M4ro
(Maro29c)
31 Maj 2007 15:54
#1
mam problem z explorerem a mianowicie taki , że po uruchomienu komputera gdy klikam na ikonę mój komoputer to system sie zawiesza, a gdy sprawdzam procesy to explorer wykorzystuje 95-100% CPU.
poniżej daje loga z HJT :
Logfile of HijackThis v1.99.1 Scan saved at 17:36:30, on 2007-05-31 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Wapster\AQQ\AQQ.exe C:\Program Files\Opera\Opera.exe C:\totalcmd\TOTALCMD.EXE C:\WINDOWS\explorer.exe C:\Program Files\hijack this\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/ … .yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbSha1.dll O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll O2 - BHO: SmartShopper - {2BA1C226-EC1B-4471-A65F-D0688AC6EE3A} - C:\Program Files\SmartShopper\Bin\2.0.20\SmrtShpr.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\BitComet\tools\BitCometBHO.dll O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbSha1.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - (no file) O2 - BHO: XBTP02634 Class - {F97DA966-F09D-4cab-BF29-75A0026986EA} - (no file) O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGetDx\iebar.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file) O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbSha1.dll O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU…\Run: [AQQ] C:\PROGRA~1\Wapster\AQQ\AQQ.exe O8 - Extra context menu item: &Pobierz przez ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm O8 - Extra context menu item: Download all links using BitComet - res://F:\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://F:\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://F:\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Pobierz &wszystko przez ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\SmartShopper\Bin\2.0.20\SmrtShpr.dll O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\SmartShopper\Bin\2.0.20\SmrtShpr.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip…{5E32A6C6-FAD7-4C74-B38A-EB4A33076EBA}: NameServer = 85.255.115.68,85.255.112.118 O17 - HKLM\System\CCS\Services\Tcpip…{7B4FE310-15AF-498A-A9AB-4638E13AEC77}: NameServer = 85.255.115.68 85.255.112.118 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.68 85.255.112.118 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.68 85.255.112.118 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.68 85.255.112.118 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
prosze o radę
Gutek
(Gutek)
31 Maj 2007 17:08
#2
Nie ten dział, przenoszę do właściwego
Skan AVG Anti-Spyware 7.5 po update
Użyj FixWareOut - http://downloads.subratam.org/Fixwareout.exe
Daj log z Combofix
M4ro
(Maro29c)
1 Czerwiec 2007 14:04
#3
to prosze oto log z Combofix :
“Maroo” - 2007-06-01 15:50:30 Dodatek Service Pack 2 ComboFix 07-05.27.BV - Running from: “C:\My Downloads” (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) “C:\Program Files\MovieBox\Uninstall.exe” “C:\Program Files\MovieBox” “C:\WINDOWS\system32\kdath.exe” ((((((((((((((((((((((((((((((( Files Created from 2007-05-01 to 2007-06-01 )))))))))))))))))))))))))))))))))) 2007-06-01 15:49 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-05-31 17:36 2007-05-14 19:40 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-01 13:54:00 -------- d-----w C:\Program Files\ReGetDx 2007-05-31 18:05:53 -------- d-----w C:\Program Files\HLSW 2007-05-28 18:00:59 -------- d-----w C:\Program Files\FxFoto 2007-05-28 18:00:54 -------- d-----w C:\Program Files\VirtualDJ 2007-05-28 18:00:54 -------- d-----w C:\Program Files\TuneUp Utilities 2006 2007-05-28 18:00:52 -------- d-----w C:\DOCUME~1\Maroo\DANEAP~1\XnView 2007-05-28 17:52:52 -------- d-----w C:\Program Files\Tweak-XP Pro 4 2007-05-27 11:06:19 -------- d-----w C:\Program Files\Torrent Master 2007-05-26 12:30:14 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-05-22 16:50:49 -------- d-----w C:\DOCUME~1\Maroo\DANEAP~1\Hamachi 2007-05-13 08:01:37 -------- d-----w C:\Program Files\Game Optimizer Pro 2007-05-05 09:14:05 -------- d-----w C:\Program Files\foobar2000 2007-05-04 14:35:09 -------- d-----w C:\Program Files\Share_Accelerator_MM 2007-05-04 09:37:12 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll 2007-05-04 09:37:12 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll 2007-05-04 09:37:11 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll 2007-05-03 13:15:53 -------- d-----w C:\Program Files\Google 2007-05-02 11:49:20 26,056 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2007-05-01 09:49:28 -------- d-----w C:\DOCUME~1\Maroo\DANEAP~1\Skype 2007-04-29 17:23:09 -------- d-----w C:\Program Files\Opera 2007-04-28 15:59:32 -------- d-----w C:\Program Files\SmartShopper 2007-04-28 15:59:29 -------- d-----w C:\DOCUME~1\Maroo\DANEAP~1\SmartShopper 2007-04-26 18:12:20 -------- d-----w C:\Program Files\Hamachi 2007-04-23 17:15:58 42,720 ----a-w C:\WINDOWS\DIIUnin.dat 2007-04-19 17:29:31 2,829 ----a-w C:\WINDOWS\DIIUnin.pif 2007-04-19 17:29:31 106,496 ----a-w C:\WINDOWS\DIIUnin.exe 2007-04-19 15:48:43 -------- d-----w C:\Program Files\SlySoft 2007-04-17 16:15:05 502,368 ----a-w C:\WINDOWS\system32\drivers\amon.sys 2007-04-17 16:15:05 274,432 ----a-w C:\WINDOWS\system32\imon.dll 2007-04-15 16:22:28 -------- d-----w C:\Program Files\JetAudio 2007-04-15 16:22:27 -------- d-----w C:\Program Files\Common Files\COWON 2007-04-15 16:20:59 -------- d-----w C:\DOCUME~1\Maroo\DANEAP~1\COWON 2007-04-15 14:59:26 -------- d-----w C:\Program Files\Neat Image 2007-04-11 11:30:43 -------- d-----w C:\DOCUME~1\Maroo\DANEAP~1\Ahead 2007-04-11 11:06:26 -------- d-----w C:\Program Files\Liceum klasa 3 - Biologia 2007-04-11 07:13:01 -------- d-----w C:\Program Files\Stardock 2007-04-10 11:53:33 -------- d-----w C:\Program Files\Lavasoft 2007-04-07 16:09:32 -------- d-----w C:\Program Files\GameSpy Arcade 2007-04-03 14:36:24 -------- d-----w C:\Program Files\Common Files\DirectX 2007-04-01 14:15:05 -------- d-----w C:\Program Files\Skype 2007-04-01 14:15:05 -------- d-----w C:\Program Files\Common Files\Skype 2007-04-01 11:45:56 -------- d-----w C:\Program Files\NiemPol 2007-04-01 11:30:39 -------- d-----w C:\Program Files\Techland 2007-04-01 07:24:51 -------- d-----w C:\Program Files\Image-Line 2007-04-01 07:24:37 -------- d-----w C:\Program Files\VstPlugins 2007-03-25 06:46:01 50,748 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-03-25 06:46:01 358,702 ----a-w C:\WINDOWS\system32\perfh015.dat (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {16664845-0E00-11D2-8059-000000000000}=C:\Program Files\Common Files\ReGet Shared\Catcher.dll [2005-03-08 17:22] {2BA1C226-EC1B-4471-A65F-D0688AC6EE3A}=C:\Program Files\SmartShopper\Bin\2.0.20\SmrtShpr.dll [2006-12-31 13:42] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=F:\BitComet\tools\BitCometBHO.dll [2007-02-04 17:24] {4596013b-6c31-408b-a266-deae5c086dc2}=C:\Program Files\Share_Accelerator_MM\tbSha1.dll [2007-05-04 16:35] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}=C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2006-10-31 08:55] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2007-04-17 18:15] “!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2006-10-07 14:20] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2004-10-29 16:50] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “AQQ”=“C:\PROGRA~1\Wapster\AQQ\AQQ.exe” [2007-02-28 14:18] [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “PcSync”=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] “user32.dll”=C:\Program Files\Video ActiveX Object\isamntr.exe “rare”=C:\Program Files\Video ActiveX Object\pmsnrr.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoRecentDocsMenu”=1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{067B597C-C099-4A08-A180-E5FEC5DCF2DF}”=“C:\PROGRA~1\CFi\SHELLT~1\CFiShlEx.dll” [2004-07-19 16:07] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [2006-09-28 16:13] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “appinit_dlls”=wbsys.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Status Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Status Monitor.lnk backup=C:\WINDOWS\pss\Status Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^VIA RAID TOOL.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\VIA RAID TOOL.lnk backup=C:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Maroo^Menu Start^Programy^Autostart^Yahoo! Widget Engine.lnk] path=C:\Documents and Settings\Maroo\Menu Start\Programy\Autostart\Yahoo! Widget Engine.lnk backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare] “C:\Program Files\BearShare\BearShare.exe” /pause [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] “C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” /s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] “C:\Program Files\MSN Messenger\msnmsgr.exe” /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShellToys XP Utility Manager] “C:\Program Files\CFi\ShellToys\CFiShlMan.exe” -start [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] “C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” -Embedding -boot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler] “C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Twoje TVN24] “C:\Program Files\Pasek TVN24\pasekTVN24.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Usnsvc usnsvc HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* *Newly Created Service* - AVGASCLN Contents of the ‘Scheduled Tasks’ folder 2007-05-18 15:17:31 C:\WINDOWS\tasks\1-Click Maintenance.job ******************************************************************** catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-01 15:55:54 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-06-01 15:58:16 - machine was rebooted C:\ComboFix-quarantined-files.txt … 2007-06-01 15:58 — E O F —
Złączono Posta : 01.06.2007 (Pią) 16:04
to prosze oto log z Combofix :
“Maroo” - 2007-06-01 15:50:30 Dodatek Service Pack 2 ComboFix 07-05.27.BV - Running from: “C:\My Downloads” (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) “C:\Program Files\MovieBox\Uninstall.exe” “C:\Program Files\MovieBox” “C:\WINDOWS\system32\kdath.exe” ((((((((((((((((((((((((((((((( Files Created from 2007-05-01 to 2007-06-01 )))))))))))))))))))))))))))))))))) 2007-06-01 15:49 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-05-31 17:36 2007-05-14 19:40 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-01 13:54:00 -------- d-----w C:\Program Files\ReGetDx 2007-05-31 18:05:53 -------- d-----w C:\Program Files\HLSW 2007-05-28 18:00:59 -------- d-----w C:\Program Files\FxFoto 2007-05-28 18:00:54 -------- d-----w C:\Program Files\VirtualDJ 2007-05-28 18:00:54 -------- d-----w C:\Program Files\TuneUp Utilities 2006 2007-05-28 18:00:52 -------- d-----w C:\DOCUME~1\Maroo\DANEAP~1\XnView 2007-05-28 17:52:52 -------- d-----w C:\Program Files\Tweak-XP Pro 4 2007-05-27 11:06:19 -------- d-----w C:\Program Files\Torrent Master 2007-05-26 12:30:14 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-05-22 16:50:49 -------- d-----w C:\DOCUME~1\Maroo\DANEAP~1\Hamachi 2007-05-13 08:01:37 -------- d-----w C:\Program Files\Game Optimizer Pro 2007-05-05 09:14:05 -------- d-----w C:\Program Files\foobar2000 2007-05-04 14:35:09 -------- d-----w C:\Program Files\Share_Accelerator_MM 2007-05-04 09:37:12 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll 2007-05-04 09:37:12 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll 2007-05-04 09:37:11 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll 2007-05-03 13:15:53 -------- d-----w C:\Program Files\Google 2007-05-02 11:49:20 26,056 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2007-05-01 09:49:28 -------- d-----w C:\DOCUME~1\Maroo\DANEAP~1\Skype 2007-04-29 17:23:09 -------- d-----w C:\Program Files\Opera 2007-04-28 15:59:32 -------- d-----w C:\Program Files\SmartShopper 2007-04-28 15:59:29 -------- d-----w C:\DOCUME~1\Maroo\DANEAP~1\SmartShopper 2007-04-26 18:12:20 -------- d-----w C:\Program Files\Hamachi 2007-04-23 17:15:58 42,720 ----a-w C:\WINDOWS\DIIUnin.dat 2007-04-19 17:29:31 2,829 ----a-w C:\WINDOWS\DIIUnin.pif 2007-04-19 17:29:31 106,496 ----a-w C:\WINDOWS\DIIUnin.exe 2007-04-19 15:48:43 -------- d-----w C:\Program Files\SlySoft 2007-04-17 16:15:05 502,368 ----a-w C:\WINDOWS\system32\drivers\amon.sys 2007-04-17 16:15:05 274,432 ----a-w C:\WINDOWS\system32\imon.dll 2007-04-15 16:22:28 -------- d-----w C:\Program Files\JetAudio 2007-04-15 16:22:27 -------- d-----w C:\Program Files\Common Files\COWON 2007-04-15 16:20:59 -------- d-----w C:\DOCUME~1\Maroo\DANEAP~1\COWON 2007-04-15 14:59:26 -------- d-----w C:\Program Files\Neat Image 2007-04-11 11:30:43 -------- d-----w C:\DOCUME~1\Maroo\DANEAP~1\Ahead 2007-04-11 11:06:26 -------- d-----w C:\Program Files\Liceum klasa 3 - Biologia 2007-04-11 07:13:01 -------- d-----w C:\Program Files\Stardock 2007-04-10 11:53:33 -------- d-----w C:\Program Files\Lavasoft 2007-04-07 16:09:32 -------- d-----w C:\Program Files\GameSpy Arcade 2007-04-03 14:36:24 -------- d-----w C:\Program Files\Common Files\DirectX 2007-04-01 14:15:05 -------- d-----w C:\Program Files\Skype 2007-04-01 14:15:05 -------- d-----w C:\Program Files\Common Files\Skype 2007-04-01 11:45:56 -------- d-----w C:\Program Files\NiemPol 2007-04-01 11:30:39 -------- d-----w C:\Program Files\Techland 2007-04-01 07:24:51 -------- d-----w C:\Program Files\Image-Line 2007-04-01 07:24:37 -------- d-----w C:\Program Files\VstPlugins 2007-03-25 06:46:01 50,748 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-03-25 06:46:01 358,702 ----a-w C:\WINDOWS\system32\perfh015.dat (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {16664845-0E00-11D2-8059-000000000000}=C:\Program Files\Common Files\ReGet Shared\Catcher.dll [2005-03-08 17:22] {2BA1C226-EC1B-4471-A65F-D0688AC6EE3A}=C:\Program Files\SmartShopper\Bin\2.0.20\SmrtShpr.dll [2006-12-31 13:42] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=F:\BitComet\tools\BitCometBHO.dll [2007-02-04 17:24] {4596013b-6c31-408b-a266-deae5c086dc2}=C:\Program Files\Share_Accelerator_MM\tbSha1.dll [2007-05-04 16:35] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}=C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2006-10-31 08:55] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2007-04-17 18:15] “!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2006-10-07 14:20] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2004-10-29 16:50] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “AQQ”=“C:\PROGRA~1\Wapster\AQQ\AQQ.exe” [2007-02-28 14:18] [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “PcSync”=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] “user32.dll”=C:\Program Files\Video ActiveX Object\isamntr.exe “rare”=C:\Program Files\Video ActiveX Object\pmsnrr.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoRecentDocsMenu”=1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{067B597C-C099-4A08-A180-E5FEC5DCF2DF}”=“C:\PROGRA~1\CFi\SHELLT~1\CFiShlEx.dll” [2004-07-19 16:07] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [2006-09-28 16:13] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “appinit_dlls”=wbsys.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Status Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Status Monitor.lnk backup=C:\WINDOWS\pss\Status Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^VIA RAID TOOL.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\VIA RAID TOOL.lnk backup=C:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Maroo^Menu Start^Programy^Autostart^Yahoo! Widget Engine.lnk] path=C:\Documents and Settings\Maroo\Menu Start\Programy\Autostart\Yahoo! Widget Engine.lnk backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare] “C:\Program Files\BearShare\BearShare.exe” /pause [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] “C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” /s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] “C:\Program Files\MSN Messenger\msnmsgr.exe” /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShellToys XP Utility Manager] “C:\Program Files\CFi\ShellToys\CFiShlMan.exe” -start [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] “C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” -Embedding -boot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler] “C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Twoje TVN24] “C:\Program Files\Pasek TVN24\pasekTVN24.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Usnsvc usnsvc HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* *Newly Created Service* - AVGASCLN Contents of the ‘Scheduled Tasks’ folder 2007-05-18 15:17:31 C:\WINDOWS\tasks\1-Click Maintenance.job ******************************************************************** catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-01 15:55:54 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-06-01 15:58:16 - machine was rebooted C:\ComboFix-quarantined-files.txt … 2007-06-01 15:58 — E O F —
Złączono Posta : 01.06.2007 (Pią) 16:14
i jeszcze raport z fixwareout :
Fixwareout Last edited 5/15/2007 Post this report in the forums please … »»»»»Prerun check »»»»» »»»»» Postrun check HKLM\SOFTWARE~\Winlogon\ “system”="" … … »»»»» Misc files. … »»»»» Checking for older varients. … Search five digit cs, dm, kd, jb, other, files. The following files NEED TO BE SUBMITTED to one of the following URL’S for further inspection. Click browse, find the file then click submit. http://www.virustotal.com/flash/index_en.html Or http://virusscan.jotti.org/ »»»»» Other »»»»» Current runs [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] “nod32kui”="“C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE" “!AVG Anti-Spyware”="“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized" “NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “AQQ”=“C:\PROGRA~1\Wapster\AQQ\AQQ.exe” … Hosts file was reset, If you use a custom hosts file please replace it »»»»» End report »»»»»
Gutek
(Gutek)
1 Czerwiec 2007 14:50
#4
Użyj SmitFraudFix wybierz opcji nr 2 , oczywiście w trybie awaryjnym i po tym nowy log z COMBO
M4ro
(Maro29c)
2 Czerwiec 2007 15:47
#5
zrobiłem jak kazałeś i oto nowy log z COMBO :
“Maroo” - 2007-06-02 17:30:14 Dodatek Service Pack 2 ComboFix 07-05.27.BV - Running from: “c:\My Downloads” ((((((((((((((((((((((((((((((( Files Created from 2007-05-02 to 2007-06-02 )))))))))))))))))))))))))))))))))) 2007-06-02 17:24 1,526 --a------ C:\WINDOWS\system32\tmp.reg 2007-06-02 17:18 2007-06-01 16:05 8,484 --a------ C:\dnsbak.reg 2007-06-01 15:58 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-01 15:49 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-05-31 17:36 2007-05-14 19:40 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-02 15:18:57 -------- d-----w C:\Program Files\ReGetDx 2007-06-02 15:12:48 -------- d-----w C:\Program Files\HLSW 2007-06-01 14:40:00 -------- d-----w C:\Program Files\Tweak-XP Pro 4 2007-05-28 18:00:59 -------- d-----w C:\Program Files\FxFoto 2007-05-28 18:00:54 -------- d-----w C:\Program Files\VirtualDJ 2007-05-28 18:00:54 -------- d-----w C:\Program Files\TuneUp Utilities 2006 2007-05-28 18:00:52 -------- d-----w C:\DOCUME~1\Maroo\DANEAP~1\XnView 2007-05-27 11:06:19 -------- d-----w C:\Program Files\Torrent Master 2007-05-26 12:30:14 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-05-22 16:50:49 -------- d-----w C:\DOCUME~1\Maroo\DANEAP~1\Hamachi 2007-05-13 08:01:37 -------- d-----w C:\Program Files\Game Optimizer Pro 2007-05-05 09:14:05 -------- d-----w C:\Program Files\foobar2000 2007-05-04 14:35:09 -------- d-----w C:\Program Files\Share_Accelerator_MM 2007-05-04 09:37:12 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll 2007-05-04 09:37:12 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll 2007-05-04 09:37:11 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll 2007-05-03 13:15:53 -------- d-----w C:\Program Files\Google 2007-05-02 11:49:20 26,056 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2007-05-01 09:49:28 -------- d-----w C:\DOCUME~1\Maroo\DANEAP~1\Skype 2007-04-29 17:23:09 -------- d-----w C:\Program Files\Opera 2007-04-28 15:59:32 -------- d-----w C:\Program Files\SmartShopper 2007-04-28 15:59:29 -------- d-----w C:\DOCUME~1\Maroo\DANEAP~1\SmartShopper 2007-04-26 18:12:20 -------- d-----w C:\Program Files\Hamachi 2007-04-23 17:15:58 42,720 ----a-w C:\WINDOWS\DIIUnin.dat 2007-04-19 17:29:31 2,829 ----a-w C:\WINDOWS\DIIUnin.pif 2007-04-19 17:29:31 106,496 ----a-w C:\WINDOWS\DIIUnin.exe 2007-04-19 15:48:43 -------- d-----w C:\Program Files\SlySoft 2007-04-17 16:15:05 502,368 ----a-w C:\WINDOWS\system32\drivers\amon.sys 2007-04-17 16:15:05 274,432 ----a-w C:\WINDOWS\system32\imon.dll 2007-04-15 16:22:28 -------- d-----w C:\Program Files\JetAudio 2007-04-15 16:22:27 -------- d-----w C:\Program Files\Common Files\COWON 2007-04-15 16:20:59 -------- d-----w C:\DOCUME~1\Maroo\DANEAP~1\COWON 2007-04-15 14:59:26 -------- d-----w C:\Program Files\Neat Image 2007-04-11 11:30:43 -------- d-----w C:\DOCUME~1\Maroo\DANEAP~1\Ahead 2007-04-11 11:06:26 -------- d-----w C:\Program Files\Liceum klasa 3 - Biologia 2007-04-11 07:13:01 -------- d-----w C:\Program Files\Stardock 2007-04-10 11:53:33 -------- d-----w C:\Program Files\Lavasoft 2007-04-07 16:09:32 -------- d-----w C:\Program Files\GameSpy Arcade 2007-04-03 14:36:24 -------- d-----w C:\Program Files\Common Files\DirectX 2007-03-25 06:46:01 50,748 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-03-25 06:46:01 358,702 ----a-w C:\WINDOWS\system32\perfh015.dat (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {16664845-0E00-11D2-8059-000000000000}=C:\Program Files\Common Files\ReGet Shared\Catcher.dll [2005-03-08 17:22] {2BA1C226-EC1B-4471-A65F-D0688AC6EE3A}=C:\Program Files\SmartShopper\Bin\2.0.20\SmrtShpr.dll [2006-12-31 13:42] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=F:\BitComet\tools\BitCometBHO.dll [2007-02-04 17:24] {4596013b-6c31-408b-a266-deae5c086dc2}=C:\Program Files\Share_Accelerator_MM\tbSha1.dll [2007-05-04 16:35] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}=C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2006-10-31 08:55] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2007-04-17 18:15] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “AQQ”=“C:\PROGRA~1\Wapster\AQQ\AQQ.exe” [2007-02-28 14:18] [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “PcSync”=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoRecentDocsMenu”=1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{067B597C-C099-4A08-A180-E5FEC5DCF2DF}”=“C:\PROGRA~1\CFi\SHELLT~1\CFiShlEx.dll” [2004-07-19 16:07] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [2006-09-28 16:13] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “appinit_dlls”=wbsys.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Status Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Status Monitor.lnk backup=C:\WINDOWS\pss\Status Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^VIA RAID TOOL.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\VIA RAID TOOL.lnk backup=C:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Maroo^Menu Start^Programy^Autostart^Yahoo! Widget Engine.lnk] path=C:\Documents and Settings\Maroo\Menu Start\Programy\Autostart\Yahoo! Widget Engine.lnk backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare] “C:\Program Files\BearShare\BearShare.exe” /pause [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] “C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” /s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] “C:\Program Files\MSN Messenger\msnmsgr.exe” /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShellToys XP Utility Manager] “C:\Program Files\CFi\ShellToys\CFiShlMan.exe” -start [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] “C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” -Embedding -boot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler] “C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Twoje TVN24] “C:\Program Files\Pasek TVN24\pasekTVN24.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Usnsvc usnsvc HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* Contents of the ‘Scheduled Tasks’ folder 2007-06-01 15:17:01 C:\WINDOWS\tasks\1-Click Maintenance.job ******************************************************************** catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-02 17:32:11 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-06-02 17:33:09 C:\ComboFix-quarantined-files.txt … 2007-06-02 17:32 C:\ComboFix2.txt … 2007-06-01 15:58 — E O F —
Gutek
(Gutek)
2 Czerwiec 2007 15:53
#6
Już Ok
Otwórz Notatnik i wklej w nim to:
Plik >>> Zapisz jako >>> Ustaw rozszerzenie z TXT na Wszystkie pliki >>> zapisz pod nazwą FIX.REG >>> kliknij podwójnie zrobiony plik i potwierdź >>> reset kompa
Czyszczenie rejestru:
RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177
możesz rejestr przelecieć albo
jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509
M4ro
(Maro29c)
2 Czerwiec 2007 17:03
#7
no zrobiłem jak mówiłeś , wprowadziłem do rejestru ten klucz i wyczysciłem rejestr RegCleanarem i jv 16 Power Tools, ale nadal nie działa nadal sie wiesza.
Gutek
(Gutek)
2 Czerwiec 2007 17:06
#8