Proszę o sprawdzenie loga

szejk · 28 Lipiec 2007 09:37

Proszę o sprawdzenie loga długo uruchamia się system avast znalazł trojny nie mogę otworzyć dysków ze skrótów błąd copy.exe

Logfile of HijackThis v1.99.1 Scan saved at 11:36:54, on 2007-07-28 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\PROGRA~1\NEOSTR~1\taskbaricon.exe C:\WINDOWS\system32\devldr32.exe C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe C:\PROGRA~1\NEOSTR~1\ComComp.exe C:\PROGRA~1\NEOSTR~1\Watch.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Włodek\Pulpit\serwis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe O4 - HKCU…\Run: [Odkurzacz-QC] C:\Program Files\Odkurzacz\odk_qc.exe O8 - Extra context menu item: Download All Links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Subskrybuj w Cafe News - D:\Program Files\CafeNews\addFeed.htm O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O17 - HKLM\System\CCS\Services\Tcpip…{BADED41A-5F24-42EC-9419-AF3AFBB22C4E}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbscoms.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

adam9870 · 28 Lipiec 2007 11:24

Wpisz w okienko Uruchom polecenie regsvr32 /i shell32.dll i kliknij OK.

Usuń powyżej przedstawiony wpis korzystając z HijackThis.

Wklej log z ComboFix.

szejk · 28 Lipiec 2007 12:47

“Wodek” - 2007-07-28 14:43:42 BĄd CScript: Dost©p do Hosta skrypt˘w systemu Windows jest wyĄczony na tym komputerze. Skontaktuj si© z administratorem, aby uzyska† szczeg˘owe informacje. - ComboFix 07-07-24 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) c:\autorun.inf C:\WINDOWS\autorun.inf d:\autorun.inf ((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-28 ))))))))))))))))))))))))))))))) 2007-07-25 20:02 2007-07-25 20:02 2007-07-25 15:36 2007-07-24 16:40 2007-07-24 16:40 2007-07-24 16:40 2007-07-23 15:39 9,728 -ra------ C:\WINDOWS\system32\drivers\magicpvt.sys 2007-07-23 15:39 79,360 --a------ C:\WINDOWS\system32\sam_nv4_disp.dll 2007-07-23 15:39 79,360 --a------ C:\WINDOWS\system32\magicpvt.dll 2007-07-23 15:39 61,440 --a------ C:\WINDOWS\system32\mpvthook.dll 2007-07-23 15:39 32 --a------ C:\WINDOWS\system32\driver.dat 2007-07-23 15:39 16 --a------ C:\WINDOWS\system32\magicpvt.dat 2007-07-23 15:39 2007-07-23 15:37 40,960 --a------ C:\WINDOWS\system32\nvgpio.dll 2007-07-23 15:37 36,864 --a------ C:\WINDOWS\system32\nvapi9x.dll 2007-07-23 15:37 13,396 --a------ C:\WINDOWS\system32\drivers\MTiCtwl.sys 2007-07-23 15:36 65,536 --a------ C:\WINDOWS\system32\Gif89.dll 2007-07-23 15:36 2007-07-21 17:30 2007-07-15 12:06 299,520 --a------ C:\WINDOWS\uninst.exe 2007-07-08 17:15 2007-07-08 17:10 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2007-07-08 17:10 249,856 --------- C:\WINDOWS\Setup1.exe (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-28 09:31:04 -------- d-----w C:\Program Files\CCleaner 2007-07-28 09:25:56 -------- d-----w C:\Program Files\Neostrada TP 2007-07-27 14:03:58 -------- d-----w C:\DOCUME~1\WODEK~1\DANEAP~1\Skype 2007-07-23 13:39:11 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-07-20 14:25:28 -------- d-----w C:\Program Files\Mozilla Thunderbird 2007-07-10 08:47:20 -------- d-----w C:\DOCUME~1\WODEK~1\DANEAP~1\IDM 2007-06-19 11:11:56 26 ----a-w C:\WINDOWS\popcinfo.dat 2007-06-16 22:11:58 51,200 ----a-w C:\WINDOWS\nircmd.exe 2007-06-14 19:17:40 -------- d-----w C:\Program Files\Odkurzacz 2007-06-14 17:05:54 1,852 ----a-w C:\WINDOWS\system32\tmp.reg 2007-06-12 07:42:03 86,532 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-06-12 07:42:03 475,508 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-06-07 19:10:48 20,480 ----a-w C:\WINDOWS\system32\ac3config.exe 2007-05-16 15:18:58 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-11 04:37:16 740,442 ----a-w C:\WINDOWS\system32\divx.dll 2007-05-08 18:23:10 10,752 ----a-w C:\WINDOWS\system32\ff_vfw.dll 2007-05-02 18:04:20 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-05-02 18:02:08 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-04-28 12:54:36 593,920 ----a-w C:\WINDOWS\system32\xvidcore.dll 2007-04-18 17:21:36 16,368 ----a-w C:\DOCUME~1\WODEK~1\DANEAP~1\GDIPFONTCACHEV1.DAT ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42] “WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [2003-10-16 20:07] “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2003-10-16 20:07] “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\taskbaricon.exe” [2003-10-16 20:07] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Odkurzacz-QC”=“C:\Program Files\Odkurzacz\odk_qc.exe” [2007-05-03 10:01] [HKEY_USERS.default\software\microsoft\windows\currentversion\runonce] “WUAppSetup”=C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08da -f video -m logitech -d 10.5.1.2023 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoRemoteRecursiveEvents”=1 (0x1) “ClearRecentDocsOnExit”=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoLowDiskSpaceChecks”=1 (0x1) “NoChangeKeyboardNavigationIndicators”=0 (0x0) “NoSharedDocuments”=1 (0x1) “ClearRecentDocsOnExit”=1 (0x1) “NoSaveSettings”=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{6cba0fc6-e83d-11db-b504-000e504a3629}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7458293a-e922-11db-b506-000e504a3629}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-28 14:44:26 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden registry entries … [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{E9F81423-211E-46B6-9AE0-38568BC5CF6F}] “DisplayName”=“Alcohol 120” [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] “Order”=hex:08,00,00,00,02,00,00,00,76,0a,00,00,01,00,00,00,1c,00,00,00,42,… [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c\BANK] “Order”=hex:08,00,00,00,02,00,00,00,ac,01,00,00,01,00,00,00,05,00,00,00,52,… [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c\POCZTA] “Order”=hex:08,00,00,00,02,00,00,00,22,04,00,00,01,00,00,00,0b,00,00,00,64,… scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-28 14:45:06 C:\ComboFix-quarantined-files.txt … 2007-07-28 14:44 C:\ComboFix2.txt … 2007-07-24 16:39 C:\ComboFix3.txt … 2007-07-24 14:14 — E O F —

jessica · 28 Lipiec 2007 12:58

Twój pendrive jest zainfekowany.

W tej chwili ComboFix usunął infekcję z dysku, ale…

Infekcja będzie wracać na dysk systemowy po każdym użyciu pendrive.

Na razie zrób to:

Do Notatnika wklej:

Windows Registry Editor Version 5.00


[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6cba0fc6-e83d-11db-b504-000e504a3629}] 


[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7458293a-e922-11db-b506-000e504a3629}]

Z menu Notatnika >>> Plik >>> Zapisz jako >>> Ustaw rozszerzenie na Wszystkie pliki >>> Zapisz jako FIX.REG >>>

plik uruchom (dwuklik i OK).

Zrestartuj komputer.

Daj nowy log z Combo.

.

szejk · 28 Lipiec 2007 13:16

“Wodek” - 2007-07-28 15:12:46 BĄd CScript: Dost©p do Hosta skrypt˘w systemu Windows jest wyĄczony na tym komputerze. Skontaktuj si© z administratorem, aby uzyska† szczeg˘owe informacje. - ComboFix 07-07-24 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-28 ))))))))))))))))))))))))))))))) 2007-07-25 20:02 2007-07-25 20:02 2007-07-25 15:36 2007-07-24 16:40 2007-07-24 16:40 2007-07-24 16:40 2007-07-23 15:39 9,728 -ra------ C:\WINDOWS\system32\drivers\magicpvt.sys 2007-07-23 15:39 79,360 --a------ C:\WINDOWS\system32\sam_nv4_disp.dll 2007-07-23 15:39 79,360 --a------ C:\WINDOWS\system32\magicpvt.dll 2007-07-23 15:39 61,440 --a------ C:\WINDOWS\system32\mpvthook.dll 2007-07-23 15:39 32 --a------ C:\WINDOWS\system32\driver.dat 2007-07-23 15:39 16 --a------ C:\WINDOWS\system32\magicpvt.dat 2007-07-23 15:39 2007-07-23 15:37 40,960 --a------ C:\WINDOWS\system32\nvgpio.dll 2007-07-23 15:37 36,864 --a------ C:\WINDOWS\system32\nvapi9x.dll 2007-07-23 15:37 13,396 --a------ C:\WINDOWS\system32\drivers\MTiCtwl.sys 2007-07-23 15:36 65,536 --a------ C:\WINDOWS\system32\Gif89.dll 2007-07-23 15:36 2007-07-21 17:30 2007-07-15 12:06 299,520 --a------ C:\WINDOWS\uninst.exe 2007-07-08 17:15 2007-07-08 17:10 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2007-07-08 17:10 249,856 --------- C:\WINDOWS\Setup1.exe (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-28 09:31:04 -------- d-----w C:\Program Files\CCleaner 2007-07-28 09:25:56 -------- d-----w C:\Program Files\Neostrada TP 2007-07-27 14:03:58 -------- d-----w C:\DOCUME~1\WODEK~1\DANEAP~1\Skype 2007-07-23 13:39:11 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-07-20 14:25:28 -------- d-----w C:\Program Files\Mozilla Thunderbird 2007-07-10 08:47:20 -------- d-----w C:\DOCUME~1\WODEK~1\DANEAP~1\IDM 2007-06-19 11:11:56 26 ----a-w C:\WINDOWS\popcinfo.dat 2007-06-16 22:11:58 51,200 ----a-w C:\WINDOWS\nircmd.exe 2007-06-14 19:17:40 -------- d-----w C:\Program Files\Odkurzacz 2007-06-14 17:05:54 1,852 ----a-w C:\WINDOWS\system32\tmp.reg 2007-06-12 07:42:03 86,532 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-06-12 07:42:03 475,508 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-06-07 19:10:48 20,480 ----a-w C:\WINDOWS\system32\ac3config.exe 2007-05-16 15:18:58 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-11 04:37:16 740,442 ----a-w C:\WINDOWS\system32\divx.dll 2007-05-08 18:23:10 10,752 ----a-w C:\WINDOWS\system32\ff_vfw.dll 2007-05-02 18:04:20 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-05-02 18:02:08 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-04-28 12:54:36 593,920 ----a-w C:\WINDOWS\system32\xvidcore.dll 2007-04-18 17:21:36 16,368 ----a-w C:\DOCUME~1\WODEK~1\DANEAP~1\GDIPFONTCACHEV1.DAT ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42] “WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [2003-10-16 20:07] “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2003-10-16 20:07] “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\taskbaricon.exe” [2003-10-16 20:07] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Odkurzacz-QC”=“C:\Program Files\Odkurzacz\odk_qc.exe” [2007-05-03 10:01] [HKEY_USERS.default\software\microsoft\windows\currentversion\runonce] “WUAppSetup”=C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08da -f video -m logitech -d 10.5.1.2023 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoRemoteRecursiveEvents”=1 (0x1) “ClearRecentDocsOnExit”=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoLowDiskSpaceChecks”=1 (0x1) “NoChangeKeyboardNavigationIndicators”=0 (0x0) “NoSharedDocuments”=1 (0x1) “ClearRecentDocsOnExit”=1 (0x1) “NoSaveSettings”=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{6cba0fc6-e83d-11db-b504-000e504a3629}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7458293a-e922-11db-b506-000e504a3629}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-28 15:13:39 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden registry entries … [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{E9F81423-211E-46B6-9AE0-38568BC5CF6F}] “DisplayName”=“Alcohol 120” [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] “Order”=hex:08,00,00,00,02,00,00,00,76,0a,00,00,01,00,00,00,1c,00,00,00,42,… [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c\BANK] “Order”=hex:08,00,00,00,02,00,00,00,ac,01,00,00,01,00,00,00,05,00,00,00,52,… [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c\POCZTA] “Order”=hex:08,00,00,00,02,00,00,00,22,04,00,00,01,00,00,00,0b,00,00,00,64,… scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-28 15:14:16 C:\ComboFix-quarantined-files.txt … 2007-07-28 15:14 C:\ComboFix2.txt … 2007-07-28 14:45 C:\ComboFix3.txt … 2007-07-24 16:39 — E O F —

jessica · 28 Lipiec 2007 13:29

Ten klucz dalej jest, więc spróbuj jeszcze raz powtórzyć to z poprzedniego mojego postu.

Jeśli znów się nie uda, to zajmij się tym ręcznie:

>> - tak będę oznaczała: “kliknij”

(+) - tak będę oznaczała: “kliknij w znak plusa”

>>START>>URUCHOM>>wybierz (lub wpisz) REGEDIT>>OK

>>(+)HKEY_CURRENT_USER>>(+)software>>(+)microsoft>>(+)windows>>(+)currentversion>>(+)explorer>>(+)mountpoints2>

>zaznacz “{6cba0fc6-e83d-11db-b504-000e504a3629}”>>prawoklik>>usuń

>zaznacz “{7458293a-e922-11db-b506-000e504a3629}”>>prawoklik>>usuń

Daj nowy log z ComboFix.

.

szejk · 28 Lipiec 2007 13:41

“Wodek” - 2007-07-28 15:38:06 BĄd CScript: Dost©p do Hosta skrypt˘w systemu Windows jest wyĄczony na tym komputerze. Skontaktuj si© z administratorem, aby uzyska† szczeg˘owe informacje. - ComboFix 07-07-24 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-28 ))))))))))))))))))))))))))))))) 2007-07-25 20:02 2007-07-25 20:02 2007-07-25 15:36 2007-07-24 16:40 2007-07-24 16:40 2007-07-24 16:40 2007-07-23 15:39 9,728 -ra------ C:\WINDOWS\system32\drivers\magicpvt.sys 2007-07-23 15:39 79,360 --a------ C:\WINDOWS\system32\sam_nv4_disp.dll 2007-07-23 15:39 79,360 --a------ C:\WINDOWS\system32\magicpvt.dll 2007-07-23 15:39 61,440 --a------ C:\WINDOWS\system32\mpvthook.dll 2007-07-23 15:39 32 --a------ C:\WINDOWS\system32\driver.dat 2007-07-23 15:39 16 --a------ C:\WINDOWS\system32\magicpvt.dat 2007-07-23 15:39 2007-07-23 15:37 40,960 --a------ C:\WINDOWS\system32\nvgpio.dll 2007-07-23 15:37 36,864 --a------ C:\WINDOWS\system32\nvapi9x.dll 2007-07-23 15:37 13,396 --a------ C:\WINDOWS\system32\drivers\MTiCtwl.sys 2007-07-23 15:36 65,536 --a------ C:\WINDOWS\system32\Gif89.dll 2007-07-23 15:36 2007-07-21 17:30 2007-07-15 12:06 299,520 --a------ C:\WINDOWS\uninst.exe 2007-07-08 17:15 2007-07-08 17:10 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2007-07-08 17:10 249,856 --------- C:\WINDOWS\Setup1.exe (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-28 13:14:40 -------- d-----w C:\Program Files\Neostrada TP 2007-07-28 09:31:04 -------- d-----w C:\Program Files\CCleaner 2007-07-27 14:03:58 -------- d-----w C:\DOCUME~1\WODEK~1\DANEAP~1\Skype 2007-07-23 13:39:11 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-07-20 14:25:28 -------- d-----w C:\Program Files\Mozilla Thunderbird 2007-07-10 08:47:20 -------- d-----w C:\DOCUME~1\WODEK~1\DANEAP~1\IDM 2007-06-19 11:11:56 26 ----a-w C:\WINDOWS\popcinfo.dat 2007-06-16 22:11:58 51,200 ----a-w C:\WINDOWS\nircmd.exe 2007-06-14 19:17:40 -------- d-----w C:\Program Files\Odkurzacz 2007-06-14 17:05:54 1,852 ----a-w C:\WINDOWS\system32\tmp.reg 2007-06-12 07:42:03 86,532 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-06-12 07:42:03 475,508 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-06-07 19:10:48 20,480 ----a-w C:\WINDOWS\system32\ac3config.exe 2007-05-16 15:18:58 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-11 04:37:16 740,442 ----a-w C:\WINDOWS\system32\divx.dll 2007-05-08 18:23:10 10,752 ----a-w C:\WINDOWS\system32\ff_vfw.dll 2007-05-02 18:04:20 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-05-02 18:02:08 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-04-28 12:54:36 593,920 ----a-w C:\WINDOWS\system32\xvidcore.dll 2007-04-18 17:21:36 16,368 ----a-w C:\DOCUME~1\WODEK~1\DANEAP~1\GDIPFONTCACHEV1.DAT ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42] “WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [2003-10-16 20:07] “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2003-10-16 20:07] “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\taskbaricon.exe” [2003-10-16 20:07] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Odkurzacz-QC”=“C:\Program Files\Odkurzacz\odk_qc.exe” [2007-05-03 10:01] [HKEY_USERS.default\software\microsoft\windows\currentversion\runonce] “WUAppSetup”=C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08da -f video -m logitech -d 10.5.1.2023 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoRemoteRecursiveEvents”=1 (0x1) “ClearRecentDocsOnExit”=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoLowDiskSpaceChecks”=1 (0x1) “NoChangeKeyboardNavigationIndicators”=0 (0x0) “NoSharedDocuments”=1 (0x1) “ClearRecentDocsOnExit”=1 (0x1) “NoSaveSettings”=0 (0x0) ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-28 15:38:36 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden registry entries … [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{E9F81423-211E-46B6-9AE0-38568BC5CF6F}] “DisplayName”=“Alcohol 120” [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] “Order”=hex:08,00,00,00,02,00,00,00,76,0a,00,00,01,00,00,00,1c,00,00,00,42,… [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c\BANK] “Order”=hex:08,00,00,00,02,00,00,00,ac,01,00,00,01,00,00,00,05,00,00,00,52,… [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c\POCZTA] “Order”=hex:08,00,00,00,02,00,00,00,22,04,00,00,01,00,00,00,0b,00,00,00,64,… scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-28 15:39:14 C:\ComboFix-quarantined-files.txt … 2007-07-28 15:38 C:\ComboFix2.txt … 2007-07-28 15:14 C:\ComboFix3.txt … 2007-07-28 14:45 — E O F —

jessica · 28 Lipiec 2007 13:49

Tak, teraz jest OK!

Oczywiście tylko do następnego użycia pendrive.

Wg mnie najlepiej byłoby sformatować pena - ale to tylko takie moje osobiste zdanie.

Może ktoś ma lepszy pomysł…

szejk · 28 Lipiec 2007 13:58

Dzięki ale jest następny problem otóż po restarcie: start systemu długo trwa, napis “zapraszamy” ok 20 sek a ikonki na pulpicie uruchamiają sie po 35 sek.

adam9870 · 28 Lipiec 2007 16:35

Proponuję usunąć aplikację dostępową neostrady, a połączenie skonfigurować ręcznie: http://forum.dobreprogramy.pl/viewtopic.php?t=91864

Przeskanuj system programem Odkurzacz i usuń wszystko, co zostanie znalezione.

Dodatkowo przejrzyj XP - Optymalizacja, odchudzanie dla trochę bardziej zaawansowanych. Lub Optymalizacja i odchudzanie Windowsa XP dla trochę mniej zaawansowanych.