Spowolnianie pracy koputera, migający ekran

daniel123456 · 27 Marzec 2007 12:14

Pousunięciu zgodnie z wskazówkami usunąłem wirus, pózniej przeskanowałem przez skaner panda online i niby unieszkodliwil mi te wirusy ale on znowu są aktywne, spowalniają kompa prze startowaniu i przy uruchamianiu programów, a dzisiaj jeszcze monitor zaczął się trzęść. przesyłam logo za Hijack prosze o pomoc jak sie ich pozbyć

Logfile of HijackThis v1.99.1 Scan saved at 14:04:42, on 2007-03-27 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\explorer.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\cidaemon.exe C:\WINDOWS\System32\cidaemon.exe C:\Program Files\Neostrada TP\NeostradaTP.exe C:\Program Files\Neostrada TP\ComComp.exe C:\Program Files\Neostrada TP\Watch.exe D:\WINAP\Winamp\winamp.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\WINDOWS\msagent\AgentSvr.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Alwil Software\Avast4\ashSimpl.exe C:\Documents and Settings\koles\Ustawienia lokalne\Temp\Katalog tymczasowy 1 dla hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL F2 - REG:system.ini: Shell=explorer.exe O2 - BHO: Shell Event Object Class - {00534B55-3155-CA4F-B41D-0E922121D03C} - C:\WINDOWS\System32\cscentfy.dll (file missing) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar_pl_4.0.1601-big.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar_pl_4.0.1601-big.dll O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/21f4facbcac … xIE601.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar1.google.com/data/pl/big/ … gleNav.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O17 - HKLM\System\CCS\Services\Tcpip…{58352F29-ED52-4AA5-93E4-A4A20222E9F2}: NameServer = 194.204.152.34 217.98.63.164 O20 - AppInit_DLLs: O20 - Winlogon Notify: xartcd5 - xartcd5.dll (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

skaner avast wykrył niby i usonął jakiegoś robaka ale nic nie pomogło

JNJN · 27 Marzec 2007 13:07

Proszę zmienić temat postu na konkretny i używać polskich znaków,opcja zmień i popraw.JNJN

adam9870 · 27 Marzec 2007 13:20

Usuń wpisy HJT i pokaż log z ComboFix.

daniel123456 · 27 Marzec 2007 21:29

“koles” - 07-03-27 23:21:58 Dodatek Service Pack. 1 ComboFix 07-03-27.4 - Running from: “C:\Documents and Settings\koles\Pulpit” (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\pfxzmtaim.dll C:\WINDOWS\system32\pfxzmtforum.dll C:\WINDOWS\system32\pfxzmtgtal.dll C:\WINDOWS\system32\pfxzmticq.dll C:\WINDOWS\system32\pfxzmtsmt.dll C:\WINDOWS\system32\pfxzmtsmtspm.dll C:\WINDOWS\system32\pfxzmtwbmail.dll C:\WINDOWS\system32\pfxzmtymsg.dll C:\WINDOWS\system32\sfxzmtforum.dll C:\WINDOWS\system32\sfxzmtsmt.dll C:\WINDOWS\system32\sfxzmtsmtspm.dll C:\WINDOWS\system32\sfxzmtwbmail.dll C:\WINDOWS\system32\pp.exe.exe C:\WINDOWS\system32\zu.exe.exe C:\WINDOWS\pp.exe ((((((((((((((((((((((((((((((( Files Created from 2007-02-27 to 2007-03-27 )))))))))))))))))))))))))))))))))) 2007-03-23 20:52 2007-03-23 20:52 2007-03-23 20:45 2007-03-23 20:45 2007-03-23 19:44 2007-03-23 00:44 2007-03-22 23:23 2007-03-22 23:21 466,200 --a------ C:\WINDOWS\system32\wuapi.dll 2007-03-22 23:21 41,240 --a------ C:\WINDOWS\system32\wups.dll 2007-03-22 23:21 195,352 --a------ C:\WINDOWS\system32\wuaueng1.dll 2007-03-22 23:21 175,384 --a------ C:\WINDOWS\system32\wuauclt1.exe 2007-03-22 23:21 173,536 --a------ C:\WINDOWS\system32\wuweb.dll 2007-03-22 23:21 128,280 --a------ C:\WINDOWS\system32\wucltui.dll 2007-03-22 23:21 2007-03-22 17:13 2007-03-22 17:13 2007-03-22 13:57 2007-03-21 23:43 1,289 --a------ C:\WINDOWS\mozver.dat 2007-03-21 11:42 2007-03-21 10:17 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-03-21 10:17 2007-03-21 10:17 2007-03-21 10:17 2007-03-21 10:17 2007-03-21 10:17 2007-03-21 10:17 2007-03-21 10:17 2007-03-21 09:16 0 --a------ C:\WINDOWS\nsreg.dat 2007-03-21 09:16 2007-03-21 09:11 2007-03-21 09:11 2007-03-21 09:11 2007-03-21 09:10 2007-03-19 22:05 5 --a------ C:\WINDOWS\system32\fontqxet.dll 2007-03-19 22:02 8 --a------ C:\WINDOWS\system32\sdfinacs.dll 2007-03-19 22:02 13 --a------ C:\WINDOWS\system32\rasqervy.dll 2007-03-19 21:55 8,704 --a------ C:\WINDOWS\system32\sporder.dll 2007-03-19 21:55 115 --a------ C:\WINDOWS\system32\wuasirvy.dll 2007-03-16 10:56 72,496 --a------ C:\WINDOWS\system32\drivers\khips.sys 2007-03-16 10:56 302,000 --a------ C:\WINDOWS\system32\drivers\fwdrv.sys 2007-03-10 15:55 52,736 --a------ C:\WINDOWS\system32\mspmsnsv.dll 2007-03-10 15:55 365,704 --a------ C:\WINDOWS\system32\msscp.dll 2007-03-10 15:55 27,136 --a------ C:\WINDOWS\system32\wmdmlog.dll 2007-03-10 15:55 246,272 --a------ C:\WINDOWS\system32\mswmdm.dll 2007-03-10 15:55 23,552 --a------ C:\WINDOWS\system32\wmdmps.dll 2007-03-10 15:55 225,280 --a------ C:\WINDOWS\system32\wmpdxm.dll 2007-03-10 15:55 208,896 --a------ C:\WINDOWS\system32\wmpns.dll 2007-03-10 15:55 201,728 --a------ C:\WINDOWS\system32\mspmsp.dll 2007-03-10 15:55 20,480 --a------ C:\WINDOWS\system32\wmpui.dll 2007-03-10 15:55 20,480 --a------ C:\WINDOWS\system32\wmpcore.dll 2007-03-10 15:55 159,232 --a------ C:\WINDOWS\system32\CEWMDM.dll 2007-03-10 15:55 106,496 --a------ C:\WINDOWS\system32\wmpasf.dll 2007-03-09 22:29 2007-03-09 22:27 2007-03-09 22:27 2007-03-09 20:52 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2007-03-07 10:30 2007-03-05 18:08 2007-03-05 15:39 2007-03-05 15:38 2007-02-27 15:11 2007-02-27 15:10 2007-02-27 15:10 2007-02-27 15:10 2007-02-27 15:10 2007-02-27 15:09 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-03-27 22:54 -------- d-------- C:\Program Files\neostrada tp 2007-03-25 09:30 99908 --a------ C:\WINDOWS\system32\perfc015.dat 2007-03-25 09:30 520484 --a------ C:\WINDOWS\system32\perfh015.dat 2007-03-23 16:17 -------- d-------- C:\Program Files\Common Files\lightscribe 2007-03-23 03:36 -------- d–h----- C:\Program Files\windowsupdate 2007-03-23 03:04 -------- d-------- C:\Program Files\quicktime 2007-03-23 03:01 -------- d-------- C:\Program Files\movie maker 2007-03-23 01:19 -------- d-------- C:\Program Files\reg organizer 2.5 full 2007-03-22 14:03 -------- d-------- C:\Program Files\java 2007-03-21 21:49 -------- d-------- C:\Program Files\subedit-player 2007-03-21 10:12 382 --a------ C:\DOCUME~1\koles\DANEAP~1\internaldb1942.dat 2007-03-21 09:57 177152 --a------ C:\DOCUME~1\koles\DANEAP~1\internaldb4827.dat 2007-03-21 09:57 151 --a------ C:\DOCUME~1\koles\DANEAP~1\internaldb9186.dat 2007-03-21 09:57 13046 --a------ C:\DOCUME~1\koles\DANEAP~1\internaldb5436.dat 2007-03-21 09:57 0 --a------ C:\DOCUME~1\koles\DANEAP~1\internaldb4604.dat 2007-03-20 16:07 -------- d-------- C:\DOCUME~1\koles\DANEAP~1\skype 2007-03-19 12:34 49 --a------ C:\DOCUME~1\koles\DANEAP~1\internaldb41.dat 2007-03-08 12:57 44976 --a------ C:\DOCUME~1\koles\DANEAP~1\gdipfontcachev1.dat 2007-01-28 18:24 -------- d–h----- C:\Program Files\installshield installation information 2007-01-28 17:58 -------- d-------- C:\Program Files\Common Files\ulead systems 2007-01-28 17:58 -------- d-------- C:\Program Files\Common Files\sony digital images 2007-01-28 17:58 -------- d-------- C:\DOCUME~1\koles\DANEAP~1\ulead systems 2007-01-28 17:52 -------- d-------- C:\Program Files\smartsound software 2007-01-28 17:52 -------- d-------- C:\Program Files\Common Files\installshield 2007-01-28 17:50 -------- d-------- C:\Program Files\windows media components 2007-01-28 17:45 -------- d-------- C:\Program Files\ulead systems 2007-01-19 10:40 89088 --a------ C:\WINDOWS\system32\skaneronlineuninstall.exe 2007-01-17 21:37 2560 --a------ C:\WINDOWS_msrstrt.exe 2007-01-15 19:32 689280 --a------ C:\WINDOWS\system32\aswboot.exe 2007-01-15 19:23 90112 --a------ C:\WINDOWS\system32\avastss.scr 2006-12-06 10:02 177152 --a------ C:\DOCUME~1\koles\DANEAP~1\internaldb1869.dat (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “SoundMan”=“SOUNDMAN.EXE” “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] “path”=“C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk” “backup”=“C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE " “item”=“Adobe Reader Speed Launch” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk] “path”=“C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk” “backup”=“C:\WINDOWS\pss\DSLMON.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\PROGRA~1\SAGEM\SAGEMF~1\dslmon.exe /W” “item”=“DSLMON” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^DOCUME~1^ALLUSE~1^Menu Start^Programy^Autostart^Microsoft Office.lnk] “path”=“C:\DOCUME~1\ALLUSE~1\Menu Start\Programy\Autostart\Microsoft Office.lnk” “backup”=“C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l” “item”=“Microsoft Office” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^DOCUME~1^ALLUSE~1^Menu Start^Programy^Autostart^Picture Package Menu.lnk] “path”=“C:\DOCUME~1\ALLUSE~1\Menu Start\Programy\Autostart\Picture Package Menu.lnk” “backup”=“C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~3\SonyTray.exe " “item”=“Picture Package Menu” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^DOCUME~1^ALLUSE~1^Menu Start^Programy^Autostart^Picture Package VCD Maker.lnk] “path”=“C:\DOCUME~1\ALLUSE~1\Menu Start\Programy\Autostart\Picture Package VCD Maker.lnk” “backup”=“C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~1\RESIDE~1.EXE -h” “item”=“Picture Package VCD Maker” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“BearShare” “hkey”=“HKLM” “command”=”“C:\Program Files\BearShare\BearShare.exe” /pause” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“BJPSMAIN” “hkey”=“HKLM” “command”=“C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark_X79-55] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“lsasss” “hkey”=“HKLM” “command”=“C:\WINDOWS\System32\lsasss.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mysvcig38] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“mysvcc” “hkey”=“HKLM” “command”=“mysvcc.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“NeroCheck” “hkey”=“HKLM” “command”=“C:\WINDOWS\system32\NeroCheck.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“NeroCheck” “hkey”=“HKLM” “command”=“C:\WINDOWS\system32\NeroCheck.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“NvCpl” “hkey”=“HKLM” “command”=“RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“NVMCTRAY” “hkey”=“HKCU” “command”=“RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“nwiz” “hkey”=“HKLM” “command”=“nwiz.exe /install” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“PDVDServ” “hkey”=“HKLM” “command”="“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“Skype” “hkey”=“HKCU” “command”="“C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TEST] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“auto” “hkey”=“HKLM” “command”=“C:\WINDOWS\System32\auto.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“Amoumain” “hkey”=“HKLM” “command”=“C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“winampa” “hkey”=“HKLM” “command”=“D:\WINAP\Winamp\winampa.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“CnxMon” “hkey”=“HKLM” “command”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“TaskbarIcon” “hkey”=“HKLM” “command”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“Watch” “hkey”=“HKLM” “command”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes … ? [2040] scanning hidden services … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden processes: 1 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-03-27 23:27:41

przesyłam logo z ComboFix

adam9870 · 28 Marzec 2007 12:43

Folder i pliki usuń ręcznie będąc w trybie awaryjnym.

Zwykła wersja programu BearShare posiada w sobie syf dlatego proponuję go usunąć. A jeśli koniecznie chcesz z niego korzystać to zainstaluj wersję Lite, która jest pozbawiona syfu.

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Przeskanuj system http://www.ewido.net/en/

Po wykonaniu wklej nowy log z Combo plus dwa logi z Gmer’a wykonane przy takich ustawieniach:

Zakładka Rootkit >>> zaznaczone wszystko oprócz Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta
Zakładka Rootkit >>> zaznaczone tylko Usługi i Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta

Jeśli wszystkie logi nie zmieszczą się bezpośrednio do posta, to umieść je w jakimś serwisie hostingowym jako pliki *.txt, a tu tylko zlinkuj.

http://forum.dobreprogramy.pl/viewtopic.php?t=96929

daniel123456 · 29 Marzec 2007 22:13

BearShare usunąłem

nie moga usunąć

Joan · 29 Marzec 2007 22:23

Ściągasz narzędzie KillBox, zaznaczasz Delete on Reboot, potem klikasz All Files i wklejasz do pola Full Path of File to Delete ścieżkę:

C:\WINDOWS\System32\lsasss.exe

Klikasz X i reset sysa.

daniel123456 · 30 Marzec 2007 01:20

Usunąłem wszystko co wyrzej zostało wymienione zrobiłem to wszystko zgodnie z kolejmnością jak była napisana i takie efekty mi wyszły : przeskanowa AVG

AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 02:39:53 2007-03-30 + Scan result: C:\System Volume Information_restore{BC1BA3D8-4F2B-4C33-A995-587170DB2A33}\RP139\A0087125.exe -> Adware.Beginto : Ignored. C:\System Volume Information_restore{BC1BA3D8-4F2B-4C33-A995-587170DB2A33}\RP143\A0090455.dll -> Adware.Beginto : Ignored. C:\System Volume Information_restore{BC1BA3D8-4F2B-4C33-A995-587170DB2A33}\RP143\A0090457.exe -> Adware.Beginto : Ignored. HKLM\SYSTEM\CurrentControlSet\Control\DeviceClasses{5b45201d-f2f2-4f3b-85bb-30ff1f953599}##?#PCI#VEN_10DE&DEV_0181&SUBSYS_11111554&REV_A2#4&1feb96e4&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}# -> Adware.IEDriver : Ignored. HKLM\SYSTEM\CurrentControlSet\Control\DeviceClasses{5b45201d-f2f2-4f3b-85bb-30ff1f953599}##?#PCI#VEN_10DE&DEV_0181&SUBSYS_11111554&REV_A2#4&1feb96e4&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}#\Control -> Adware.IEDriver : Ignored. HKLM\SYSTEM\CurrentControlSet\Control\DeviceClasses{5b45201d-f2f2-4f3b-85bb-30ff1f953599}##?#PCI#VEN_10DE&DEV_0181&SUBSYS_11111554&REV_A2#4&1feb96e4&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}#\Device Parameters -> Adware.IEDriver : Ignored. E:\pliki tekstowe\szkoła\Śmieci\Kawały\alcoholic.exe -> Not-A-Virus.Joke.Win32.SlipperyMouse.A : Ignored. :mozilla.749:C:\Documents and Settings\koles\Dane aplikacji\Mozilla\Firefox\Profiles\4hvizkcp.default\cookies.txt -> TrackingCookie.Adbrite : Ignored. :mozilla.750:C:\Documents and Settings\koles\Dane aplikacji\Mozilla\Firefox\Profiles\4hvizkcp.default\cookies.txt -> TrackingCookie.Adbrite : Ignored. :mozilla.135:C:\Documents and Settings\koles\Dane aplikacji\Mozilla\Firefox\Profiles\4hvizkcp.default\cookies.txt -> TrackingCookie.Adocean : Ignored. :mozilla.136:C:\Documents and Settings\koles\Dane aplikacji\Mozilla\Firefox\Profiles\4hvizkcp.default\cookies.txt -> TrackingCookie.Adocean : Ignored. :mozilla.137:C:\Documents and Settings\koles\Dane aplikacji\Mozilla\Firefox\Profiles\4hvizkcp.default\cookies.txt -> TrackingCookie.Adocean : Ignored. :mozilla.43:C:\Documents and Settings\koles\Dane aplikacji\Mozilla\Firefox\Profiles\4hvizkcp.default\cookies.txt -> TrackingCookie.Adocean : Ignored. :mozilla.444:C:\Documents and Settings\koles\Dane aplikacji\Mozilla\Firefox\Profiles\4hvizkcp.default\cookies.txt -> TrackingCookie.Adocean : Ignored. :mozilla.445:C:\Documents and Settings\koles\Dane aplikacji\Mozilla\Firefox\Profiles\4hvizkcp.default\cookies.txt -> TrackingCookie.Adocean : Ignored. :mozilla.44:C:\Documents and Settings\koles\Dane aplikacji\Mozilla\Firefox\Profiles\4hvizkcp.default\cookies.txt -> TrackingCookie.Adocean : Ignored. :mozilla.526:C:\Documents and Settings\koles\Dane aplikacji\Mozilla\Firefox\Profiles\4hvizkcp.default\cookies.txt -> TrackingCookie.Adocean : Ignored. :mozilla.527:C:\Documents and Settings\koles\Dane aplikacji\Mozilla\Firefox\Profiles\4hvizkcp.default\cookies.txt -> TrackingCookie.Adocean : Ignored. :mozilla.580:C:\Documents and Settings\koles\Dane aplikacji\Mozilla\Firefox\Profiles\4hvizkcp.default\cookies.txt -> TrackingCookie.Adocean : Ignored. :mozilla.581:C:\Documents and Settings\koles\Dane aplikacji\Mozilla\Firefox\Profiles\4hvizkcp.default\cookies.txt -> TrackingCookie.Adocean : Ignored. :mozilla.77:C:\Documents and Settings\koles\Dane aplikacji\Mozilla\Firefox\Profiles\4hvizkcp.default\cookies.txt -> TrackingCookie.Adocean : Ignored. :mozilla.78:C:\Documents and Settings\koles\Dane aplikacji\Mozilla\Firefox\Profiles\4hvizkcp.default\cookies.txt -> TrackingCookie.Adocean : Ignored. :mozilla.88:C:\Documents and Settings\koles\Dane aplikacji\Mozilla\Firefox\Profiles\4hvizkcp.default\cookies.txt -> TrackingCookie.Adocean : Ignored. :mozilla.89:C:\Documents and Settings\koles\Dane aplikacji\Mozilla\Firefox\Profiles\4hvizkcp.default\cookies.txt -> TrackingCookie.Adocean : Ignored. C:\Documents and Settings\koles\Cookies\koles@gde.adocean[2].txt -> TrackingCookie.Adocean : Ignored. E:\gry\save do gier\Cookies\administrator@ad.adocean[1].txt -> TrackingCookie.Adocean : Ignored. :mozilla.13:C:\Documents and Settings\koles\Dane aplikacji\Mozilla\Firefox\Profiles\4hvizkcp.default\cookies.txt -> TrackingCookie.Gemius : Ignored. :mozilla.16:C:\Documents and Settings\koles\Dane aplikacji\Mozilla\Firefox\Profiles\4hvizkcp.default\cookies.txt -> TrackingCookie.Gemius : Ignored. C:\Documents and Settings\koles\Cookies\koles@hit.gemius[1].txt -> TrackingCookie.Gemius : Ignored. E:\gry\save do gier\Cookies\administrator@hit.gemius[1].txt -> TrackingCookie.Gemius : Ignored. :mozilla.777:C:\Documents and Settings\koles\Dane aplikacji\Mozilla\Firefox\Profiles\4hvizkcp.default\cookies.txt -> TrackingCookie.Googleadservices : Ignored. :mozilla.778:C:\Documents and Settings\koles\Dane aplikacji\Mozilla\Firefox\Profiles\4hvizkcp.default\cookies.txt -> TrackingCookie.Googleadservices : Ignored. :mozilla.490:C:\Documents and Settings\koles\Dane aplikacji\Mozilla\Firefox\Profiles\4hvizkcp.default\cookies.txt -> TrackingCookie.Information : Ignored. :mozilla.172:C:\Documents and Settings\koles\Dane aplikacji\Mozilla\Firefox\Profiles\4hvizkcp.default\cookies.txt -> TrackingCookie.Real : Ignored. :mozilla.173:C:\Documents and Settings\koles\Dane aplikacji\Mozilla\Firefox\Profiles\4hvizkcp.default\cookies.txt -> TrackingCookie.Real : Ignored. :mozilla.175:C:\Documents and Settings\koles\Dane aplikacji\Mozilla\Firefox\Profiles\4hvizkcp.default\cookies.txt -> TrackingCookie.Real : Ignored. :mozilla.176:C:\Documents and Settings\koles\Dane aplikacji\Mozilla\Firefox\Profiles\4hvizkcp.default\cookies.txt -> TrackingCookie.Real : Ignored. :mozilla.409:C:\Documents and Settings\koles\Dane aplikacji\Mozilla\Firefox\Profiles\4hvizkcp.default\cookies.txt -> TrackingCookie.Real : Ignored. :mozilla.345:C:\Documents and Settings\koles\Dane aplikacji\Mozilla\Firefox\Profiles\4hvizkcp.default\cookies.txt -> TrackingCookie.Skype : Ignored. C:\Documents and Settings\koles\Cookies\koles@skype[1].txt -> TrackingCookie.Skype : Ignored. :mozilla.764:C:\Documents and Settings\koles\Dane aplikacji\Mozilla\Firefox\Profiles\4hvizkcp.default\cookies.txt -> TrackingCookie.Texttbnru : Ignored. C:\Documents and Settings\koles\Cookies\koles@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Ignored. E:\gry\save do gier\Cookies\administrator@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Ignored. C:\System Volume Information_restore{BC1BA3D8-4F2B-4C33-A995-587170DB2A33}\RP135\A0086766.dll -> Worm.Zhelatin.al : Ignored. C:\System Volume Information_restore{BC1BA3D8-4F2B-4C33-A995-587170DB2A33}\RP140\A0087201.dll -> Worm.Zhelatin.al : Ignored. C:\System Volume Information_restore{BC1BA3D8-4F2B-4C33-A995-587170DB2A33}\RP135\A0085734.exe -> Worm.Zhelatin.bp : Ignored. C:\System Volume Information_restore{BC1BA3D8-4F2B-4C33-A995-587170DB2A33}\RP135\A0085735.exe -> Worm.Zhelatin.bp : Ignored. C:\System Volume Information_restore{BC1BA3D8-4F2B-4C33-A995-587170DB2A33}\RP135\A0085748.exe -> Worm.Zhelatin.bp : Ignored. C:\System Volume Information_restore{BC1BA3D8-4F2B-4C33-A995-587170DB2A33}\RP142\A0087710.exe -> Worm.Zhelatin.bp : Ignored. C:\System Volume Information_restore{BC1BA3D8-4F2B-4C33-A995-587170DB2A33}\RP143\A0090354.exe -> Worm.Zhelatin.bp : Ignored. C:\System Volume Information_restore{BC1BA3D8-4F2B-4C33-A995-587170DB2A33}\RP143\A0090355.exe -> Worm.Zhelatin.bp : Ignored. C:\System Volume Information_restore{BC1BA3D8-4F2B-4C33-A995-587170DB2A33}\RP135\A0086835.exe -> Worm.Zhelatin.bq : Ignored. C:\System Volume Information_restore{BC1BA3D8-4F2B-4C33-A995-587170DB2A33}\RP135\A0086837.exe -> Worm.Zhelatin.bq : Ignored. C:\System Volume Information_restore{BC1BA3D8-4F2B-4C33-A995-587170DB2A33}\RP135\A0086849.exe -> Worm.Zhelatin.bq : Ignored. C:\System Volume Information_restore{BC1BA3D8-4F2B-4C33-A995-587170DB2A33}\RP135\A0086892.exe -> Worm.Zhelatin.bq : Ignored. C:\System Volume Information_restore{BC1BA3D8-4F2B-4C33-A995-587170DB2A33}\RP135\A0086894.exe -> Worm.Zhelatin.bq : Ignored. C:\System Volume Information_restore{BC1BA3D8-4F2B-4C33-A995-587170DB2A33}\RP136\A0086935.exe -> Worm.Zhelatin.bq : Ignored. C:\System Volume Information_restore{BC1BA3D8-4F2B-4C33-A995-587170DB2A33}\RP136\A0086936.exe -> Worm.Zhelatin.bq : Ignored. C:\System Volume Information_restore{BC1BA3D8-4F2B-4C33-A995-587170DB2A33}\RP136\A0086949.exe -> Worm.Zhelatin.bq : Ignored. C:\System Volume Information_restore{BC1BA3D8-4F2B-4C33-A995-587170DB2A33}\RP142\A0087706.exe -> Worm.Zhelatin.bq : Ignored. C:\System Volume Information_restore{BC1BA3D8-4F2B-4C33-A995-587170DB2A33}\RP142\A0087709.exe -> Worm.Zhelatin.bq : Ignored. C:\System Volume Information_restore{BC1BA3D8-4F2B-4C33-A995-587170DB2A33}\RP139\A0087130.exe -> Worm.Zhelatin.br : Ignored. C:\System Volume Information_restore{BC1BA3D8-4F2B-4C33-A995-587170DB2A33}\RP141\A0087269.exe -> Worm.Zhelatin.br : Ignored. C:\System Volume Information_restore{BC1BA3D8-4F2B-4C33-A995-587170DB2A33}\RP142\A0087705.exe -> Worm.Zhelatin.br : Ignored. C:\System Volume Information_restore{BC1BA3D8-4F2B-4C33-A995-587170DB2A33}\RP143\A0090356.exe -> Worm.Zhelatin.br : Ignored. ::Report end

Combo Fix

“koles” - 07-03-30 2:45:03 Dodatek Service Pack. 1 ComboFix 07-03-27.4 - Running from: “C:\Documents and Settings\koles\Moje dokumenty\stanisaw.kruzowicz@neostrada.pl” ((((((((((((((((((((((((((((((( Files Created from 2007-02-28 to 2007-03-30 )))))))))))))))))))))))))))))))))) 2007-03-30 01:30 2007-03-30 00:29 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-03-30 00:05 301 --a------ C:\WINDOWS\FIX.REG 2007-03-23 20:45 2007-03-23 20:45 2007-03-23 19:44 2007-03-23 00:44 2007-03-22 23:23 2007-03-22 23:21 466,200 --a------ C:\WINDOWS\system32\wuapi.dll 2007-03-22 23:21 41,240 --a------ C:\WINDOWS\system32\wups.dll 2007-03-22 23:21 195,352 --a------ C:\WINDOWS\system32\wuaueng1.dll 2007-03-22 23:21 175,384 --a------ C:\WINDOWS\system32\wuauclt1.exe 2007-03-22 23:21 173,536 --a------ C:\WINDOWS\system32\wuweb.dll 2007-03-22 23:21 128,280 --a------ C:\WINDOWS\system32\wucltui.dll 2007-03-22 23:21 2007-03-22 17:13 2007-03-22 17:13 2007-03-22 13:57 2007-03-21 23:43 1,289 --a------ C:\WINDOWS\mozver.dat 2007-03-21 11:42 2007-03-21 10:17 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-03-21 10:17 2007-03-21 10:17 2007-03-21 10:17 2007-03-21 10:17 2007-03-21 10:17 2007-03-21 10:17 2007-03-21 10:17 2007-03-21 09:16 0 --a------ C:\WINDOWS\nsreg.dat 2007-03-21 09:16 2007-03-21 09:11 2007-03-21 09:11 2007-03-21 09:11 2007-03-21 09:10 2007-03-19 22:05 5 --a------ C:\WINDOWS\system32\fontqxet.dll 2007-03-19 21:55 8,704 --a------ C:\WINDOWS\system32\sporder.dll 2007-03-16 10:56 72,496 --a------ C:\WINDOWS\system32\drivers\khips.sys 2007-03-16 10:56 302,000 --a------ C:\WINDOWS\system32\drivers\fwdrv.sys 2007-03-10 15:55 52,736 --a------ C:\WINDOWS\system32\mspmsnsv.dll 2007-03-10 15:55 365,704 --a------ C:\WINDOWS\system32\msscp.dll 2007-03-10 15:55 27,136 --a------ C:\WINDOWS\system32\wmdmlog.dll 2007-03-10 15:55 246,272 --a------ C:\WINDOWS\system32\mswmdm.dll 2007-03-10 15:55 23,552 --a------ C:\WINDOWS\system32\wmdmps.dll 2007-03-10 15:55 225,280 --a------ C:\WINDOWS\system32\wmpdxm.dll 2007-03-10 15:55 208,896 --a------ C:\WINDOWS\system32\wmpns.dll 2007-03-10 15:55 201,728 --a------ C:\WINDOWS\system32\mspmsp.dll 2007-03-10 15:55 20,480 --a------ C:\WINDOWS\system32\wmpui.dll 2007-03-10 15:55 20,480 --a------ C:\WINDOWS\system32\wmpcore.dll 2007-03-10 15:55 159,232 --a------ C:\WINDOWS\system32\CEWMDM.dll 2007-03-10 15:55 106,496 --a------ C:\WINDOWS\system32\wmpasf.dll 2007-03-09 22:29 2007-03-09 22:27 2007-03-09 22:27 2007-03-09 20:52 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2007-03-07 10:30 2007-03-05 18:08 2007-03-05 15:39 2007-03-05 15:38 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-03-30 01:41 -------- d-------- C:\Program Files\neostrada tp 2007-03-27 23:35 -------- d-------- C:\DOCUME~1\koles\DANEAP~1\skype 2007-03-25 09:30 99908 --a------ C:\WINDOWS\system32\perfc015.dat 2007-03-25 09:30 520484 --a------ C:\WINDOWS\system32\perfh015.dat 2007-03-23 16:17 -------- d-------- C:\Program Files\Common Files\lightscribe 2007-03-23 03:36 -------- d–h----- C:\Program Files\windowsupdate 2007-03-23 03:04 -------- d-------- C:\Program Files\quicktime 2007-03-23 03:01 -------- d-------- C:\Program Files\movie maker 2007-03-23 01:19 -------- d-------- C:\Program Files\reg organizer 2.5 full 2007-03-22 14:03 -------- d-------- C:\Program Files\java 2007-03-21 21:49 -------- d-------- C:\Program Files\subedit-player 2007-03-21 10:12 382 --a------ C:\DOCUME~1\koles\DANEAP~1\internaldb1942.dat 2007-03-21 09:57 177152 --a------ C:\DOCUME~1\koles\DANEAP~1\internaldb4827.dat 2007-03-21 09:57 151 --a------ C:\DOCUME~1\koles\DANEAP~1\internaldb9186.dat 2007-03-21 09:57 13046 --a------ C:\DOCUME~1\koles\DANEAP~1\internaldb5436.dat 2007-03-21 09:57 0 --a------ C:\DOCUME~1\koles\DANEAP~1\internaldb4604.dat 2007-03-19 12:34 49 --a------ C:\DOCUME~1\koles\DANEAP~1\internaldb41.dat 2007-03-08 12:57 44976 --a------ C:\DOCUME~1\koles\DANEAP~1\gdipfontcachev1.dat 2007-02-27 15:11 -------- d-------- C:\Program Files\difx 2007-02-27 15:11 -------- d-------- C:\DOCUME~1\koles\DANEAP~1\pc suite 2007-02-27 15:10 -------- d-------- C:\Program Files\nokia 2007-02-27 15:10 -------- d-------- C:\Program Files\Common Files\pcsuite 2007-02-27 15:10 -------- d-------- C:\Program Files\Common Files\nokia 2007-01-28 18:24 -------- d–h----- C:\Program Files\installshield installation information 2007-01-28 17:58 -------- d-------- C:\Program Files\Common Files\ulead systems 2007-01-28 17:58 -------- d-------- C:\Program Files\Common Files\sony digital images 2007-01-28 17:58 -------- d-------- C:\DOCUME~1\koles\DANEAP~1\ulead systems 2007-01-28 17:52 -------- d-------- C:\Program Files\smartsound software 2007-01-28 17:52 -------- d-------- C:\Program Files\Common Files\installshield 2007-01-28 17:50 -------- d-------- C:\Program Files\windows media components 2007-01-28 17:45 -------- d-------- C:\Program Files\ulead systems 2007-01-19 10:40 89088 --a------ C:\WINDOWS\system32\skaneronlineuninstall.exe 2007-01-17 21:37 2560 --a------ C:\WINDOWS_msrstrt.exe 2007-01-15 19:32 689280 --a------ C:\WINDOWS\system32\aswboot.exe 2007-01-15 19:23 90112 --a------ C:\WINDOWS\system32\avastss.scr 2006-12-06 10:02 177152 --a------ C:\DOCUME~1\koles\DANEAP~1\internaldb1869.dat (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “SoundMan”=“SOUNDMAN.EXE” “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” “!AVG Anti-Spyware”="“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] “path”=“C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk” “backup”=“C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE " “item”=“Adobe Reader Speed Launch” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk] “path”=“C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk” “backup”=“C:\WINDOWS\pss\DSLMON.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\PROGRA~1\SAGEM\SAGEMF~1\dslmon.exe /W” “item”=“DSLMON” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^DOCUME~1^ALLUSE~1^Menu Start^Programy^Autostart^Microsoft Office.lnk] “path”=“C:\DOCUME~1\ALLUSE~1\Menu Start\Programy\Autostart\Microsoft Office.lnk” “backup”=“C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l” “item”=“Microsoft Office” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^DOCUME~1^ALLUSE~1^Menu Start^Programy^Autostart^Picture Package Menu.lnk] “path”=“C:\DOCUME~1\ALLUSE~1\Menu Start\Programy\Autostart\Picture Package Menu.lnk” “backup”=“C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~3\SonyTray.exe " “item”=“Picture Package Menu” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^DOCUME~1^ALLUSE~1^Menu Start^Programy^Autostart^Picture Package VCD Maker.lnk] “path”=“C:\DOCUME~1\ALLUSE~1\Menu Start\Programy\Autostart\Picture Package VCD Maker.lnk” “backup”=“C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~1\RESIDE~1.EXE -h” “item”=“Picture Package VCD Maker” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“BearShare” “hkey”=“HKLM” “command”=”“C:\Program Files\BearShare\BearShare.exe” /pause” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“BJPSMAIN” “hkey”=“HKLM” “command”=“C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“NeroCheck” “hkey”=“HKLM” “command”=“C:\WINDOWS\system32\NeroCheck.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“NeroCheck” “hkey”=“HKLM” “command”=“C:\WINDOWS\system32\NeroCheck.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“NvCpl” “hkey”=“HKLM” “command”=“RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“NVMCTRAY” “hkey”=“HKCU” “command”=“RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“nwiz” “hkey”=“HKLM” “command”=“nwiz.exe /install” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“PDVDServ” “hkey”=“HKLM” “command”="“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“Skype” “hkey”=“HKCU” “command”="“C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“Amoumain” “hkey”=“HKLM” “command”=“C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“winampa” “hkey”=“HKLM” “command”=“D:\WINAP\Winamp\winampa.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“CnxMon” “hkey”=“HKLM” “command”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“TaskbarIcon” “hkey”=“HKLM” “command”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“Watch” “hkey”=“HKLM” “command”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“AVG Anti-Spyware 7.5” [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_AVGASCLN ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes … scanning hidden services … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-03-30 2:49:

wysłałem w nocy i nie zauważyłem że obcieło, niemieści się przesle za chwile link

Złączono Posta : 30.03.2007 (Pią) 14:38

nie miałem wcześniej konta hosta dopiero co załżyłem i nie wiem jak długo potrwa aktywacja, może jest jakiś inny sposób przesłania loga z gmer.

nie jestem za dobry w te klocki

adam9870 · 30 Marzec 2007 13:15

Ściągasz program KillBox, zaznaczasz Delete on reboot , w polu full path of file wklej ścieżkę:

C:\WINDOWS\system32\fontqxet.dll

Klikasz X czerwony i restart kompa.

Usuń wszystko to, co AVG znalazł ale przed tym zrób tak:

daniel123456 · 30 Marzec 2007 16:29

jak się tego pozbyć

Złączono Posta : 30.03.2007 (Pią) 18:32

to jest z AVG Anti-Spyware

adam9870 · 30 Marzec 2007 16:33

Start -> uruchom -> wpisz regedit i kliknij OK -> przejdź do danego klucza i usuń dany szkodliwy klucz, który wykrywa program.

daniel123456 · 31 Marzec 2007 11:49

Udało mi się wszystko usunąć. Po poownym przeslkanowaniu nic już nie wykrył. Został problem z ruszającym się obrazem, prze skanowaniu się to nasiliło, jakoś długo ładuje się windows!

Joan · 31 Marzec 2007 12:02

przeskanuj jeszcze SUPERAntiSpyware Free Edition

daniel123456 · 3 Kwiecień 2007 18:00

Przeskanowałem przez Supera AntiSpyware pózniej jeszcze przez Pnada Acktivescane i

usunąłem wszystkie zainfekowane pozycje ale zostało coś takiego

jak to usunąć

adam9870 · 3 Kwiecień 2007 19:04

Pokaż nowy raport z AVG Anti-Spyware oraz SUPERAntiSpyware Free Edition i ewentualnie jeszcze z Pandy.

Czy przed usunięciem pozycji wykrytych przez AVG zrobiłeś kopię zapasową rejestru?

daniel123456 · 4 Kwiecień 2007 17:53

Pozostałe skanery nic nie wykryły

--------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 17:14:18 2007-04-04 + Scan result: HKLM\SYSTEM\CurrentControlSet\Control\DeviceClasses{5b45201d-f2f2-4f3b-85bb-30ff1f953599}##?#PCI#VEN_10DE&DEV_0181&SUBSYS_11111554&REV_A2#4&1feb96e4&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}# -> Adware.IEDriver : Ignored. HKLM\SYSTEM\CurrentControlSet\Control\DeviceClasses{5b45201d-f2f2-4f3b-85bb-30ff1f953599}##?#PCI#VEN_10DE&DEV_0181&SUBSYS_11111554&REV_A2#4&1feb96e4&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}#\Control -> Adware.IEDriver : Ignored. HKLM\SYSTEM\CurrentControlSet\Control\DeviceClasses{5b45201d-f2f2-4f3b-85bb-30ff1f953599}##?#PCI#VEN_10DE&DEV_0181&SUBSYS_11111554&REV_A2#4&1feb96e4&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}#\Device Parameters -> Adware.IEDriver : Ignored. C:\RECYCLER\S-1-5-21-2025429265-1417001333-1177238915-1001\Dc25.txt -> TrackingCookie.2o7 : Ignored. C:\Documents and Settings\koles\Cookies\koles@gde.adocean[1].txt -> TrackingCookie.Adocean : Ignored. C:\Documents and Settings\koles\Cookies\koles@gg.adocean[2].txt -> TrackingCookie.Adocean : Ignored. C:\Documents and Settings\koles\Cookies\koles@my.adocean[2].txt -> TrackingCookie.Adocean : Ignored. C:\RECYCLER\S-1-5-21-2025429265-1417001333-1177238915-1001\Dc27.txt -> TrackingCookie.Adocean : Ignored. C:\RECYCLER\S-1-5-21-2025429265-1417001333-1177238915-1001\Dc44.txt -> TrackingCookie.Adocean : Ignored. C:\RECYCLER\S-1-5-21-2025429265-1417001333-1177238915-1001\Dc60.txt -> TrackingCookie.Adocean : Ignored. C:\RECYCLER\S-1-5-21-2025429265-1417001333-1177238915-1001\Dc37.txt -> TrackingCookie.Doubleclick : Ignored. C:\RECYCLER\S-1-5-21-2025429265-1417001333-1177238915-1001\Dc92.txt -> TrackingCookie.Etracker : Ignored. :mozilla.10:C:\Documents and Settings\koles\Dane aplikacji\Mozilla\Firefox\Profiles\4hvizkcp.default\cookies.txt -> TrackingCookie.Googleadservices : Ignored. :mozilla.20:C:\Documents and Settings\koles\Dane aplikacji\Mozilla\Firefox\Profiles\4hvizkcp.default\cookies.txt -> TrackingCookie.Googleadservices : Ignored. :mozilla.55:C:\Documents and Settings\koles\Dane aplikacji\Mozilla\Firefox\Profiles\4hvizkcp.default\cookies.txt -> TrackingCookie.Googleadservices : Ignored. C:\RECYCLER\S-1-5-21-2025429265-1417001333-1177238915-1001\Dc35.txt -> TrackingCookie.Hitslink : Ignored. :mozilla.47:C:\Documents and Settings\koles\Dane aplikacji\Mozilla\Firefox\Profiles\4hvizkcp.default\cookies.txt -> TrackingCookie.Onestat : Ignored. :mozilla.48:C:\Documents and Settings\koles\Dane aplikacji\Mozilla\Firefox\Profiles\4hvizkcp.default\cookies.txt -> TrackingCookie.Onestat : Ignored. :mozilla.50:C:\Documents and Settings\koles\Dane aplikacji\Mozilla\Firefox\Profiles\4hvizkcp.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignored. :mozilla.51:C:\Documents and Settings\koles\Dane aplikacji\Mozilla\Firefox\Profiles\4hvizkcp.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignored. :mozilla.53:C:\Documents and Settings\koles\Dane aplikacji\Mozilla\Firefox\Profiles\4hvizkcp.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignored. :mozilla.54:C:\Documents and Settings\koles\Dane aplikacji\Mozilla\Firefox\Profiles\4hvizkcp.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignored. C:\RECYCLER\S-1-5-21-2025429265-1417001333-1177238915-1001\Dc82.txt -> TrackingCookie.Tradedoubler : Ignored. ::Report end

bie robiłem kopi

Złączono Posta : 04.04.2007 (Sro) 19:55

nie robiłem kopi rejestru tylko wszystko usunąłem