system
(system)
3 Kwiecień 2007 10:06
#1
Bardzo proszę o sprawdzenie loga. Od jakiegoś czasu mam problem z uruchomieniem Yahoo messenger. Otóż po uruchomieniu i zalogowaniu wyskakuje okna z komunikatem iż program zostanie zamknięty, gdyż wystąpił błąd z aplikacją. Próbowałam odinstalować Yahoo mssg i zainstalować na nowo- jednakże błąd nadal występuje. Proszę o pomoc, z góry dziękuję.
Logfile of HijackThis v1.99.1 Scan saved at 12:02:29, on 2007-04-03 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\ATK0100\HControl.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\PROGRA~1\PESTPA~1\PPControl.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\PROGRA~1\PESTPA~1\CookiePatrol.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\WINDOWS\system32\ntvdm.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Miranda IM\miranda32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\system32\drwtsn32.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Komputer\USTAWI~1\Temp\Rar$EX38.234\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM…\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM…\Run: [soundMAX] “C:\Program Files\Analog Devices\SoundMAX\Smax4.exe” /tray O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe” O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [kis] “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe” O4 - HKLM…\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Yahoo! Pager] “C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Dodaj do Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix-eu.com/viewers/ipixx.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/pl/big/1 … gleNav.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Kaspersky Internet Security Home Edition 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
adam9870
(adam9870)
3 Kwiecień 2007 10:12
#2
Log czysty.
Czy po odinstalowaniu YahooMessenger przeczyściłeś rejestr? Jeśli nie to odinstaluj go ale przed ponowną instalacją przeczyść rejestr, opis:
http://forum.dobreprogramy.pl/viewtopic … 108#427108
Jeśli jednak rada przedstawiona wyżej nie pomoże:
sprawdź czy masz jakieś minidumpy, a jeśli tak to najlepiej wklej zawartość kilku
http://forum.dobreprogramy.pl/viewtopic … 977#797977
system
(system)
3 Kwiecień 2007 11:05
#3
dziękuję za odpowiedź, postąpiłam wg wskazówek jednakże program jak się zamykał - tak się zamyka:(
Tak , jak Pan prosił-wklejam log z Combofix’a
“Komputer” - 07-04-03 12:55:30 Dodatek Service Pack 2 ComboFix 07-03-27.4.2 - Running from: “C:\Program Files\dobre programy” ((((((((((((((((((((((((((((((( Files Created from 2007-03-03 to 2007-04-03 )))))))))))))))))))))))))))))))))) 2007-04-03 12:28 2007-03-21 13:36 2007-03-18 16:09 2007-03-13 02:11 2007-03-13 02:05 2007-03-08 11:10 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-03 12:55 -------- d-------- C:\Program Files\dobre programy 2007-04-03 12:19 -------- d-------- C:\Program Files\jv16 powertools 2007-03-27 07:59 80450 --a------ C:\WINDOWS\system32\perfc015.dat 2007-03-27 07:59 461164 --a------ C:\WINDOWS\system32\perfh015.dat 2007-03-19 17:18 -------- d-------- C:\Program Files\odkurzacz 2007-03-09 00:22 -------- d-------- C:\Program Files\java 2007-02-19 11:37 -------- d-------- C:\Program Files\msn messenger 2007-02-13 00:47 41 --a------ C:\WINDOWS\system32\cfeadb2_s.dll 2007-02-12 22:43 -------- d-------- C:\Program Files\kaspersky lab 2007-02-12 00:50 -------- d-------- C:\Program Files\windows installer clean up 2007-02-12 00:49 -------- d-------- C:\Program Files\msecache 2007-01-19 13:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll 2007-01-10 01:38 545960 --a------ C:\Program Files\sgc10_pase30_rdr80_dlm_en_us.exe 2007-01-08 20:01 17408 --a------ C:\WINDOWS\system32\corpol.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” “msnmsgr”="“C:\Program Files\MSN Messenger\msnmsgr.exe” /background" “Yahoo! Pager”="“C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “SoundMAXPnP”=“C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe” “SoundMAX”="“C:\Program Files\Analog Devices\SoundMAX\Smax4.exe” /tray" “SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” “HControl”=“C:\WINDOWS\ATK0100\HControl.exe” “TkBellExe”="“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot" “SunJavaUpdateSched”="“C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe”" “QuickTime Task”="“C:\Program Files\QuickTime\qttask.exe” -atboottime" “kis”="“C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe”" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Kodak EasyShare software.lnk] “backup”=“C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE -h” “item”=“Kodak EasyShare software” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Kodak software updater.lnk] “path”=“C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Kodak software updater.lnk” “backup”=“C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~1.EXE " “item”=“Kodak software updater” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^PalStart.lnk] “backup”=“C:\WINDOWS\pss\PalStart.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\Program Files\Paltalk Messenger\palstart.exe " “item”=“PalStart” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Symfonia® PDF.lnk] “backup”=“C:\WINDOWS\pss\Symfonia® PDF.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\WINDOWS\system32\PDFSaver.exe " “item”=“Symfonia® PDF” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^WinZip Quick Pick.lnk] “backup”=“C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\PROGRA~1\WinZip\WZQKPICK.EXE " “item”=“WinZip Quick Pick” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Komputer^Menu Start^Programy^Autostart^OpenOffice.org 2.0.lnk] “path”=“C:\Documents and Settings\Komputer\Menu Start\Programy\Autostart\OpenOffice.org 2.0.lnk” “backup”=“C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup” “location”=“Startup” “command”=“C:\PROGRA~1\OPENOF~1.0\program\QUICKS~1.EXE " “item”=“OpenOffice.org 2.0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=”” “hkey”=“HKLM” “command”=”” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CookiePatrol] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“CookiePatrol” “hkey”=“HKLM” “command”=“c:\PROGRA~1\PESTPA~1\CookiePatrol.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“DkIcon” “hkey”=“HKLM” “command”=”“C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe”" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“gg” “hkey”=“HKCU” “command”="“C:\Program Files\Gadu-Gadu\gg.exe” /tray" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“GoogleDesktop” “hkey”=“HKLM” “command”="“C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“dumprep 0 -k” “hkey”=“HKLM” “command”="%systemroot%\system32\dumprep 0 -k" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“msnmsgr” “hkey”=“HKCU” “command”="“C:\Program Files\MSN Messenger\msnmsgr.exe” /background" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Search Bar Eq] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“s4bareq” “hkey”=“HKLM” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“NeroCheck” “hkey”=“HKLM” “command”=“C:\WINDOWS\system32\NeroCheck.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“odk_mcd” “hkey”=“HKCU” “command”=“C:\Program Files\Odkurzacz\odk_mcd.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PestPatrol Control Center] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“PPControl” “hkey”=“HKLM” “command”=“c:\PROGRA~1\PESTPA~1\PPControl.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPMemCheck] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“PPMemCheck” “hkey”=“HKLM” “command”=“c:\PROGRA~1\PESTPA~1\PPMemCheck.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“qttask” “hkey”=“HKLM” “command”="“C:\Program Files\QuickTime\qttask.exe” -atboottime" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“PDVDServ” “hkey”=“HKLM” “command”="“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“Skype” “hkey”=“HKCU” “command”="“C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“swdoctor” “hkey”=“HKCU” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“GoogleToolbarNotifier” “hkey”=“HKCU” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipDiscount] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“VoipDiscount” “hkey”=“HKCU” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“YahooMessenger” “hkey”=“HKCU” “command”="“C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet" “inimapping”=“0” [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes … scanning hidden services … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-04-03 13:01:01
adam9870
(adam9870)
3 Kwiecień 2007 11:14
#4
Ściągasz program KillBox , zaznaczasz Delete on reboot , w polu full path of file wklej ścieżkę:
C:\WINDOWS\system32\cfeadb2_s.dll
Klikasz X czerwony i restart kompa.
Otwórz Notatnik i wklej w nim to:
Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.
Przeskanuj system http://www.ewido.net/en/
Po wykonaniu możesz wkleić nowy log z Combo.
system
(system)
3 Kwiecień 2007 16:29
#5
Bardzo dziękuję. Yahoo już się nie zamyla!
Ewido- nie udała mi się użyć, gdyś próbując przeskanować system ze strony internetowej po zainstalowaniu Activex’a - Scan nie startuje tylko zamykają się wszystkie okna przeglądarki i zostaje mi czysty pulpit,ale wszystko chyba ok.
Tak jak Pan prosił wklejam nowy log z Combo. Prosze spojrzeć w miarę czasu. Dziękuję i pozdrawiam.
“Komputer” - 07-04-03 18:19:26 Dodatek Service Pack 2 ComboFix 07-03-27.4.2 - Running from: “C:\Program Files\dobre programy” ((((((((((((((((((((((((((((((( Files Created from 2007-03-03 to 2007-04-03 )))))))))))))))))))))))))))))))))) 2007-04-03 13:22 2007-04-03 12:28 2007-03-21 13:36 2007-03-18 16:09 2007-03-13 02:11 2007-03-13 02:05 2007-03-08 11:10 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-03 18:19 -------- d-------- C:\Program Files\dobre programy 2007-04-03 12:19 -------- d-------- C:\Program Files\jv16 powertools 2007-03-27 07:59 80450 --a------ C:\WINDOWS\system32\perfc015.dat 2007-03-27 07:59 461164 --a------ C:\WINDOWS\system32\perfh015.dat 2007-03-19 17:18 -------- d-------- C:\Program Files\odkurzacz 2007-03-09 00:22 -------- d-------- C:\Program Files\java 2007-02-19 11:37 -------- d-------- C:\Program Files\msn messenger 2007-02-12 22:43 -------- d-------- C:\Program Files\kaspersky lab 2007-02-12 00:50 -------- d-------- C:\Program Files\windows installer clean up 2007-02-12 00:49 -------- d-------- C:\Program Files\msecache 2007-01-19 13:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll 2007-01-10 01:38 545960 --a------ C:\Program Files\sgc10_pase30_rdr80_dlm_en_us.exe 2007-01-08 20:01 17408 --a------ C:\WINDOWS\system32\corpol.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” “msnmsgr”="“C:\Program Files\MSN Messenger\msnmsgr.exe” /background" “Yahoo! Pager”="“C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “SoundMAXPnP”=“C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe” “SoundMAX”="“C:\Program Files\Analog Devices\SoundMAX\Smax4.exe” /tray" “SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” “HControl”=“C:\WINDOWS\ATK0100\HControl.exe” “TkBellExe”="“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot" “SunJavaUpdateSched”="“C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe”" “QuickTime Task”="“C:\Program Files\QuickTime\qttask.exe” -atboottime" “kis”="“C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe”" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Kodak EasyShare software.lnk] “backup”=“C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE -h” “item”=“Kodak EasyShare software” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Kodak software updater.lnk] “path”=“C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Kodak software updater.lnk” “backup”=“C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~1.EXE " “item”=“Kodak software updater” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^PalStart.lnk] “backup”=“C:\WINDOWS\pss\PalStart.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\Program Files\Paltalk Messenger\palstart.exe " “item”=“PalStart” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Symfonia® PDF.lnk] “backup”=“C:\WINDOWS\pss\Symfonia® PDF.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\WINDOWS\system32\PDFSaver.exe " “item”=“Symfonia® PDF” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^WinZip Quick Pick.lnk] “backup”=“C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\PROGRA~1\WinZip\WZQKPICK.EXE " “item”=“WinZip Quick Pick” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Komputer^Menu Start^Programy^Autostart^OpenOffice.org 2.0.lnk] “path”=“C:\Documents and Settings\Komputer\Menu Start\Programy\Autostart\OpenOffice.org 2.0.lnk” “backup”=“C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup” “location”=“Startup” “command”=“C:\PROGRA~1\OPENOF~1.0\program\QUICKS~1.EXE " “item”=“OpenOffice.org 2.0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=”” “hkey”=“HKLM” “command”=”” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CookiePatrol] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“CookiePatrol” “hkey”=“HKLM” “command”=“c:\PROGRA~1\PESTPA~1\CookiePatrol.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“DkIcon” “hkey”=“HKLM” “command”=”“C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe”" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“gg” “hkey”=“HKCU” “command”="“C:\Program Files\Gadu-Gadu\gg.exe” /tray" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“GoogleDesktop” “hkey”=“HKLM” “command”="“C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“dumprep 0 -k” “hkey”=“HKLM” “command”="%systemroot%\system32\dumprep 0 -k" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“msnmsgr” “hkey”=“HKCU” “command”="“C:\Program Files\MSN Messenger\msnmsgr.exe” /background" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“NeroCheck” “hkey”=“HKLM” “command”=“C:\WINDOWS\system32\NeroCheck.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“odk_mcd” “hkey”=“HKCU” “command”=“C:\Program Files\Odkurzacz\odk_mcd.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PestPatrol Control Center] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“PPControl” “hkey”=“HKLM” “command”=“c:\PROGRA~1\PESTPA~1\PPControl.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPMemCheck] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“PPMemCheck” “hkey”=“HKLM” “command”=“c:\PROGRA~1\PESTPA~1\PPMemCheck.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“qttask” “hkey”=“HKLM” “command”="“C:\Program Files\QuickTime\qttask.exe” -atboottime" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“PDVDServ” “hkey”=“HKLM” “command”="“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“Skype” “hkey”=“HKCU” “command”="“C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“swdoctor” “hkey”=“HKCU” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“GoogleToolbarNotifier” “hkey”=“HKCU” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipDiscount] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“VoipDiscount” “hkey”=“HKCU” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“YahooMessenger” “hkey”=“HKCU” “command”="“C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet" “inimapping”=“0” [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes … scanning hidden services … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-04-03 18:26:12 C:\ComboFix2.txt … 07-04-03 13:01
adam9870
(adam9870)
3 Kwiecień 2007 18:27
#6
Log jest w porządku.
Możesz usunąć ręcznie folder z backupami killboxa -> C:!KillBox
system
(system)
3 Kwiecień 2007 21:12
#7
Jeszcze raz bardzo dziękuję Panu za pomoc i pozdrawiam./Jola