Problem z AntiSpyGolden 5.1 i ikoną na pasku zadań

kakadu · 10 Listopad 2007 10:27

Proszę o pomoc w usunieciu ikony odsyłającej do antivirgear.com generującą uciążliwe komunikaty. W Program Files pojawił się folder z aplikacją AntiSpyGolden 5.1, którego nie widzi Your Uninstaller - jak go bezpiecznie usunąć? Załączam log z HJT. Z góry dzięki. Krzysiek

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:23:23, on 2007-11-10

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\brss01a.exe

C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Acer\Empowering Technology\eLock\LockServ.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Program Files\Launch Manager\LaunchAp.exe

C:\Program Files\Launch Manager\HotkeyApp.exe

C:\Program Files\Launch Manager\OSDCtrl.exe

C:\Program Files\Launch Manager\Wbutton.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\iPlus\iPlusManager.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Krzysztof Wójcik\Pulpit\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)

O2 - BHO: (no name) - {43BF8E0C-886D-4103-8DDB-2DFE0E8A0168} - C:\Program Files\Video Add-on\isfmdl.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll

O3 - Toolbar: IE Custom Tools - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - C:\Program Files\Video Add-on\ictmdl.dll (file missing)

O4 - HKLM\..\Run: [iPlusManager] C:\Program Files\iPlus\iPlusChecker.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1

O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"

O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"

O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"

O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"

O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe

O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun

O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe

O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Acer Empowering Technology.lnk = ?

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Przyspieszenie uruchomienia programu AutoCAD.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe

O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187130644974

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{9040092C-1F15-49B9-952D-B964777237EC}: NameServer = 212.2.96.51 212.2.96.52

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: arturo - {48a7a70a-e118-4506-a373-c9d4e8a212a1} - C:\WINDOWS\system32\eulbn.dll

O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe


--

End of file - 12764 bytes

adam9870 · 10 Listopad 2007 11:21

Uwaga : na czas wykonywania czynności wyłącz SpybotSD TeaTimer. W przeciwnym wypadku naniesione zmiany mogą nie zostać zapisane.

W logu:

Użyj narzędzia SmitFraudFix z opcji numer 2 w trybie awaryjnym.

Po wykonaniu wykonaj i wklej log z ComboFix oraz zawartość pliku c:\rapport.txt

kakadu · 10 Listopad 2007 12:56

Dzieki za poradę - ikona zniknęła. W PF pozostał folder z programem AntiSpyGolden - ja nie przypominam sobie, bym go instalował. Czy mam po prostu wywalić go do kosza? Załączam loga i raport

ComboFix 07-11-01.1** - Krzysztof Wójcik 2007-11-10 13:45:49.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.573 [GMT 1:00] Running from: C:\Documents and Settings\Krzysztof Wójcik\Pulpit\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-10-10 to 2007-11-10 ))))))))))))))))))))))))))))))) . 2007-11-10 13:34 5,088 --a------ C:\WINDOWS\system32\tmp.reg 2007-11-10 13:12 2007-11-10 13:11 2007-11-10 13:11 2007-11-10 13:11 2007-11-10 13:11 2007-11-10 13:11 2007-11-10 13:11 2007-11-10 13:11 2007-11-06 09:16 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-05 21:52 2007-11-05 12:56 2007-11-05 12:11 2007-11-05 09:29 2007-11-04 18:39 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-11-03 00:21 139,264 --a------ C:\WINDOWS\system32\AfpT.dll 2007-11-03 00:21 89,216 --a------ C:\WINDOWS\system32\drivers\FO_PAnt.sys 2007-11-03 00:21 78,896 --a------ C:\WINDOWS\system32\GEARAspi.dll 2007-11-03 00:21 43,904 --a------ C:\WINDOWS\system32\drivers\AFPAnsi.sys 2007-11-03 00:21 13,872 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys 2007-11-03 00:20 2007-11-03 00:08 2007-11-02 22:52 194,320 --a------ C:\WINDOWS\system32\qcut.dll 2007-11-02 22:52 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll 2007-11-02 22:52 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe 2007-11-02 22:52 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll 2007-11-02 22:52 10,240 --a------ C:\WINDOWS\system32\vidx16.dll 2007-11-02 22:52 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll 2007-11-02 22:52 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll 2007-11-01 11:39 85,248 --a------ C:\WINDOWS\system32\eLock2FSCTLDriver.sys 2007-11-01 11:39 53,248 --a------ C:\WINDOWS\system32\cdinfo.exe 2007-11-01 11:39 16,384 --a------ C:\WINDOWS\system32\eLock2BurnerLockDriver.sys 2007-11-01 11:33 69,632 --a------ C:\WINDOWS\system32\drivers\int15.sys 2007-11-01 11:33 14,544 --a------ C:\WINDOWS\system32\drivers\TVicPort.sys 2007-11-01 11:33 8,704 --a------ C:\WINDOWS\system32\drivers\TVicPort64.sys 2007-11-01 11:33 8,704 --a------ C:\WINDOWS\system32\drivers\int15_64.sys 2007-11-01 11:33 6,144 --a------ C:\WINDOWS\system32\drivers\zntport64.sys 2007-11-01 11:33 6,080 --a------ C:\WINDOWS\system32\drivers\zntport.sys 2007-11-01 11:24 53,248 --a------ C:\WINDOWS\system32\acpimof.dll 2007-11-01 11:24 45,056 --a------ C:\WINDOWS\system32\Epm-Po.dll 2007-11-01 11:16 602,112 --a------ C:\WINDOWS\system32\Acer.Empowering.Windows.Forms.dll 2007-11-01 11:16 331,776 --a------ C:\WINDOWS\system32\ScrollBarLib.dll 2007-11-01 11:16 53,248 --a------ C:\WINDOWS\system32\Interop.Shell32.dll 2007-11-01 10:50 2007-10-30 14:05 2007-10-27 19:05 8,224 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT 2007-10-27 19:01 2007-10-27 19:01 322,384 --a------ C:\WINDOWS\system\MFC250.DLL 2007-10-27 19:01 146,976 --a------ C:\WINDOWS\system\MFCOLEUI.DLL 2007-10-27 19:01 125,856 --a------ C:\WINDOWS\system\MFCO250.DLL 2007-10-27 19:00 2007-10-27 19:00 2007-10-27 19:00 271,248 --a------ C:\WINDOWS\ISUN16.EXE 2007-10-27 19:00 26,768 --a------ C:\WINDOWS\system\CTL3D.DLL 2007-10-25 19:09 2007-10-25 19:08 2007-10-25 19:08 2007-10-25 19:07 10,368 --a------ C:\WINDOWS\system32\drivers\pfc.sys 2007-10-22 20:47 2007-10-21 12:02 2007-10-21 12:01 2007-10-21 10:56 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-10-18 18:12 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-07 18:39 --------- d-----w C:\Program Files\Common Files\Autodesk Shared 2007-11-07 18:39 --------- d-----w C:\Documents and Settings\Krzysztof Wójcik\Dane aplikacji\Autodesk 2007-11-05 08:29 --------- d—a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2007-11-02 23:20 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-11-02 23:10 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-10-25 17:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-10-25 16:24 815,480 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-10-25 16:14 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr 2007-10-22 20:16 --------- d-----w C:\Documents and Settings\Krzysztof Wójcik\Dane aplikacji\Image Zone Express 2007-10-15 06:56 --------- d-----w C:\Program Files\iPlus 2007-10-05 14:56 --------- d-----w C:\Program Files\Google 2007-09-28 20:17 --------- d-----w C:\Program Files\AutoCAD 2007 2007-09-28 20:11 --------- d-----w C:\Program Files\AnswerWorks 4.0 2007-09-28 19:55 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Autodesk 2007-09-28 19:53 --------- d-----w C:\Program Files\Your Uninstaller 2006 2007-09-15 19:35 --------- d-----w C:\Documents and Settings\Krzysztof Wójcik\Dane aplikacji\URSoft 2007-09-07 20:23 1,419,232 ----a-w C:\WINDOWS\system32\wdfcoinstaller01005.dll 2007-09-01 09:13 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{43BF8E0C-886D-4103-8DDB-2DFE0E8A0168}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “iPlusManager”=“C:\Program Files\iPlus\iPlusChecker.exe” [2007-08-29 10:10] “AGRSMMSG”=“AGRSMMSG.exe” [2005-09-09 10:20 C:\WINDOWS\AGRSMMSG.exe] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-10-25 17:20] “Acrobat Assistant 7.0”=“C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe” [2004-12-14 01:12] “Adobe Photo Downloader”=“C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe” [2005-06-06 22:46] “eDataSecurity Loader”=“C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe” [2006-03-17 15:00] “LaunchAp”=“C:\Program Files\Launch Manager\LaunchAp.exe” [2005-07-25 12:36] “LManager”=“C:\Program Files\Launch Manager\HotkeyApp.exe” [2006-02-21 08:46] “CtrlVol”=“C:\Program Files\Launch Manager\CtrlVol.exe” [2003-09-16 13:28] “LMgrOSD”=“C:\Program Files\Launch Manager\OSDCtrl.exe” [2005-07-25 09:45] “Wbutton”=“C:\Program Files\Launch Manager\Wbutton.exe” [2006-03-14 13:33] “SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2005-12-16 15:32] “RemoteControl”=“C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” [2004-11-02 19:24] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 10:50] “SSBkgdUpdate”=“C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” [2003-10-14 09:22] “PaperPort PTD”=“C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe” [2005-03-17 13:25] “IndexSearch”=“C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe” [2005-03-17 13:45] “SetDefPrt”=“C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe” [2005-01-26 17:02] “ControlCenter2.0”=“C:\Program Files\Brother\ControlCenter2\brctrcen.exe” [2005-05-17 16:42] “Sony Ericsson PC Suite”=“C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” [2007-05-28 09:14] “ePower_DMC”=“C:\Acer\Empowering Technology\ePower\ePower_DMC.exe” [2006-03-30 18:47] “Boot”=“C:\Acer\Empowering Technology\ePower\Boot.exe” [2006-03-15 22:12] “Acer ePresentation HPD”=“C:\Acer\Empowering Technology\ePresentation\ePresentation.exe” [2006-03-31 16:39] “eLockMonitor”=“C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe” [2006-04-21 22:21] “Windows Defender”=“C:\Program Files\Windows Defender\MSASCui.exe” [2006-11-03 19:20] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-07-20 19:58] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2006-03-02 13:00] “PowerBar”="" [] “NBJ”=“C:\Program Files\Ahead\Nero BackItUp\NBJ.exe” [2006-02-10 20:40] “SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” [2007-08-31 16:46] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2007-11-01 11:16:16] Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-08-16 11:18:16] BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-17 09:45:32] Przyspieszenie uruchomienia programu AutoCAD.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 14:43:54] Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2007-08-19 16:40:18] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] ALCMTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery] C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] “C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] C:\YDPDict\watch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] RTHDCPL.EXE R0 AFPAnsi;G-DATA Ukrywacz Ansi;C:\WINDOWS\system32\Drivers\AFPAnsi.sys R0 FO_PAnt;FotoOffice VirtualDisc Driver;C:\WINDOWS\system32\Drivers\FO_PAnt.sys R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys R2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;??\C:\WINDOWS\system32\eLock2BurnerLockDriver.sys R2 eLock2FSCTLDriver;eLock2FSCTLDriver;??\C:\WINDOWS\system32\eLock2FSCTLDriver.sys R2 int15;int15;??\C:\WINDOWS\system32\drivers\int15.sys R2 LockServ;LockServ;C:\Acer\Empowering Technology\eLock\LockServ.exe -p R2 tvicport;tvicport;??\C:\WINDOWS\system32\drivers\tvicport.sys R3 hwdatacard;Huawei DataCard USB Modem and USB Serial;C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys R3 psdfilter;psdfilter;??\C:\WINDOWS\system32\Drivers\psdfilter.sys R3 psdvdisk;psdvdisk;??\C:\WINDOWS\system32\Drivers\psdvdisk.sys S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys S2 Kmm4xNT;Kmm4xNT;C:\WINDOWS\system32\drivers\Kmm4xNT.sys S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys S3 s116bus;Sony Ericsson Device 116 driver (WDM);C:\WINDOWS\system32\DRIVERS\s116bus.sys S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s116mdfl.sys S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s116mdm.sys S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s116mgmt.sys S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS);C:\WINDOWS\system32\DRIVERS\s116nd5.sys S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s116obex.sys S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM);C:\WINDOWS\system32\DRIVERS\s116unic.sys . Contents of the ‘Scheduled Tasks’ folder “2007-11-10 12:45:30 C:\WINDOWS\Tasks\MP Scheduled Scan.job” - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-10 13:47:27 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … HKCU\Software\Microsoft\Windows\CurrentVersion\Run PowerBar = ?p?s???p??|??6~??6~H???AP?|p???3R?|p???%??4???U?|X???P???JU?|???,???S?|???,???X???p???|???,@?@???,@ scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-10 13:48:03 . — E O F —

SmitFraudFix v2.250 Scan done at 13:33:53,73, 2007-11-10 Run from D:\Internet\SmitfraudFix OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler’s .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] “{48a7a70a-e118-4506-a373-c9d4e8a212a1}”=“arturo” [HKEY_CLASSES_ROOT\CLSID{48a7a70a-e118-4506-a373-c9d4e8a212a1}\InProcServer32] @=“C:\WINDOWS\system32\eulbn.dll” [HKEY_LOCAL_MACHINE\Software\Classes\CLSID{48a7a70a-e118-4506-a373-c9d4e8a212a1}\InProcServer32] @=“C:\WINDOWS\system32\eulbn.dll” »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri’s WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri C:\WINDOWS\system32\eulbn.dll - Hoax.Win32.Renos.gen.o C:\WINDOWS\system32\eulbn.dll - Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» DNS »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] “System”="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler’s .dll »»»»»»»»»»»»»»»»»»»»»»»» End

Gutek · 10 Listopad 2007 23:45

Optymalizacja XP: http://forum.dobreprogramy.pl/viewtopic.php?t=76580 + optymalizacja Autostartu

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

Opis RegCleaner - http://www.agavk.p9.pl/strony/progra_regcleaner.php

Zobacz - Obsługa jv16 PowerTools