

O4 - HKCU…\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU…\Run: [sploov] C:\WINDOWS\system32\spolsv.exe

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [Hattric] C:\WINDOWS\system32\hattric\smss.exe

O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - Global Startup: ATI CATALYST – pasek zadań.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra ‘Tools’ menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan … stubie.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Apache2.2 - Unknown owner - E:\xampp\apache\bin\apache.exe (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - E:\xampp\FileZillaFTP\FileZillaServer.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: mysql - Unknown owner - E:\xampp\mysql\bin\mysqld-nt.exe (file missing)

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

–

End of file - 9158 bytes

Akurat ten plik jest prawidłowy. Ale faktycznie jest tu jego podróbka. I inne.

Wklej logi z OTL i gmer

http://oldtimer.geekstogo.com/OTL.exe

http://www.gmer.net/

CZyli jak wkleje te pliki do Systemu

Keylogger zniknie ?

Czy jednak trzeba zrobic Formata.?

Masz pobrać te pliki. W OTL klikasz Run scan. Powstaną dwa logi oba wklejasz. gmer wystarczy uruchomić, klikasz kopiuj i wklejasz zawartość. Logi będą do sprawdzenia co trzeba usunąć. Od samego pobrania nic nie zniknie. Z formatem się wstrzymaj.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

“139:TCP” = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

“445:TCP” = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

“137:UDP” = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

“138:UDP” = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

“EnableFirewall” = 1

“DoNotAllowExceptions” = 0

“DisableNotifications” = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

“1900:UDP” = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

“2869:TCP” = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

“139:TCP” = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

“445:TCP” = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

“137:UDP” = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

“138:UDP” = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

“12884:TCP” = 12884:TCP:*:Enabled:BitComet 12884 TCP

“12884:UDP” = 12884:UDP:*:Enabled:BitComet 12884 UDP

“3389:TCP” = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2006-01-26 17:21:46 | 04,857,856 | ---- | M] (http://www.emule-project.net) – C:\Program Files\eMule\emule.exe:*:Enabled:eMule

[2006-02-13 18:02:48 | 02,678,784 | ---- | M] (www.BitComet.com) – C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client

File not found – D:\Gry\Metin2_PL\metin2.bin:*:Enabled:metin2

File not found – C:\Program Files\Metin2_PL\metin2.bin:*:Enabled:metin2

File not found – C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny

[2009-06-12 08:59:39 | 01,217,784 | ---- | M] (Valve Corporation) – E:\Daniel\Gry\Steam.exe:*:Enabled:Steam

File not found – E:\Daniel\Programy\TibiCam\TibiCAM.exe:*:Enabled:TibiCAM

[2005-09-20 10:28:16 | 01,200,128 | ---- | M] (IVT Corporation) – C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil

File not found – E:\Dominik\Gry\Worms\frontend.exe:*:Enabled:Worms 2 Frontend

File not found – E:\Dominik\Gry\Tibia\Tibia.exe:*:Enabled:Tibia Player

File not found – E:\Daniel\OTS\DevLand-XML.exe:*:Enabled:DevLand OTS

File not found – E:\Dominik\Gry\metin2.bin:*:Enabled:metin2

[2008-12-19 09:07:20 | 02,356,736 | ---- | M] () – C:\WINDOWS\Help\EVOLUTIONS-XML.EXE:*:Enabled:EVOLUTIONS-XML

File not found – C:\WINDOWS\inf\isprnt.exe:*:Enabled:isprnt

[2009-06-18 10:30:09 | 00,086,077 | ---- | M] (Valve) – E:\Daniel\Gry\steamapps\serski94\counter-strike\hl.exe:*:Enabled:Half-Life Launcher

[2009-06-16 12:05:11 | 00,086,077 | ---- | M] (Valve) – E:\Daniel\Gry\steamapps\serski94\condition zero\hl.exe:*:Enabled:Half-Life Launcher

File not found – E:\Hilfe Life-gra\hl2.exe:*:Enabled:hl2

[2009-02-12 15:23:21 | 00,389,120 | ---- | M] (Valve) – E:\Daniel\Gry\steamapps\serski94\dedicated server\hlds.exe:*:Enabled:HLDS Launcher

File not found – E:\gwiezdne wojny\Jedi Knight II\GameData\jk2mp.exe:*:Enabled:jk2mp

[2009-02-06 15:51:30 | 09,302,632 | ---- | M] (GG Network S.A.) – C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu

File not found – E:\dsff\Pocket Tanks Deluxe\pockettanks.exe:*:Enabled:Pocket Tanks

File not found – E:\Daniel\Counter Strike 1.6 Reloaded\hl.exe:*:Enabled:Half-Life Launcher

[2006-02-28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) – C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour

File not found – E:\Daniel\Counter Strike 1.6 Reloaded\Counter Strike 1.6 Reloaded\hl.exe:*:Enabled:Half-Life Launcher

File not found – E:\Dominik\Gry\Sacred - Złota Edycja\GameServer.exe:*:Enabled:Sacred Gameserver

File not found – E:\Dominik\Gry\Sacred - Złota Edycja\Sacred.exe:*:Enabled:Sacred

File not found – E:\Daniel\Game\Counter Strike 1.6 Reloaded\Counter Strike 1.6 Reloaded\hl.exe:*:Enabled:Half-Life Launcher

File not found – E:\Dominik\Counter Strike 1.6 Reloaded\hl.exe:*:Enabled:Half-Life Launcher

File not found – E:\Dominik\Gry\Counter Strike 1.6 Reloaded\hl.exe:*:Enabled:Half-Life Launcher

File not found – E:\Dominik\Counter Strike 1.6 Reloaded\hlds.exe:*:Enabled:HLDS Launcher

File not found – E:\Left 4 Dead -zainstalowana gra\left4dead.exe:*:Enabled:left4dead

[2009-01-29 14:01:36 | 23,975,720 | R— | M] (Skype Technologies S.A.) – C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

[2008-03-15 16:01:28 | 01,394,176 | ---- | M] () – E:\OpenLieroX\OpenLieroX.exe:*:Enabled:OpenLieroX

File not found – E:\Dominik\Gry\mecio\metin2.bin:*:Enabled:metin2

File not found – E:\Litle\lf2.5\lf2.5.exe:*:Enabled:lf2.5

File not found – E:\tom clancys-gra\graw2.exe:*:Disabled:Ghost Recon Advanced Warfighter® 2

File not found – E:\NTSD2.4_t3\NTSD_2.4t3.exe:*:Enabled:NTSD_2.4t3

File not found – E:\Litllle3\Little Fighter 3 v3.6.exe:*:Enabled:Little Fighter 3 v3.6

File not found – E:\Dominik\Litle\lf2.5\lf2.5.exe:*:Enabled:lf2.5

File not found – E:\LF2_v1.9c\lf2.exe:*:Enabled:lf2

File not found – E:\LF2_v2.9c\lf2.exe:*:Enabled:lf2

[2009-05-18 11:10:00 | 00,625,952 | ---- | M] (LogMeIn Inc.) – C:\Documents and Settings\ROGER\Pulpit\HAm\hamachi.exe:*:Enabled:Hamachi Client

File not found – E:\Evolution by Sentil v. 1.0\Evolution by Sentil v. 1.0\Evolutionbysentil.exe:*:Enabled:Aries 0.4.0 - MegaTibia.com

File not found – E:\Stigma\Stigma.exe:*:Enabled:OTS Stigma XML

File not found – E:\xampp\apache\bin\apache.exe:*:Enabled:Apache HTTP Server

File not found – E:\xampp\MercuryMail\mercury.exe:*:Enabled:Mercury/32 Core Processing Module v4.52

File not found – E:\Lf 2.5 Litle\extras\friendlyfire\lf2.5_friendlyfire.exe:*:Enabled:lf2.5_friendlyfire

File not found – E:\gry\lf\lf2.5\lf2.5.exe:*:Enabled:lf2.5

File not found – E:\LF2_v2.0\lf2.exe:*:Enabled:lf2

File not found – E:\gry\lf\lf2.5\lf2.5\lf2.5.exe:*:Enabled:lf2.5

File not found – E:\gry\Nowy folder (4)\lf2.5\lf2.5.exe:*:Enabled:lf2.5

File not found – E:\Lfdd\Little Fighter 3 v3.4.exe:*:Enabled:Little Fighter 3 v3.4

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

“{048298C9-A4D3-490B-9FF9-AB023A9238F3}” = Steam

“{04AF207D-9A77-465A-8B76-991F6AB66245}” = Adobe Help Viewer CS3

“{083F79E4-6FE9-46FB-A6C6-4F8862742947}” = ATI HYDRAVISION

“{08B32819-6EEF-4057-AEDA-5AB681A36A23}” = Adobe Bridge Start Meeting

“{0BEDBD4E-2D34-47B5-9973-57E62B29307C}” = ATI Control Panel

“{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}” = Scan

“{0F31532A-16F1-4812-8B7B-D321A4CE91A6}” = Sony Vegas Pro 8.0

“{14BEB6DF-A499-4A38-8E06-E173BCD5C087}” = ScannerCopy

“{17293791-C82E-476C-9997-9A0FF234A19B}” = HP Product Assistant

“{181821B7-82AA-44DA-9DAF-EF254CCB670A}” = Fax

“{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}” = Adobe WinSoft Linguistics Plugin

“{1AD5F465-8282-4DAD-B957-E09C0B783D18}” = InstantShare

“{1B680FBA-E317-4E93-AF43-3B59798A4BE0}” = Copy

“{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}” = TrayApp

“{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}” = Skype™ 4.0

“{268723B7-A994-4286-9F85-B974D5CAFC7B}” = EasyRecovery Professional

“{272EC8BA-5A08-4ea1-A189-684466A06B02}” = cp_dwShrek2Albums1

“{27DC856A-0916-4988-8198-8714DDD3183D}” = AGEIA PhysX v7.05.17

“{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}” = PDF Settings

“{29E5EA97-5F74-4A57-B8B2-D4F169117183}” = Adobe Stock Photos CS3

“{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}” = Unload

“{3248F0A8-6813-11D6-A77B-00B0D0160070}” = Java 6 Update 7

“{342C7C88-D335-4bc2-8CF1-281857629CE2}” = HP PSC & OfficeJet 4.7

“{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}” = WebFldrs XP

“{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}” = CueTour

“{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}” = ProductContext

“{3947442A-1409-45fc-A885-FB1CF937675D}” = 1400

“{442BE28B-782B-4DC0-B490-E70A403B1C69}” = Readme

“{4781569D-5404-1F26-4B2B-6DF444441031}” = Nero 7 Premium

“{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}” = SAGEM F@st 800-840

“{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}” = InterVideo DeviceService

“{54793AA1-5001-42F4-ABB6-C364617C6078}” = Adobe Linguistics CS3

“{5E8D588F-307C-4250-B622-26969027319A}” = PanoStandAlone

“{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}” = Adobe Color NA Extra Settings

“{63D1A44F-E1FD-4460-BE0A-8745012F67EF}” = BlueSoleil

“{644D04A2-C682-4FD5-977D-03B804C4B9C5}” = CreativeProjects

“{646A65DD-23FC-418E-B9F0-E0500FB42CB1}” = PhotoGallery

“{64CB2553-C109-4132-AA51-1F421B515FD1}” = Microsoft .NET Framework 1.1 Polish Language Pack

“{64FC0C98-B035-4530-B15D-3D30610B6DF1}” = HP Software Update

“{655CB07D-C944-40BE-B93F-55957CAC7625}” = AiO_Scan

“{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}” = PowerDVD

“{68963635-14A4-48D9-B431-DF3A74D1AAE1}” = Destinations

“{68C64209-AE51-4B30-9C80-2B776FE3083D}” = ATI Catalyst Control Center

“{6ABE0BEE-D572-4FE8-B434-9E72A289431B}” = Adobe Fonts All

“{6D12B99F-EAAA-49D8-8E2F-74FA7459CCB2}” = Adobe Asset Services CS3

“{700A6597-3CE6-49C1-AA75-846B24CDA66D}” = BufferChm

“{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}” = Microsoft .NET Framework 2.0

“{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}” = cp_dwShrek2Cards1

“{7299052b-02a4-4627-81f2-1818da5d550d}” = Microsoft Visual C++ 2005 Redistributable

“{7353BAE6-5E49-46C4-A9B5-8A269A313789}” = Crysis WARHEAD®

“{75E71ADD-042C-4F30-BFAC-A9EC42351313}” = Python 2.4.3

“{76C24F39-B161-498F-BD8B-C64789812D13}_is1” = ConvertXtoDVD 3.2.0.50

“{78EFD06D-7583-42F1-9E77-671D8782EB70}” = Adobe Photoshop CS3

“{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}” = HPSystemDiagnostics

“{7B738CD9-D107-48C7-8E65-2E6639A39C8D}” = PerfectDisk 10 Professional

“{802771A9-A856-4A41-ACF7-1450E523C923}” = Adobe XMP Panels CS3

“{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}” = SkinsHP1

“{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}” = AiOSoftware

“{8777AC6D-89F9-4793-8266-DE406F343E89}” = QFolder

“{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}” = DocProc

“{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}” = Adobe Device Central CS3

“{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}” = Adobe Type Support

“{90110415-6000-11D3-8CFE-0150048383C9}” = Microsoft Office Professional Edition 2003

“{90176341-0A8B-4CCC-A78D-F862228A6B95}” = Adobe Anchor Service CS3

“{9578C0CD-8108-4379-9026-4601F59859A0}” = Google Earth Pro

“{9C9824D9-9000-4373-A6A5-D0E5D4831394}” = Adobe Bridge CS3

“{A07BAED2-DA9A-436A-83F1-80BA23FA9E4B}” = 1400_Help

“{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}” = Adobe CMaps

“{A2D81E70-2A98-4A08-A628-94388B063C5E}” = Adobe Color - Photoshop Specific

“{A5B9D22C-755A-4AC6-9904-875E80838BB6}” = CP_AtenaShokunin1Config

“{AC1E4C93-C1E7-11D6-9D10-00010240CE95}” = Java 2 Runtime Environment, SE v1.4.0_03

“{AC76BA86-7AD7-1038-7B44-CEA000000001}” = Adobe Reader 6.0.2 CE

“{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}” = Adobe Camera Raw 4.0

“{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1” = Spybot - Search & Destroy

“{B790662A-8015-4FFD-86D4-D38DFE0BAAEA}” = Pocket Tanks Deluxe v1.3 - Weapon Packs Integrated

“{B911B811-BA3E-46D4-90F8-6F3338359651}” = Director

“{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}” = Adobe Default Language CS3

“{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}” = Adobe Color EU Recommended Settings

“{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}” = MarketResearch

“{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}” = Adobe ExtendScript Toolkit 2

“{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}” = Microsoft .NET Framework 1.1

“{CBF4DADD-974D-49C8-BC83-C6F31554001E}” = Adobe Setup

“{CDFCF124-115F-4976-8BF4-08C89187A146}” = WebReg

“{CE0C8CC5-E396-442B-A50E-D1D374A9E820}” = DocumentViewer

“{D0DFF92A-492E-4C40-B862-A74A173C25C5}” = Adobe Version Cue CS3 Client

“{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}” = Adobe PDF Library Files

“{D92B72E2-C854-4738-8ED6-4C3661CC17AE}” = Adobe Color JA Extra Settings

“{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}” = Adobe Color Common Settings

“{DE66E6E1-BFBC-4586-A03C-686598F4CA3C}” = 1400Trb

“{E69AE897-9E0B-485C-8552-7841F48D42D8}” = Adobe Update Manager CS3

“{E9F81423-211E-46B6-9AE0-38568BC5CF6F}” =

“{F0A37341-D692-11D4-A984-009027EC0A9C}” = SoundMAX

“{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}” = VideoStudio

“{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}” = CreativeProjectsTemplates

“4StoryPL_is1” = 4Story 1.2

“ActiveScan 2.0” = Panda ActiveScan 2.0

“Adobe Flash Player ActiveX” = Adobe Flash Player 10 ActiveX

“Adobe Shockwave Player” = Adobe Shockwave Player

“Adobe_678cd98c8365a5647f9a2e539d120a8” = Adobe Photoshop CS3

“All ATI Software” = Narzędzie Software Uninstall Utility firmy ATI

“ALLPlayer V3.5.6.3_is1” = ALLPlayer V3.X

“AMX Mod X Installer” = AMX Mod X Installer 1.8.1

“ATI Display Driver” = ATI Display Driver

“AudioBurst” = AudioBurst FX Engine

“avast!” = avast! Antivirus

“AVIConverter” = AVIConverter 3.0

“BitComet” = BitComet 0.62

“BrainWave Generator” = BrainWave Generator

“CloneDVD2” = CloneDVD2

“Counter Strike 1.6 Reloaded” = Counter Strike 1.6 Reloaded

“Crysis WARHEAD®” = Crysis WARHEAD®

“DVDFab Platinum_is1” = DVDFab Platinum 4.0.1.0 Ghosthunter release

“dvdSanta 4.00 - Create Your Own DVD Movies!_is1” = dvdSanta 4.00

“Dziobas Rar Player_is1” = Dziobas Rar Player 0.009.35

“eMule” = eMule

“ET_LIGHT” = Tlumacz Komputerowy - Angielski

“Expressivo” = Expressivo

“Fraps” = Fraps

“Frogger2 Demo” = Frogger2 Demo

“FunPhotor_is1” = FunPhotor 2008

“Hamachi” = Hamachi 1.0.3.0

“HijackThis” = HijackThis 2.0.2

“HP Photo & Imaging” = HP Image Zone 4.7

“HPExtendedCapabilities” = HP Extended Capabilities 4.7

“HyperCam 2” = HyperCam 2

“IDNMitigationAPIs” = Microsoft Internationalized Domain Names Mitigation APIs

“ie7” = Windows Internet Explorer 7

“InstallShield_{268723B7-A994-4286-9F85-B974D5CAFC7B}” = EasyRecovery Professional

“InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}” = Ulead VideoStudio 11

“KLiteCodecPack_is1” = K-Lite Codec Pack 4.6.2 (Full)

“Little Fighter 2 Toolbar” = Little Fighter 2 Toolbar

“Little Fighter 2.5 - v2.0” = Little Fighter 2.5 - v2.0

“Macromedia Shockwave Player” = Macromedia Shockwave Player

“Mapa Polski 2009_is1” = Mapa Polski 2009

“MazurskiOT” = MazurskiOT

“Microsoft .NET Framework 2.0” = Microsoft .NET Framework 2.0

“Mozilla Firefox (3.0.11)” = Mozilla Firefox (3.0.11)

“Mp3 To Wave Converter 1.21” = Mp3 To Wave Converter 1.21

“Nano Pack for Pocket Tanks Deluxe_is1” = Nano Pack v1.0 for Pocket Tanks Deluxe

“NAPIPROJEKT_is1” = NAPIPROJEKT 1.0.6.2

“NLSDownlevelMapping” = Microsoft National Language Support Downlevel APIs

“Nowe Gadu-Gadu” = Nowe Gadu-Gadu

“Opera” = Opera

“osu!” = osu!

“Photo Art Studio_is1” = Photo Art Studio 1.31

“Pianissimo” = Pianissimo

“Pocket Tanks Deluxe_is1” = Pocket Tanks Deluxe 1.00a

“PowerMenu” = PowerMenu 1.51

“RealAlt_is1” = Real Alternative 1.8.0

“SjBoy Special Edition - ChingLish 2.00” = SjBoy Special Edition - ChingLish 2.00

“Sjboy_is1” = Sjboy Beta4

“SouthParkMario2.1” = SouthPark Mario Bros 2.1

“Star Defender 3” = Star Defender 3

“Star Defender 4_is1” = Star Defender 4

“Steam App 10” = Counter-Strike

“Steam App 100” = Condition Zero Deleted Scenes

“Steam App 5” = Dedicated Server

“Steam App 80” = Condition Zero

“Tibia Auto” = NSIS Example2

“Tibia_is1” = Tibia

“Tlen.pl” = Tlen.pl

“TMIPC” = Tibia MULTI-ip changer

“Total Video Converter 3.12_is1” = Total Video Converter 3.12 080330

“Totalcmd” = Total Commander (Remove or Repair)

“Ultra RM Converter_is1” = Ultra RM Converter 2.1.8

“Virtual Plastic Surgery Software - VPSS_is1” = Virtual Plastic Surgery Software - VPSS v1.0

“VN_VUIns_Rhine_VIA” = VIA Rhine-Family Fast Ethernet Adapter

“WheelMouse” = A4Tech iWheelWorks 7.66

“WIC” = Windows Imaging Component

“Winamp” = Winamp

“WinAVI Video Converter 9.09.0” = WinAVI Video Converter 9.0

“Windows Media Format Runtime” = Windows Media Format Runtime

“WinRAR archiver” = Archiwizator WinRAR

========== Last 10 Event Log Errors ==========

[Antivirus Events]

Error - 2008-09-02 17:21:21 | Computer Name = ZZZ-1B8714541F3 | Source = avast! | ID = 33554522

Description = Internal error has occurred in module aswar scan function failed!,

function A000010E.

Error - 2008-09-03 15:31:51 | Computer Name = ZZZ-1B8714541F3 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

I:\Metin2_PL_20080219.exe failed, 0000001E.

Error - 2008-09-07 02:43:38 | Computer Name = ZZZ-1B8714541F3 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\Program Files\BitComet\Downloads\Total Video Converter 3.12 (Serial+Crack) &

Total Video Converter 3.11 Portable\Total Video Converter 3.12.exe failed, 00000084.

Error - 2008-11-02 02:38:45 | Computer Name = ZZZ-1B8714541F3 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

http://rs227tl.rapidshare.com/files/139 … iastko.rar failed,

Error - 2008-11-17 09:22:51 | Computer Name = ZZZ-1B8714541F3 | Source = avast! | ID = 33554522

Description = AAVM - initialization error: Unhandled exception in AavmProviderStop

[inner], MAIL.

Error - 2009-05-22 06:59:50 | Computer Name = ZZZ-1B8714541F3 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: OpenEventsAndMapping: OpenEvent failed!, 00000002.

Error - 2009-05-22 06:59:50 | Computer Name = ZZZ-1B8714541F3 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: ClientRqDispatchThread: OpenEventsAndMapping

failed - client probably died, 00000652.

Error - 2009-05-24 09:47:19 | Computer Name = ZZZ-1B8714541F3 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

I:\DCIM\100HP735\HPIM4906.JPG failed, 0000001E.

Error - 2009-06-06 11:58:11 | Computer Name = ZZZ-1B8714541F3 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

http://osu.ppy.sh/release/osu!setup.exe failed, 00000084.

[Application Events]

Error - 2009-06-15 12:43:45 | Computer Name = ZZZ-1B8714541F3 | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd sjboy.exe, wersja 1.0.0.1, moduł powodujący

błąd sjboy.exe, wersja 1.0.0.1, adres błędu 0x00034070.

Error - 2009-06-15 12:49:08 | Computer Name = ZZZ-1B8714541F3 | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd sjboy.exe, wersja 1.0.0.1, moduł powodujący

błąd sjboy.exe, wersja 1.0.0.1, adres błędu 0x0003f0bd.

Error - 2009-06-15 12:49:29 | Computer Name = ZZZ-1B8714541F3 | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd sjboy.exe, wersja 1.0.0.1, moduł powodujący

błąd sjboy.exe, wersja 1.0.0.1, adres błędu 0x0003f0bd.

Error - 2009-06-15 13:07:14 | Computer Name = ZZZ-1B8714541F3 | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd Aktywacja_Konta.exe, wersja 0.0.0.0, moduł

powodujący błąd Aktywacja_Konta.exe, wersja 0.0.0.0, adres błędu 0x0000b9b9.

Error - 2009-06-15 13:08:30 | Computer Name = ZZZ-1B8714541F3 | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd Aktywacja_Konta.exe, wersja 0.0.0.0, moduł

powodujący błąd Aktywacja_Konta.exe, wersja 0.0.0.0, adres błędu 0x0000b9b9.

Error - 2009-06-16 04:32:59 | Computer Name = ZZZ-1B8714541F3 | Source = PerfNet | ID = 2004

Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie

zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2009-06-16 05:52:02 | Computer Name = ZZZ-1B8714541F3 | Source = PerfNet | ID = 2004

Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie

zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2009-06-16 07:11:32 | Computer Name = ZZZ-1B8714541F3 | Source = PerfNet | ID = 2004

Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie

zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2009-06-16 09:50:22 | Computer Name = ZZZ-1B8714541F3 | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd lf2.5.exe, wersja 0.0.0.0, moduł powodujący

błąd lf2.5.exe, wersja 0.0.0.0, adres błędu 0x00028b84.

Error - 2009-06-17 05:44:44 | Computer Name = ZZZ-1B8714541F3 | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd allplayer.exe, wersja 3.5.6.3, moduł powodujący

błąd flv.ax, wersja 2006.2.28.1, adres błędu 0x00002d26.

[System Events]

Error - 2009-06-17 05:44:02 | Computer Name = ZZZ-1B8714541F3 | Source = Cdrom | ID = 262155

Description = Sterownik wykrył błąd kontrolera na \Device\CdRom0.

Error - 2009-06-17 07:28:59 | Computer Name = ZZZ-1B8714541F3 | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi General Purpose USB Driver (adildr.sys)

z powodu następującego błędu: %%2

Error - 2009-06-17 07:28:59 | Computer Name = ZZZ-1B8714541F3 | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi Apache2.2 z powodu następującego błędu:

%%3

Error - 2009-06-17 07:28:59 | Computer Name = ZZZ-1B8714541F3 | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi mysql z powodu następującego błędu: %%3

Error - 2009-06-17 11:27:23 | Computer Name = ZZZ-1B8714541F3 | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi General Purpose USB Driver (adildr.sys)

z powodu następującego błędu: %%2

Error - 2009-06-17 11:27:23 | Computer Name = ZZZ-1B8714541F3 | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi Apache2.2 z powodu następującego błędu:

%%3

Error - 2009-06-17 11:27:23 | Computer Name = ZZZ-1B8714541F3 | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi mysql z powodu następującego błędu: %%3

Error - 2009-06-18 01:30:55 | Computer Name = ZZZ-1B8714541F3 | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi General Purpose USB Driver (adildr.sys)

z powodu następującego błędu: %%2

Error - 2009-06-18 01:30:55 | Computer Name = ZZZ-1B8714541F3 | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi Apache2.2 z powodu następującego błędu:

%%3

Error - 2009-06-18 01:30:55 | Computer Name = ZZZ-1B8714541F3 | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi mysql z powodu następującego błędu: %%3

< End of report >

Ale to jest tylko Extras, ma być jeszcze OTL i gmer. Logi wklej na www.wklej.org a tutaj daj tylko link do wklejki.

http://www.wklej.org/id/108094/

http://www.wklej.org/id/108098/

OTL nie widzi tego drugiego smss’a, może już usunięty, ale na wszelki wypadek też go dam na usuwanie. Wklej w OTL

Klikasz Run fix, restart. Pokazujesz log z usuwania i nowy z OTL.

Proszę poprawić pisownię w tytule tematu i w opisie problemu. W celu edycji swojego posta proszę skorzystać z przycisku Edytuj przy poście otwierającym temat.

Zignorowanie zalecenia będzie skutkowało usunięciem tematu do Kosza.

W związku ze zmianą, jaka obowiązuje przy wklejaniu logów na forum - przeczytaj i zastosuj się do Tematu

Usunolem Programem killbox C:\WINDOWS\svchost.pif

i automatycznie zrestartowal mi sie komputera , gdy sie wlaczyl SPYBOT wyswietlil komunikat

co Wcisnac

Ranny Skan hijackthis

O4 - HKCU…\Run: [Hattric] C:\WINDOWS\system32\hattric\smss*****

---

11.06.2009 - It’s keylogger!

11.05.2009 - ssss

Nie miałeś tego KillBoxem usuwać tylko moim skryptem, bo na usuwanie dałem jeszcze kilka rzeczy. Wygląda na to, że wciąż wszystko stoi jak stało. Wklej nowy log z OTL.

Najlepiej na czas usuwania wyłącz TeaTimer.

http://www.wklej.org/id/108208/

Jeszcze sprawdź ten plik na

http://www.virustotal.com/pl/

Bo nie jestem do końca pewien czy jest na usuwanie

W OTL wklej

Klikasz Run Fix. Pokazujesz log z usuwania i nowy log z OTL. Pamiętaj, żeby na czas usuwania wyłączyć TeaTimer.

http://www.virustotal.com/pl/analisis/0 … 1245334129

jak dalem to fix to mi spybot zaczol pikac o to co wyzej

Masz wyłączyć Spybota na czas usuwania. Będzie pikał bo chcę wykasować zapisy śmieci z rejestru a ten klucz jest przez Spybota chroniony (dziwne, że wpuścił wirusy a wypuścić już nie chce).

Spróbuj to zrobić w trybie awaryjnym lub zgódź się na zmianę.

wiesz co chyba po prostu zrobie Formata …

Przecież zostało tylko kilka wpisów w rejestrze i kilka plików, wyglada na to, że nic więcej. Żeby skrypt się wykonał trzeba wyłączyć Spybota.

ok:)

No ale co ok? Jeśli robiłeś ten skrypt to pokaż log z usuwania i nowy z OTL.