merida84
(Paris Hilton)
5 Styczeń 2008 00:55
#1
Witam!
Zwracam się z prośbą o wskazanie w LOGU które pliki należy usunąć. Problem dotyczy pliku zagnieżdżonego w system32 a mianowicie idys.exe, wyskakuje również komunikat o błędzie msmsgs.exe. Na forum znalazłam już podobne przypadki jednakże sama nie potrafię określić co jest do usunięcia dlatego proszę o pomoc. Poniżej Log z HiJacka:
Logfile of HijackThis v1.99.1 Scan saved at 01:48:03, on 2008-01-05 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Mozilla Firefox\firefox.exe D:\Antywirusy\hijack\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def … earch.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def … .yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def … .yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def … earch.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def … .yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def … .yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM…\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM…\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM…\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM…\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [avgnt] “C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” /min O4 - HKLM…\Run: [Device Detector] DevDetect.exe -autorun O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM…\Run: [DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [kav] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe” O4 - HKLM…\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray O4 - HKLM…\Run: [idys] C:\WINDOWS\system32\idys.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: QuickTV.lnk = C:\Program Files\AVerTV\QuickTV.exe O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing) O9 - Extra ‘Tools’ menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1D6} (Instalator oprogramowania Onet.pl) - http://slimak.onet.pl/_m/kamerzysta/One … or012s.ocx O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: Print Spooler Service (eaimoeyy) - Unknown owner - C:\WINDOWS\system32\idys.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
Dziękuję za pomoc, pozdrawiam, monika
Gutek
(Gutek)
5 Styczeń 2008 13:06
#2
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O23 - Service: Print Spooler Service (eaimoeyy) - Unknown owner - C:\WINDOWS\system32\idys.exe (file missing)
usuń wpisy HJT, chociaż stara wersja HJT
Start >>> Uruchom >>> services.msc >>> zatrzymaj i wyłącz Print Spooler Service
Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350
Gutek
(Gutek)
5 Styczeń 2008 14:58
#4
Zaomniałem jeszcze - Daj log z ComboFix
merida84
(Paris Hilton)
6 Styczeń 2008 20:16
#5
Witam!
dziękuję za odpowieź. POstąpiłam wg instrukcji. poniżej log z ComboFix:
ComboFix 08-01-04.1 - Monika 2008-01-06 21:12:06.1 - NTFSx86 NETWORK Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.329 [GMT 1:00] Running from: D:\Antywirusy\ComboFix\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))) . 2008-01-05 01:39 . 2008-01-05 01:39 2008-01-05 01:28 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-05 00:57 . 2008-01-05 01:31 2008-01-05 00:57 . 2006-11-11 00:02 2008-01-05 00:57 . 2006-11-11 00:09 2008-01-05 00:57 . 2006-11-11 00:02 2008-01-05 00:57 . 2006-11-11 00:02 2008-01-05 00:57 . 2006-11-11 00:02 2008-01-05 00:57 . 2006-11-11 00:02 2007-12-29 22:16 . 2007-12-29 22:16 268 --ah----- C:\sqmdata00.sqm 2007-12-29 22:16 . 2007-12-29 22:16 244 --ah----- C:\sqmnoopt00.sqm 2007-12-29 22:16 . 2007-12-29 22:16 172 --ah----- C:\sqmnoopt01.sqm 2007-12-29 22:16 . 2007-12-29 22:16 172 --ah----- C:\sqmdata01.sqm 2007-12-29 21:11 . 2006-05-04 19:02 380,928 --a------ C:\WINDOWS\system32\drivers\rt61.sys 2007-12-29 21:11 . 2006-05-15 16:25 295,028 --a------ C:\WINDOWS\system32\Install6x.dll 2007-12-29 21:11 . 2007-12-29 21:11 21,275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2007-12-29 21:11 . 2006-04-06 13:15 8,192 --a------ C:\WINDOWS\system32\drivers\RT2661.bin 2007-12-29 21:11 . 2006-04-06 13:15 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561s.bin 2007-12-29 21:11 . 2006-04-06 13:15 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561.bin 2007-12-29 21:11 . 2006-03-10 15:33 78 --a------ C:\WINDOWS\filespec6x 2007-12-29 21:10 . 2007-12-29 21:10 2007-12-17 22:41 . 2007-12-17 22:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-17 22:41 . 2007-12-17 22:41 1,409 --a------ C:\WINDOWS\QTFont.for . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-06 19:58 52,952 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-01-06 19:58 519,968 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-01-06 19:58 171,704 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-01-06 19:58 12,350,496 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-01-06 19:51 --------- d-----w C:\Documents and Settings\Monika\Dane aplikacji\Skype 2007-12-29 20:10 --------- d–h--w C:\Program Files\InstallShield Installation Information . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44 15360] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 17:24 1694208] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2006-07-21 13:06 20036648] “PcSync”=“C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2005-11-30 15:56 1306624] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “IgfxTray”=“C:\WINDOWS\system32\igfxtray.exe” [2004-06-06 04:45 155648] “HotKeysCmds”=“C:\WINDOWS\system32\hkcmd.exe” [2004-06-06 04:41 118784] “High Definition Audio Property Page Shortcut”=“HDAudPropShortcut.exe” [2004-03-17 15:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2005-10-20 19:32 33792] “RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2003-10-31 19:42 32768] “LVCOMSX”=“C:\WINDOWS\system32\LVCOMSX.EXE” [2004-12-14 18:19 221184] “LogitechVideoRepair”=“C:\Program Files\Logitech\Video\ISStart.exe” [2004-12-14 18:57 458752] “LogitechVideoTray”=“C:\Program Files\Logitech\Video\LogiTray.exe” [2004-12-14 18:51 217088] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50 155648] “avgnt”=“C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” [2007-11-19 23:20 249896] “Device Detector”=“DevDetect.exe” [] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe” [2005-08-26 18:14 36975] “DAEMON Tools-1033”=“C:\Program Files\D-Tools\daemon.exe” [2004-08-22 17:05 81920] “kav”=“C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe” [2006-03-24 18:09 139367] “PRONoMgrWired”=“C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe” [2004-03-02 10:49 86016] “PCSuiteTrayApplication”=“C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe” [2005-12-13 07:49 217088] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-04 00:44 15360] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56] QuickTV.lnk - C:\Program Files\AVerTV\QuickTV.exe [2005-02-16 11:34:32] Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2007-12-29 21:11:44] S2 GDTdiInterceptor;GDTdiInterceptor;C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [2006-12-11 23:39] S3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;C:\WINDOWS\system32\DRIVERS\wg11tnd5.sys [] S3 ATHFMWDL;NETGEAR WG111T bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys [] S3 Cap7134;AVerMedia, AVerTV WDM Video Capture (Silicon);C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2006-11-13 19:14] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 11:10] S3 PhTVTune;Cap7134 TVTuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2006-11-13 19:14] S4 eaimoeyy;Print Spooler Service;C:\WINDOWS\system32\idys.exe [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\Setup.exe -auto . Contents of the ‘Scheduled Tasks’ folder “2007-06-21 15:31:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job” - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-06 21:13:50 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-06 21:14:23 ComboFix-quarantined-files.txt 2008-01-06 20:14:09 ComboFix2.txt 2008-01-05 00:31:24
merida84
(Paris Hilton)
6 Styczeń 2008 21:42
#7
Dziękuję. Wykonałam polecenia. Czy powinno już dobrze działać?
ComboFix 08-01-04.1 - Monika 2008-01-06 22:39:44.2 - NTFSx86 NETWORK Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.277 [GMT 1:00] Running from: D:\Antywirusy\ComboFix\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))) . 2008-01-05 01:39 . 2008-01-05 01:39 2008-01-05 01:28 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-05 00:57 . 2008-01-05 01:31 2008-01-05 00:57 . 2006-11-11 00:02 2008-01-05 00:57 . 2006-11-11 00:09 2008-01-05 00:57 . 2006-11-11 00:02 2008-01-05 00:57 . 2006-11-11 00:02 2008-01-05 00:57 . 2006-11-11 00:02 2008-01-05 00:57 . 2006-11-11 00:02 2007-12-29 22:16 . 2007-12-29 22:16 268 --ah----- C:\sqmdata00.sqm 2007-12-29 22:16 . 2007-12-29 22:16 244 --ah----- C:\sqmnoopt00.sqm 2007-12-29 22:16 . 2007-12-29 22:16 172 --ah----- C:\sqmnoopt01.sqm 2007-12-29 22:16 . 2007-12-29 22:16 172 --ah----- C:\sqmdata01.sqm 2007-12-29 21:11 . 2006-05-04 19:02 380,928 --a------ C:\WINDOWS\system32\drivers\rt61.sys 2007-12-29 21:11 . 2006-05-15 16:25 295,028 --a------ C:\WINDOWS\system32\Install6x.dll 2007-12-29 21:11 . 2007-12-29 21:11 21,275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2007-12-29 21:11 . 2006-04-06 13:15 8,192 --a------ C:\WINDOWS\system32\drivers\RT2661.bin 2007-12-29 21:11 . 2006-04-06 13:15 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561s.bin 2007-12-29 21:11 . 2006-04-06 13:15 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561.bin 2007-12-29 21:11 . 2006-03-10 15:33 78 --a------ C:\WINDOWS\filespec6x 2007-12-29 21:10 . 2007-12-29 21:10 2007-12-17 22:41 . 2007-12-17 22:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-17 22:41 . 2007-12-17 22:41 1,409 --a------ C:\WINDOWS\QTFont.for . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-06 19:58 52,952 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-01-06 19:58 519,968 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-01-06 19:58 171,704 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-01-06 19:58 12,350,496 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-01-06 19:51 --------- d-----w C:\Documents and Settings\Monika\Dane aplikacji\Skype 2007-12-29 20:10 --------- d–h--w C:\Program Files\InstallShield Installation Information . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44 15360] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 17:24 1694208] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2006-07-21 13:06 20036648] “PcSync”=“C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2005-11-30 15:56 1306624] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “IgfxTray”=“C:\WINDOWS\system32\igfxtray.exe” [2004-06-06 04:45 155648] “HotKeysCmds”=“C:\WINDOWS\system32\hkcmd.exe” [2004-06-06 04:41 118784] “High Definition Audio Property Page Shortcut”=“HDAudPropShortcut.exe” [2004-03-17 15:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2005-10-20 19:32 33792] “RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2003-10-31 19:42 32768] “LVCOMSX”=“C:\WINDOWS\system32\LVCOMSX.EXE” [2004-12-14 18:19 221184] “LogitechVideoRepair”=“C:\Program Files\Logitech\Video\ISStart.exe” [2004-12-14 18:57 458752] “LogitechVideoTray”=“C:\Program Files\Logitech\Video\LogiTray.exe” [2004-12-14 18:51 217088] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50 155648] “avgnt”=“C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” [2007-11-19 23:20 249896] “Device Detector”=“DevDetect.exe” [] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe” [2005-08-26 18:14 36975] “DAEMON Tools-1033”=“C:\Program Files\D-Tools\daemon.exe” [2004-08-22 17:05 81920] “kav”=“C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe” [2006-03-24 18:09 139367] “PRONoMgrWired”=“C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe” [2004-03-02 10:49 86016] “PCSuiteTrayApplication”=“C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe” [2005-12-13 07:49 217088] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-04 00:44 15360] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56] QuickTV.lnk - C:\Program Files\AVerTV\QuickTV.exe [2005-02-16 11:34:32] Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2007-12-29 21:11:44] S2 GDTdiInterceptor;GDTdiInterceptor;C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [2006-12-11 23:39] S3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;C:\WINDOWS\system32\DRIVERS\wg11tnd5.sys [] S3 ATHFMWDL;NETGEAR WG111T bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys [] S3 Cap7134;AVerMedia, AVerTV WDM Video Capture (Silicon);C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2006-11-13 19:14] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 11:10] S3 PhTVTune;Cap7134 TVTuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2006-11-13 19:14] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\Setup.exe -auto . Contents of the ‘Scheduled Tasks’ folder “2007-06-21 15:31:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job” - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-06 22:40:35 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2180] -> C:\Program Files\Gadu-Gadu\ggwhook.dll . Completion time: 2008-01-06 22:41:10 ComboFix-quarantined-files.txt 2008-01-06 21:40:56 ComboFix2.txt 2008-01-06 20:14:24 ComboFix3.txt 2008-01-05 00:31:24
Leon1
(Leon$)
6 Styczeń 2008 22:25
#8
wpis
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
usuń HijackThisem >> Fix checked
Powinno być już dobrze
merida84
(Paris Hilton)
6 Styczeń 2008 22:40
#9
ok, dziękuję zatem za pomoc pozdrawiam serdecznie