Prośba o ocenę sytuacji

system · 29 Lipiec 2008 17:22

Witam specjalistów w/w tematu.

Mam w autostarcie (m.inn) wpis z jakimś nieznanego pochodzenia programem “ATKOSD2.exe” . Nie potrafiono mi odpowiedzieć , co to, do czego służy i po co tam jest - ale doradzono umieszczenie tutaj wpisów z Hijack-a.

Jestem całkiem “świeżym” użytkownikiem Visty - proszę więc też o ogółną ocenę tego wpisu.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:27:03, on 2008-07-29

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\ASUS\SmartLogon\sensorsrv.exe

C:\Windows\Explorer.EXE

C:\Program Files\ASUS\ASUS Live Update\ALU.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\rundll32.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\ATKOSD2\ATKOSD2.exe

C:\Program Files\ASUS\ATK Media\DMedia.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\ASScrPro.exe

C:\Program Files\G DATA AntiVirus\AVKTray\AVKTray.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe

C:\Program Files\DS Clock\dsclock.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Opera\opera.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA AntiVirus\Webfilter\AvkWebIE.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\PROGRAMY\jccatch.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\PROGRAMY\getflash.dll

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA AntiVirus\Webfilter\AvkWebIE.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM…\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM…\Run: [skytel] Skytel.exe

O4 - HKLM…\Run: [ATKOSD2] “C:\Program Files\ATKOSD2\ATKOSD2.exe”

O4 - HKLM…\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM…\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe

O4 - HKLM…\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe

O4 - HKLM…\Run: [AVKTray] “C:\Program Files\G DATA AntiVirus\AVKTray\AVKTray.exe”

O4 - HKLM…\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM…\Run: [diagnostics] “C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe” /icon -l:pl

O4 - HKCU…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU…\Run: [DS Clock] “C:\Program Files\DS Clock\DSClock.exe”

O4 - HKCU…\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe

O4 - HKCU…\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKUS\S-1-5-19…\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-21-1076552390-1637884023-1310680683-1001…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘Dagmara’)

O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet’a - D:\PROGRAMY\jc_link.htm

O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet’a - D:\PROGRAMY\jc_all.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRAMY\FlashGet.exe

O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRAMY\FlashGet.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra ‘Tools’ menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O13 - Gopher Prefix:

O17 - HKLM\System\CCS\Services\Tcpip…{E6FB4C81-2A60-4BAF-9017-0FCCC5FCD56D}: NameServer = 194.204.159.1 217.98.63.164

O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe

O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe

O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe

O23 - Service: G DATA Scheduler (AVKService) - G DATA Software AG - C:\Program Files\G DATA AntiVirus\AVK\AVKService.exe

O23 - Service: Strażnik AntiVirus (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA AntiVirus\AVK\AVKWCtl.exe

O23 - Service: DS Clock Synchronization Service http://www.dualitysoft.com (DSClockSyncTime) - Duality Software - C:\Program Files\DS Clock\dsetime.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson/ST330/service/st330service.exe

–

End of file - 8041 bytes

huber2t · 29 Lipiec 2008 17:26

fix w hijackthis

Podaj log z Combofix

system · 29 Lipiec 2008 19:04

Trochę to trwało , a efekt jest taki:

ComboFix 08-07-28.6 - Jack 2008-07-29 20:29:24.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1045.18.1215 [GMT 2:00]

Running from: D:\Ściągnięte z sieci\ComboFix.exe

.

((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-29 )))))))))))))))))))))))))))))))

.

2008-07-29 18:26 . 2008-07-29 18:26

2008-07-29 13:02 . 2008-07-29 13:02

2008-07-28 23:58 . 2008-07-28 23:58

2008-07-28 23:55 . 2008-07-28 23:55 28,029 --a------ C:\Users\Dagmara\AppData\Roaming\nvModes.dat

2008-07-28 21:37 . 2008-07-28 21:37

2008-07-28 20:31 . 2008-07-28 20:31

2008-07-28 20:30 . 2008-07-28 20:30

2008-07-28 20:28 . 2008-07-28 20:31

2008-07-28 20:28 . 2006-11-02 14:37

2008-07-28 20:28 . 2008-07-28 20:31

2008-07-28 18:14 . 2008-07-28 18:44

2008-07-28 18:11 . 2008-07-28 18:11

2008-07-28 18:10 . 2008-07-28 18:10

2008-07-28 17:18 . 2008-07-28 17:19

2008-07-28 17:18 . 2008-07-28 17:18

2008-07-28 16:56 . 2008-07-28 16:56

2008-07-28 00:48 . 2008-07-28 00:48

2008-07-27 23:28 . 2008-07-27 23:43 24 --a------ C:\Windows\ATKPF.ini

2008-07-27 14:51 . 2008-07-28 18:30

2008-07-27 14:51 . 2008-07-27 14:51 46,536 --a------ C:\Windows\System32\drivers\MiniIcpt.sys

2008-07-27 14:51 . 2008-07-27 14:51 41,928 --a------ C:\Windows\System32\drivers\GDTdiIcpt.sys

2008-07-27 14:51 . 2008-04-15 03:22 39,880 --a------ C:\Windows\System32\drivers\gdwfpcd32.sys

2008-07-27 14:51 . 2008-07-27 14:51 32,200 --a------ C:\Windows\System32\drivers\HookCentre.sys

2008-07-27 14:50 . 2008-07-27 14:51

2008-07-27 11:45 . 2008-07-27 11:45

2008-07-27 11:44 . 2008-07-27 11:44

2008-07-27 11:43 . 2008-07-27 11:43

2008-07-26 21:57 . 2008-07-26 21:57

2008-07-26 11:08 . 2008-07-26 11:08

2008-07-26 09:45 . 2008-07-26 11:27

2008-07-26 09:45 . 2008-07-26 09:45

2008-07-26 09:00 . 2008-07-26 09:00

2008-07-26 09:00 . 2008-07-26 09:00 23 --a------ C:\Windows\System32\abff4_z.ocx

2008-07-26 00:13 . 2008-07-26 00:13

2008-07-25 22:18 . 2008-03-03 15:06 279,440 --a------ C:\Windows\System32\drivers~GLH0014.TMP

2008-07-25 22:17 . 2008-07-27 22:54

2008-07-25 21:58 . 2008-07-25 21:58

2008-07-25 21:58 . 2008-07-28 16:56

2008-07-25 21:53 . 2008-07-25 21:53

2008-07-25 21:31 . 2008-07-25 21:31

2008-07-25 21:31 . 2008-07-25 21:32

2008-07-25 21:31 . 2008-04-22 07:03 545 --a------ C:\Windows\UC.PIF

2008-07-25 21:31 . 2008-04-22 07:03 545 --a------ C:\Windows\RAR.PIF

2008-07-25 21:31 . 2008-04-22 07:03 545 --a------ C:\Windows\PKZIP.PIF

2008-07-25 21:31 . 2008-04-22 07:03 545 --a------ C:\Windows\PKUNZIP.PIF

2008-07-25 21:31 . 2008-04-22 07:03 545 --a------ C:\Windows\NOCLOSE.PIF

2008-07-25 21:31 . 2008-04-22 07:03 545 --a------ C:\Windows\LHA.PIF

2008-07-25 21:31 . 2008-04-22 07:03 545 --a------ C:\Windows\ARJ.PIF

2008-07-25 21:24 . 2008-07-25 21:24

2008-07-25 21:10 . 2008-07-26 00:07

2008-07-25 21:10 . 2008-07-25 21:10

2008-07-25 21:10 . 2007-03-08 01:51 129,784 --------- C:\Windows\System32\pxafs.dll

2008-07-25 20:46 . 2008-07-25 20:46

2008-07-25 20:18 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll

2008-07-25 20:18 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll

2008-07-25 20:18 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax

2008-07-25 20:18 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax

2008-07-25 20:16 . 2008-04-25 04:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb

2008-07-25 20:16 . 2008-04-25 06:35 826,880 --a------ C:\Windows\System32\wininet.dll

2008-07-25 20:15 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll

2008-07-25 20:15 . 2008-06-26 03:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll

2008-07-25 20:14 . 2008-06-26 05:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll

2008-07-25 20:13 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll

2008-07-25 20:13 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll

2008-07-25 20:03 . 2008-07-25 20:03

2008-07-25 20:03 . 2008-07-25 20:03 32,000 --a------ C:\Windows\System32\drivers\stppp.sys

2008-07-25 20:03 . 2008-07-25 20:03 30,464 --a------ C:\Windows\System32\drivers\st330.sys

2008-07-25 20:03 . 2008-07-25 20:03 16,128 --a------ C:\Windows\System32\drivers\lpwdm.sys

2008-07-25 20:03 . 2008-07-25 20:03 12,672 --a------ C:\Windows\System32\drivers\stbus.sys

2008-07-25 19:55 . 2008-07-25 19:56

2008-07-25 18:15 . 2008-07-25 18:15 0 --a------ C:\Windows\System32\drivers\1043_ASUSTeK_F3Sg.alu

2008-07-25 18:05 . 2008-07-25 18:05

2008-07-25 18:05 . 2008-07-28 20:31

2008-07-25 18:04 . 2008-07-25 18:04

2008-07-25 18:04 . 2008-07-26 13:06

2008-07-25 18:02 . 2008-07-25 18:02

2008-07-25 17:59 . 2008-07-25 18:04

2008-07-25 17:59 . 2008-07-27 23:29

2008-07-25 17:59 . 2008-07-25 18:04

2008-07-25 17:59 . 2008-07-28 12:54

2008-07-25 17:59 . 2008-07-25 18:04

2008-07-25 17:59 . 2008-07-28 18:43

2008-07-25 17:59 . 2006-11-02 14:37

2008-07-25 17:59 . 2008-07-25 18:02

2008-07-25 17:59 . 2008-07-25 22:18

2008-07-25 17:53 . 2008-07-25 17:53

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-28 22:09 45,056 ----a-w C:\Windows\System32\acovcnt.exe

2008-07-27 22:56 --------- d-----w C:\ProgramData\Microsoft Help

2008-07-27 21:29 --------- d-----w C:\ProgramData\ASUS

2008-07-27 12:49 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-07-27 09:44 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-07-25 18:25 --------- d-----w C:\Program Files\Windows Mail

2008-06-10 17:05 606,848 ----a-w C:\Windows\flashax.exe

2008-06-10 17:05 503,808 ----a-w C:\Windows\Asus_Camera_ScreenSaver.scr

2008-06-10 17:05 4,814,371 ----a-w C:\Windows\ASUS Camera ScreenSaver.exe

2008-06-10 17:05 37,232 ----a-w C:\Windows\ASScrProlog.exe

2008-06-10 17:05 33,136 ----a-w C:\Windows\ASScrPro.exe

2008-06-10 17:05 274,800 ----a-w C:\Windows\ASUS Camera ScreenSaver Uninstaller.exe

2008-06-10 17:05 12,288 ----a-w C:\Windows\impborl.dll

2008-06-10 17:01 --------- d-----w C:\ProgramData\NVIDIA

2008-06-10 16:56 --------- d-----w C:\Program Files\CSR

2008-06-10 16:54 0 —ha-w C:\Windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf

2008-06-10 16:54 --------- d-----w C:\Program Files\ASUS

2008-06-10 16:53 --------- d-----w C:\Program Files\Synaptics

2008-06-10 16:51 --------- d-----w C:\ProgramData\P4G

2008-06-10 16:51 --------- d-----w C:\Program Files\Power4Gear eXtreme

2008-06-10 16:51 --------- d-----w C:\Program Files\P4G

2008-06-10 16:51 --------- d-----w C:\Program Files\MainConcept

2008-06-10 16:41 --------- d-----w C:\Program Files\Wireless Console 2

2008-06-10 16:33 --------- d-----w C:\Program Files\ATKOSD2

2008-06-10 16:32 --------- d-----w C:\Program Files\ATKGFNEX

2008-06-10 16:32 --------- d-----w C:\Program Files\ATK Hotkey

2008-06-10 16:29 319,456 ----a-w C:\Windows\DIFxAPI.dll

2008-06-10 16:29 315,392 ----a-w C:\Windows\HideWin.exe

2008-06-10 16:29 --------- d-----w C:\Program Files\Realtek

2008-06-10 16:18 --------- d-----w C:\Program Files\Intel

2008-06-10 16:03 --------- d-----w C:\Program Files\Common Files\LightScribe

2008-06-10 16:02 --------- d-----w C:\Program Files\CyberLink

2008-06-10 15:57 --------- d-----w C:\ProgramData{623D32E9-0C62-4453-AD44-98B31F52A5E1}

2008-06-10 15:57 --------- d-----w C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites

2008-06-10 15:55 --------- d-----w C:\Program Files\Microsoft.NET

2008-06-10 15:55 --------- d-----w C:\Program Files\Microsoft Works

2008-06-10 15:48 --------- d-----w C:\Program Files\Motorola

2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll

2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll

2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe

2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll

2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll

2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll

2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll

2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll

2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll

2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll

2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll

2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll

2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll

2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll

2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll

2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin

2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin

2008-05-10 03:35 564,736 ----a-w C:\Windows\System32\emdmgmt.dll

2008-05-08 21:59 90,112 ----a-w C:\Windows\System32\wshext.dll

2008-05-08 21:59 430,080 ----a-w C:\Windows\System32\vbscript.dll

2008-05-08 21:59 180,224 ----a-w C:\Windows\System32\scrobj.dll

2008-05-08 21:59 172,032 ----a-w C:\Windows\System32\scrrun.dll

2008-05-08 21:59 155,648 ----a-w C:\Windows\System32\wscript.exe

2008-05-08 21:58 135,168 ----a-w C:\Windows\System32\cscript.exe

2008-04-29 03:54 181,760 ----a-w C:\Windows\System32\fsquirt.exe

2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini

.

((((((((((((((((((((((((((((( snapshot@2008-07-29_20.06.12.08 )))))))))))))))))))))))))))))))))))))))))

.

2008-07-29 13:13:23 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

2008-07-29 18:20:34 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

2008-07-29 13:13:23 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

2008-07-29 18:20:34 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

2008-07-29 13:13:51 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

2008-07-29 18:20:37 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
2008-07-29 18:20:37 262,144 —ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

2008-07-29 16:11:54 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

2008-07-29 18:22:24 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
2008-07-29 18:22:24 262,144 —ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

2008-07-29 17:38:44 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-07-29 18:23:27 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-07-29 17:38:44 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-07-29 18:23:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-07-29 17:38:44 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

2008-07-29 18:23:27 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

2008-07-29 13:18:31 101,250 ----a-w C:\Windows\System32\perfc009.dat

2008-07-29 18:27:48 101,250 ----a-w C:\Windows\System32\perfc009.dat

2008-07-29 13:18:31 126,908 ----a-w C:\Windows\System32\perfc015.dat

2008-07-29 18:27:48 126,908 ----a-w C:\Windows\System32\perfc015.dat

2008-07-29 13:18:31 587,178 ----a-w C:\Windows\System32\perfh009.dat

2008-07-29 18:27:48 587,178 ----a-w C:\Windows\System32\perfh009.dat

2008-07-29 13:18:31 662,056 ----a-w C:\Windows\System32\perfh015.dat

2008-07-29 18:27:48 662,056 ----a-w C:\Windows\System32\perfh015.dat

2008-07-29 13:15:52 4,906 ----a-w C:\Windows\System32\WDI{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1076552390-1637884023-1310680683-1000_UserData.bin

2008-07-29 18:23:05 4,914 ----a-w C:\Windows\System32\WDI{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1076552390-1637884023-1310680683-1000_UserData.bin

2008-07-29 13:15:51 84,114 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

2008-07-29 18:23:05 84,138 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-02 02:08 143360 --a------ C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“DS Clock”=“C:\Program Files\DS Clock\DSClock.exe” [2008-06-20 21:49 577606]

“Odkurzacz-MCD”=“C:\Program Files\Odkurzacz\odk_mcd.exe” [2008-03-03 14:44 266240]

“ehTray.exe”=“C:\Windows\ehome\ehTray.exe” [2008-01-21 04:25 125952]

“WindowsWelcomeCenter”=“oobefldr.dll” [2008-01-21 04:23 2153472 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NvSvc”=“C:\Windows\system32\nvsvc.dll” [2007-12-05 12:17 86016]

“NvCplDaemon”=“C:\Windows\system32\NvCpl.dll” [2007-12-05 12:17 8534560]

“NvMediaCenter”=“C:\Windows\system32\NvMcTray.dll” [2007-12-05 12:17 81920]

“ATKOSD2”=“C:\Program Files\ATKOSD2\ATKOSD2.exe” [2007-10-18 04:04 7737344]

“ATKMEDIA”=“C:\Program Files\ASUS\ATK Media\DMEDIA.EXE” [2006-11-02 17:27 61440]

“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2007-12-06 12:12 1029416]

“ASUS Screen Saver Protector”=“C:\Windows\ASScrPro.exe” [2008-06-10 19:05 33136]

“ASUS Camera ScreenSaver”=“C:\Windows\ASScrProlog.exe” [2008-06-10 19:05 37232]

“AVKTray”=“C:\Program Files\G DATA AntiVirus\AVKTray\AVKTray.exe” [2008-03-04 10:23 603720]

“SMSERIAL”=“C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe” [2007-08-28 05:48 655360]

“diagnostics”=“C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe” [2008-07-25 20:03 557149]

“RtHDVCpl”=“RtHDVCpl.exe” [2007-09-03 12:39 4702208 C:\Windows\RtHDVCpl.exe]

“Skytel”=“Skytel.exe” [2007-08-03 07:22 1826816 C:\Windows\SkyTel.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

“EnableUIADesktopToggle”= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“msacm.l3codecp”= l3codecp.acm

“msacm.clmp3enc”= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

–a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

–a------ 2008-03-18 02:59 2289664 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

–a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

“{6E9CEF07-9D3B-4039-8F3A-09E2EE3C1ECF}”= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

“{8B793668-57ED-44EF-BE61-C03E746432AE}”= UDP:C:\SPEED TOUCH\STHIWv\stInstall.exe:SpeedTouch Home Install Wizard

“{92248D9B-8607-40FF-8F39-DDDF0182055F}”= TCP:C:\SPEED TOUCH\STHIWv\stInstall.exe:SpeedTouch Home Install Wizard

“{84FA3B67-9673-4FBB-BFD1-1A1B5495B13D}”= UDP:C:\Program Files\Thomson\ST330\service\st330service.exe:ST330 service

“{B4AAE942-8E50-4231-B098-31DB49D8817C}”= TCP:C:\Program Files\Thomson\ST330\service\st330service.exe:ST330 service

“TCP Query User{28C8397C-C825-4A4D-B192-CF013364F58B}D:\programy\flashget.exe”= UDP:D:\programy\flashget.exe:FlashGet

“UDP Query User{7C951025-C2EF-421E-ADF3-1B2107116676}D:\programy\flashget.exe”= TCP:D:\programy\flashget.exe:FlashGet

R0 lullaby;lullaby;C:\Windows\system32\DRIVERS\lullaby.sys [2007-09-27 00:03]

R1 gdwfpcd;G DATA WFP CD;C:\Windows\system32\DRIVERS\gdwfpcd32.sys [2008-04-15 03:22]

R2 AVKProxy;G DATA AntiVirus Proxy;C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe [2008-02-19 11:45]

R2 AVKService;G DATA Scheduler;C:\Program Files\G DATA AntiVirus\AVK\AVKService.exe [2008-02-07 05:26]

R2 AVKWCtl;Strażnik AntiVirus;C:\Program Files\G DATA AntiVirus\AVK\AVKWCtl.exe [2008-02-05 12:26]

R2 DSClockSyncTime;DS Clock Synchronization Service http://www.dualitysoft.com;C:\Program Files\DS Clock\dsetime.exe [2008-06-20 20:06]

R2 GDTdiInterceptor;GDTdiInterceptor;C:\Windows\system32\drivers\GDTdiIcpt.sys [2008-07-27 14:51]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\l160x86.sys [2007-10-31 13:55]

R3 GDMnIcpt;GDMnIcpt;C:\Windows\system32\drivers\MiniIcpt.sys [2008-07-27 14:51]

R3 HookCentre;HookCentre;C:\Windows\system32\drivers\HookCentre.sys [2008-07-27 14:51]

R3 ST330;ST330;C:\Windows\system32\drivers\st330.sys [2008-07-25 20:03]

R3 STBUS;STBUS;C:\Windows\system32\drivers\stbus.sys [2008-07-25 20:03]

R3 stppp;Speedtouch PPP Adapter Adapter;C:\Windows\system32\DRIVERS\stppp.sys [2008-07-25 20:03]

S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys [2008-04-23 13:56]

S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 09:30]

S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 04:23]

S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 04:23]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

“C:\Program Files\Common Files\LightScribe\LSRunOnce.exe”

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.onet.pl/

O8 -: &Ściągnij przy pomocy FlashGet’a - D:\PROGRAMY\jc_link.htm

O8 -: &Ściągnij wszystko przy pomocy FlashGet’a - D:\PROGRAMY\jc_all.htm

O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O17 -: HKLM\CCS\Interface{E6FB4C81-2A60-4BAF-9017-0FCCC5FCD56D}: NameServer = 194.204.159.1 217.98.63.164

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-29 20:47:07

Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

C:\ADSM_PData_0150

scan completed successfully

hidden files: 1

**************************************************************************

.

Completion time: 2008-07-29 20:48:27

ComboFix-quarantined-files.txt 2008-07-29 18:48:22

ComboFix2.txt 2008-07-29 18:06:51

Pre-Run: 50,071,146,496 bajtów wolnych

Post-Run: 50,043,334,656 bajtów wolnych

307 — E O F — 2008-07-27 22:56:34

Leon1 · 29 Lipiec 2008 19:42

Log wygląda na czysty

zrób optymalizacje uruchamiania

http://cybertrash.netarteria.pl/cyber/i … 378.0.html

usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html pokaż raport stronę uruchomić przez IE

system · 29 Lipiec 2008 20:04

Dziękuję za odpowiedź.

U mnie nie ma : C: \Qoobox !

Combofix można w całości usunąć ręcznie ? Cały katalog? Nie ma tego na liście dodaj/usuń programy …

Leon1 · 29 Lipiec 2008 20:50

Tak usunąć ręcznie

system · 29 Lipiec 2008 21:15

To 33 mb.! Także pliki reg., systemowe… Vista nie ucierpi na takiej operacji ?

Leon1 · 29 Lipiec 2008 21:31

Przecież używałeś Combofixa więc go teraz usuń

włącz wyszukiwarkę i wpisz Qoobox niech przeszuka

system · 29 Lipiec 2008 21:54

O`k.Combo… usunąłem.

Ale tego Qoobox-a to wyszukiwarka nie znalazła

A wracając do początkowego pytania - czy program z autostartu ATKOSD2.exe “coś komuś mówi” ? Czy wiadomo co to jest ?

Leon1 · 29 Lipiec 2008 22:18

http://support.asus.com/faq/faq.aspx?no=C66EB14B-C877-D30D-54EA-E3B4B4FA9FDD&SLanguage=pl-pl

system · 29 Lipiec 2008 22:46

O

Jesteś WIELKI …

A miałbyś pomysł ,jak pozbyć się “asus liveupdate” z autostartu ?

Pozdrawiam serdecznie.

asterisk · 29 Lipiec 2008 22:56

Proszę zastosować się do tego Tematu i edytować własnego posta

w celu zmiany jego tytułu na konkretny .

W przeciwnym razie topic wyląduje w Śmietniku.

Na przyszłość - logi wklejamy na stronę wklejto.pl.

Tutaj linkujemy do wklejonego loga