Strasznie komp muli. Duzo syfu w logu

crooliq · 6 Lipiec 2006 18:53

jak w temacie. widzę że jest dużo złych wpisow ale wolę sie poradzic. Załączam loga z hijacka.

Logfile of HijackThis v1.99.1

Scan saved at 20:51:49, on 2006-07-06

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\MKS\Bin\mks_menu.exe

C:\Program Files\MKS\Bin\ABregmon.exe

C:\WINDOWS\mHotkey.exe

C:\WINDOWS\CNYHKey.exe

C:\WINDOWS\StopHid.exe

C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Program Files\MSI\Core Center\CoreCenter.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

C:\Program Files\MKS\Bin\NetMonSV.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\Program Files\MKS\Bin\mksmonsv.exe

C:\WINDOWS\system32\winws.exe

C:\Program Files\MKS\Bin\mks_scan.exe

C:\Documents and Settings\Tomek\Moje dokumenty\Download\Instalki\hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/firefox

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe

O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe

O4 - HKLM\..\Run: [CHotkey] mHotkey.exe

O4 - HKLM\..\Run: [CNYHKey] CNYHKey.exe

O4 - HKLM\..\Run: [StopHid] StopHid.exe

O4 - HKLM\..\Run: [CreativeMouse] C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O17 - HKLM\System\CS2\Services\Tcpip\..\{07221A54-1D7D-4215-A199-3A61FCE3E660}: NameServer = 194.204.152.34 217.98.63.164

O20 - AppInit_DLLs: C:\WINDOWS\System32\tracert.dll

O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\hhicons.dll

O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\mexml.dll

O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\hhicons.dll

O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\mexml.dll

O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - C:\Program Files\MKS\Bin\NetMonSV.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Y3Jvb2xpcQ\command.exe (file missing)

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program Files\MKS\bin\MkSUpdateInt.exe

O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS\Bin\mksmonsv.exe

O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\MKS\Bin\mks_scan.exe

O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)

O23 - Service: Windows Download Manager - Unknown owner - C:\WINDOWS\system32\winws.exe

z góry dziękuje

InfinityToJa · 6 Lipiec 2006 19:07

start>>>uruchom>>>services.msc>>>zatrzymaj i wyłącz usługi Command Service ,Windows Download Manager i network monitor

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com O20 - AppInit_DLLs: C:\WINDOWS\System32\tracert.dll O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\hhicons.dll O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\mexml.dll O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\hhicons.dll O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\mexml.dll O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Y3Jvb2xpcQ\command.exe (file missing) O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing) O23 - Service: Windows Download Manager - Unknown owner - C:\WINDOWS\system32\winws.exe

1.Startujesz do trybu awaryjnego

2.Wyłanczasz przywracanie systemu (tylko Me/Xp)

3.Kasujesz wpisy w HijackThis

4.Kasujesz pogrubione pliki/foldery

5.Dajesz nowy log z hjt + log z Silent Runners

x-awier · 6 Lipiec 2006 19:27

No to może optymilizacja systemu http://forum.dobreprogramy.pl/viewtopic.php?t=76580

crooliq · 6 Lipiec 2006 20:49

usunalem tamte wpisy (po reinstalce systemu bo nie chcial sie odpalic:/) ale ciagle monitor wykrywa full trojanow. log nie jest czysty:/ Daje jeszcze raz

Logfile of HijackThis v1.99.1 Scan saved at 22:50:44, on 2006-07-06 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\MSI\Core Center\CoreCenter.exe C:\Program Files\MKS\Bin\NetMonSV.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\MKS\Bin\mksmonsv.exe C:\WINDOWS\update\updmgr.exe C:\Program Files\MKS\Bin\mks_scan.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Tomek\Moje dokumenty\Download\Instalki\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/firefox R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe O4 - HKLM…\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe O4 - HKLM…\Run: [CHotkey] mHotkey.exe O4 - HKLM…\Run: [CNYHKey] CNYHKey.exe O4 - HKLM…\Run: [stopHid] StopHid.exe O4 - HKLM…\Run: [CreativeMouse] C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe O4 - HKLM…\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [Local Security Authority Service] C:\WINDOWS\System32\lssas.exe O4 - HKLM…\Run: [MS Config] msicfg.exe O4 - HKLM…\Run: [Win Net Wks32] netwks32.exe O4 - HKLM…\RunServices: [MS Config] msicfg.exe O4 - HKLM…\RunServices: [Win Net Wks32] netwks32.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [Win Net Wks32] netwks32.exe O4 - HKCU…\RunServices: [Win Net Wks32] netwks32.exe O4 - Startup: Y’z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O17 - HKLM\System\CCS\Services\Tcpip…{07221A54-1D7D-4215-A199-3A61FCE3E660}:

Pomozcie prosze

Dodam jeszcze ze wlaczaja mi sie same jakies stronki z reklamami. co pare minut

InfinityToJa · 6 Lipiec 2006 20:54

taa, a robiłeś ją bez neta ?

log ucięty, wstaw wszystkie logi o które cię prosiłem (hijackthis, silent runners , l2mfix)

crooliq · 6 Lipiec 2006 21:38

l2m nie chce sie odpalic. Raz w awaryjnym sie odpalil ale sie zawiesil wiec nic z tego. Komp sie wiesza co chwile, nie panuje nad nim ciagle cos wykrywa. Daje loga z hijacka i silenta. Powoli sie zalamuje:(

Logfile of HijackThis v1.99.1 Scan saved at 23:38:27, on 2006-07-06 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\MKS\Bin\mks_menu.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\CNYHKey.exe C:\WINDOWS\StopHid.exe C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\lssas.exe C:\WINDOWS\System32\netwks32.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSI\Core Center\CoreCenter.exe C:\Program Files\ewido anti-malware\SecuritySuite.exe C:\Program Files\MKS\Bin\NetMonSV.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\MKS\Bin\mksmonsv.exe C:\WINDOWS\update\updmgr.exe C:\Program Files\MKS\Bin\mks_scan.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Tomek\Moje dokumenty\Download\Instalki\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/firefox R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe O4 - HKLM…\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe O4 - HKLM…\Run: [CHotkey] mHotkey.exe O4 - HKLM…\Run: [CNYHKey] CNYHKey.exe O4 - HKLM…\Run: [stopHid] StopHid.exe O4 - HKLM…\Run: [CreativeMouse] C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe O4 - HKLM…\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [Local Security Authority Service] C:\WINDOWS\System32\lssas.exe O4 - HKLM…\Run: [MS Config] msicfg.exe O4 - HKLM…\Run: [Win Net Wks32] netwks32.exe O4 - HKLM…\Run: [Microsoft ® Windows Update Manager] C:\WINDOWS\update\updmgr.exe O4 - HKLM…\RunServices: [MS Config] msicfg.exe O4 - HKLM…\RunServices: [Win Net Wks32] netwks32.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [Win Net Wks32] netwks32.exe O4 - HKCU…\RunServices: [Win Net Wks32] netwks32.exe O4 - Startup: Y’z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O17 - HKLM\System\CCS\Services\Tcpip…{07221A54-1D7D-4215-A199-3A61FCE3E660}: NameServer = 194.204.152.34 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip…{07221A54-1D7D-4215-A199-3A61FCE3E660}: NameServer = 194.204.152.34 217.98.63.164 O17 - HKLM\System\CS2\Services\Tcpip…{07221A54-1D7D-4215-A199-3A61FCE3E660}: NameServer = 194.204.152.34 217.98.63.164 O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\en4ul1h91.dll O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - C:\Program Files\MKS\Bin\NetMonSV.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program Files\MKS\bin\MkSUpdateInt.exe O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS\Bin\mksmonsv.exe O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\MKS\Bin\mks_scan.exe O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - C:\WINDOWS\update\updmgr.exe

Silent

“Silent Runners.vbs”, revision 44, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS] “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu Sp. z oo”] “Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”] “Win Net Wks32” = “netwks32.exe” [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “ATIPTA” = “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [“ATI Technologies, Inc.”] “ATICCC” = ““C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime” [null data] “SpeedTouch USB Diagnostics” = ““C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon” [“THOMSON Telecom Belgium”] “DAEMON Tools” = ““C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033” [“DT Soft Ltd.”] “MKS_MENU” = “C:\Program Files\MKS\Bin\mks_menu.exe” [“MKS Sp. z o.o.”] “ABREGMON” = “C:\Program Files\MKS\Bin\ABregmon.exe” [“ArcaBit”] “CHotkey” = “mHotkey.exe” [“Creative”] “CNYHKey” = “CNYHKey.exe” [“Creative”] “StopHid” = “StopHid.exe” [null data] "CreativeMouse " = “C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe” [empty string] “PinnacleDriverCheck” = “C:\WINDOWS\System32\PSDrvCheck.exe” [empty string] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “SunJavaUpdateSched” = “C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [“Sun Microsystems, Inc.”] “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “Local Security Authority Service” = “C:\WINDOWS\System32\lssas.exe” [null data] “MS Config” = “msicfg.exe” [null data] “Win Net Wks32” = “netwks32.exe” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{5E2121EE-0300-11D4-8D3B-444553540000}” = “Catalyst Context Menu extension” -> {HKLM…CLSID} = “SimpleShlExt Class” \InProcServer32(Default) = “C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll” [empty string] “{ABC70703-32AF-11d4-90C4-D483A70F4825}” = “CMenuExtender” -> {HKLM…CLSID} = “CMenuExtender” \InProcServer32(Default) = “C:\WINDOWS\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll” [“Revenger inc.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL” [MS] “{FED7043D-346A-414D-ACD7-550D052499A7}” = “dBpowerAMP Music Converter 1” -> {HKLM…CLSID} = “dBpShell Class” \InProcServer32(Default) = “C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll” [empty string] “{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}” = “dBpowerAMP Music Converter” -> {HKLM…CLSID} = “dMCIShell Class” \InProcServer32(Default) = “C:\Program Files\Illustrate\dBpowerAMP\dMCShell.dll” [empty string] “{BCA674D4-1F7A-4FE4-B6D3-9206507444DD}” = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\hhicons.dll” [file not found] “{4D517249-8670-4DDC-B0A1-B447FA74AF04}” = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\mexml.dll” [file not found] “{630B7C83-D9CE-4058-AFC6-5805BA31806D}” = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\RKLCPAPI.dll” [file not found] “{D195F983-6BFC-417D-92E9-5EC253EAB90B}” = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\tbaffic.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! “{54D9498B-CF93-414F-8984-8CE7FDE0D391}” = “ewido shell guard” -> {HKLM…CLSID} = “CShellExecuteHookImpl Object” \InProcServer32(Default) = “C:\Program Files\ewido anti-malware\shellhook.dll” ["TODO: "] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] INFECTION WARNING! OptimalLayout\DLLName = “C:\WINDOWS\system32\s0pu0a79ed.dll” [null data] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {FED7043D-346A-414D-ACD7-550D052499A7}(Default) = “dBpowerAMP Column Handler” -> {HKLM…CLSID} = “dBpShell Class” \InProcServer32(Default) = “C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll” [empty string] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ ewido(Default) = “{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}” -> {HKLM…CLSID} = “Ctest Object” \InProcServer32(Default) = “C:\Program Files\ewido anti-malware\context.dll” [“ewido networks”] MkS_Vir(Default) = “{CC4245C0-D511-11D0-8918-444553540000}” -> {HKLM…CLSID} = “MkS_Vir Shell Extension” \InProcServer32(Default) = “C:\Program Files\MKS\Bin\MkSShell.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ CMenuExtender(Default) = “{ABC70703-32AF-11d4-90C4-D483A70F4825}” -> {HKLM…CLSID} = “CMenuExtender” \InProcServer32(Default) = “C:\WINDOWS\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll” [“Revenger inc.”] ewido(Default) = “{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}” -> {HKLM…CLSID} = “Ctest Object” \InProcServer32(Default) = “C:\Program Files\ewido anti-malware\context.dll” [“ewido networks”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ MkS_Vir(Default) = “{CC4245C0-D511-11D0-8918-444553540000}” -> {HKLM…CLSID} = “MkS_Vir Shell Extension” \InProcServer32(Default) = “C:\Program Files\MKS\Bin\MkSShell.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Startup items in “Tomek” & “All Users” startup folders: ------------------------------------------------------- C:\Documents and Settings\Tomek\Menu Start\Programy\Autostart “Y’z ToolBar” -> shortcut to: “C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe” [“Y’z@Home”] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “ATI CATALYST System Tray” -> shortcut to: “C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe SystemTray” [null data] “Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS] “CoreCenter” -> shortcut to: “C:\Program Files\MSI\Core Center\CoreCenter.exe” [empty string] Enabled Scheduled Tasks: ------------------------ “MkSUpdate” -> launches: “C:\Program Files\MKS\bin\mks_upd.exe Task” [“MkS Sp. z o. o.”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Gutek · 6 Lipiec 2006 22:01

Najpierw użyj Look2Me-Destroyer - opis działania - http://forum.dobreprogramy.pl/viewtopic.php?t=36654

Po tym nowe logi i zajmiemy się resztą:

crooliq · 6 Lipiec 2006 22:19

Look2Me-Destroyer nie chce mi sie odpalic. Ani w awarynym ani w normalnym. Przez zaplanowane zadania tez probowalem i nic… Co mam zrobic z tym??

Myszak · 6 Lipiec 2006 22:37

a dlaczego … ? :-k pokazuje jakiś komunikat itp. :-k ?

crooliq · 6 Lipiec 2006 22:53

No wlasnie nie. Nic sie nie pokazuje po prostu… Jutro bede cos probowal bo juz nie mam sily na to…

Złączono Posta : 07.07.2006 (Pią) 9:45

W koncu uruchomilem L2M i wyczyscilem z tego badziewia. Ale monitor MKS’a ciagle wykrywa jakies badziewie i na moje oko log nie jest czysty. Wiec daje go jeszcze raz.

Logfile of HijackThis v1.99.1 Scan saved at 09:45:59, on 2006-07-07 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\logonui.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\MKS\Bin\mks_menu.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\CNYHKey.exe C:\WINDOWS\StopHid.exe C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\MSI\Core Center\CoreCenter.exe C:\Program Files\MKS\Bin\NetMonSV.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\MKS\Bin\mksmonsv.exe C:\Program Files\MKS\Bin\mks_scan.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Tomek\Moje dokumenty\Download\Instalki\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/firefox R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe O4 - HKLM…\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe O4 - HKLM…\Run: [CHotkey] mHotkey.exe O4 - HKLM…\Run: [CNYHKey] CNYHKey.exe O4 - HKLM…\Run: [stopHid] StopHid.exe O4 - HKLM…\Run: [CreativeMouse] C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe O4 - HKLM…\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - Startup: Y’z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O17 - HKLM\System\CCS\Services\Tcpip…{07221A54-1D7D-4215-A199-3A61FCE3E660}: NameServer = 194.204.152.34 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip…{07221A54-1D7D-4215-A199-3A61FCE3E660}: NameServer = 194.204.152.34 217.98.63.164 O17 - HKLM\System\CS2\Services\Tcpip…{07221A54-1D7D-4215-A199-3A61FCE3E660}: NameServer = 194.204.152.34 217.98.63.164 O17 - HKLM\System\CS3\Services\Tcpip…{07221A54-1D7D-4215-A199-3A61FCE3E660}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - C:\Program Files\MKS\Bin\NetMonSV.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program Files\MKS\bin\MkSUpdateInt.exe O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS\Bin\mksmonsv.exe O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\MKS\Bin\mks_scan.exe O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - C:\WINDOWS\update\updmgr.exe (file missing)

Chodzi mi o wpisy 09 i 017. Na pewno nie sa bledne?

Złączono Posta : 07.07.2006 (Pią) 10:17

Aha no i jeszcze log z silenta

“Silent Runners.vbs”, revision 44, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS] “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu Sp. z oo”] “Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “ATIPTA” = “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [“ATI Technologies, Inc.”] “ATICCC” = ““C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime” [null data] “SpeedTouch USB Diagnostics” = ““C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon” [“THOMSON Telecom Belgium”] “DAEMON Tools” = ““C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033” [“DT Soft Ltd.”] “MKS_MENU” = “C:\Program Files\MKS\Bin\mks_menu.exe” [“MKS Sp. z o.o.”] “ABREGMON” = “C:\Program Files\MKS\Bin\ABregmon.exe” [“ArcaBit”] “CHotkey” = “mHotkey.exe” [“Creative”] “CNYHKey” = “CNYHKey.exe” [“Creative”] “StopHid” = “StopHid.exe” [null data] "CreativeMouse " = “C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe” [empty string] “PinnacleDriverCheck” = “C:\WINDOWS\System32\PSDrvCheck.exe” [empty string] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “SunJavaUpdateSched” = “C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [“Sun Microsystems, Inc.”] “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “KernelFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -k” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{5E2121EE-0300-11D4-8D3B-444553540000}” = “Catalyst Context Menu extension” -> {HKLM…CLSID} = “SimpleShlExt Class” \InProcServer32(Default) = “C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll” [empty string] “{ABC70703-32AF-11d4-90C4-D483A70F4825}” = “CMenuExtender” -> {HKLM…CLSID} = “CMenuExtender” \InProcServer32(Default) = “C:\WINDOWS\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll” [“Revenger inc.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL” [MS] “{FED7043D-346A-414D-ACD7-550D052499A7}” = “dBpowerAMP Music Converter 1” -> {HKLM…CLSID} = “dBpShell Class” \InProcServer32(Default) = “C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll” [empty string] “{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}” = “dBpowerAMP Music Converter” -> {HKLM…CLSID} = “dMCIShell Class” \InProcServer32(Default) = “C:\Program Files\Illustrate\dBpowerAMP\dMCShell.dll” [empty string] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! “{54D9498B-CF93-414F-8984-8CE7FDE0D391}” = “ewido shell guard” -> {HKLM…CLSID} = “CShellExecuteHookImpl Object” \InProcServer32(Default) = “C:\Program Files\ewido anti-malware\shellhook.dll” ["TODO: "] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {FED7043D-346A-414D-ACD7-550D052499A7}(Default) = “dBpowerAMP Column Handler” -> {HKLM…CLSID} = “dBpShell Class” \InProcServer32(Default) = “C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll” [empty string] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ ewido(Default) = “{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}” -> {HKLM…CLSID} = “Ctest Object” \InProcServer32(Default) = “C:\Program Files\ewido anti-malware\context.dll” [“ewido networks”] MkS_Vir(Default) = “{CC4245C0-D511-11D0-8918-444553540000}” -> {HKLM…CLSID} = “MkS_Vir Shell Extension” \InProcServer32(Default) = “C:\Program Files\MKS\Bin\MkSShell.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ CMenuExtender(Default) = “{ABC70703-32AF-11d4-90C4-D483A70F4825}” -> {HKLM…CLSID} = “CMenuExtender” \InProcServer32(Default) = “C:\WINDOWS\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll” [“Revenger inc.”] ewido(Default) = “{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}” -> {HKLM…CLSID} = “Ctest Object” \InProcServer32(Default) = “C:\Program Files\ewido anti-malware\context.dll” [“ewido networks”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ MkS_Vir(Default) = “{CC4245C0-D511-11D0-8918-444553540000}” -> {HKLM…CLSID} = “MkS_Vir Shell Extension” \InProcServer32(Default) = “C:\Program Files\MKS\Bin\MkSShell.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Startup items in “Tomek” & “All Users” startup folders: ------------------------------------------------------- C:\Documents and Settings\Tomek\Menu Start\Programy\Autostart “Y’z ToolBar” -> shortcut to: “C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe” [“Y’z@Home”] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “ATI CATALYST System Tray” -> shortcut to: “C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe SystemTray” [null data] “Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS] “CoreCenter” -> shortcut to: “C:\Program Files\MSI\Core Center\CoreCenter.exe” [empty string] Enabled Scheduled Tasks: ------------------------ “MkSUpdate” -> launches: “C:\Program Files\MKS\bin\mks_upd.exe Task” [“MkS Sp. z o. o.”] “Nowe zadanie” -> WARNING – The file “Nowe zadanie.job” is corrupt! (no executable) “Look2Me-Destroyer” -> launches: “C:\Documents and Settings\Tomek\Moje dokumenty\Download\Instalki\Look2Me-Destroyer.exe” [“Atribune.org”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_06” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll” [“Sun Microsystems, Inc.”] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ ArcaBit NetMonitor, ABNetMon, “C:\Program Files\MKS\Bin\NetMonSV.exe” [“ArcaBit sp. z o.o.”] Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\System32\Ati2evxx.exe” [“ATI Technologies Inc.”] ewido security suite control, ewido security suite control, “C:\Program Files\ewido anti-malware\ewidoctrl.exe” [“ewido networks”] MkS_Scan, MkS_Scan, “C:\Program Files\MKS\Bin\mks_scan.exe” [empty string] MkS_Vir Monitor, MksVirMonSvc, “C:\Program Files\MKS\Bin\mksmonsv.exe” [empty string] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Monitor 2 języka BJ\Driver = “CNBJMON2.DLL” [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer “No” at the first message box. ---------- (total run time: 112 seconds, including 4 seconds for message boxes)

Złączono Posta : 07.07.2006 (Pią) 11:32

ciagle mi wykrywa robaka w “c:\windows\system32\wmimgr32.dll” Mam go usunac killboxem??? Niech ktos mi pomoze prosze.

Złączono Posta : 07.07.2006 (Pią) 13:18

Wstawiam sciezke do killboxa, znajduje plik, naciskam delete on reboot, naciskam usun i nic sie nie dzieje. NIe wiem co z tym zrobic. Skanuje ewido raz po raz i ciagle wykrywa prawie 100 trojanow

kuz5 · 7 Lipiec 2006 18:37

Start => Panel Sterowania => Zaplanowane zadania , kliknąć na (“At”) zadanie z ikonką Look2Me-Destroyer prawym przyciskiem myszy i wybrać Uruchom

Logi sa ok

Ciachnij:

017 to twoje dnsy, a 09 to możesz ciachnąc ale te co podałem wyżej

Odpalasz Killboxa zaznacz opcję Delete on Reboot następnie w polu Full Path of File to Delete wklej ścieżke i klikasz x

crooliq · 7 Lipiec 2006 21:30

L2M juz sie odpalilo wczoraj. Usunelo sie to co trzeba.

Zaznaczone wpisy 09 usunalem Hijackiem.

Ciagle to samo. Naciskam krzyzyk i nic sie nie dzieje… Plik ciagle jest na dysku.

P.S Dzieki za odpowiedz. Juz myslalem ze zostane sam z tym problemem

Myszak · 7 Lipiec 2006 22:00

a zrobiłeś restart kompa … ? :-k

crooliq · 7 Lipiec 2006 22:03

Bo to raz… Probowalem w awaryjnym i normalnym po pare razy…

Gutek · 7 Lipiec 2006 22:09

Użyj Unlocker 1.8.3 i aby np: usunąć plik należy wybrać na niego prawym myszy a następnie opcje unlocker.

crooliq · 8 Lipiec 2006 06:38

Zainstalowalem Unlokera 1.8.3. Gdy klikam prawym na kazdy normalny plik otwiera sie okienko gdzie moge skasowac plik. Natomiast gdy klikam prawym na ten “wmimgr32.dll” i naciskam unlocker, wlacza mi sie unlocker asistant i mam tylko liste procesow. Nie moge usunac pliku…

Gutek · 8 Lipiec 2006 09:21

Pomocy :mrgreen: - Na dole mamy opcje do wyboru. W przypadku gdy to jest wirus lub inny złośliwy plik który nie chce opuścić naszego dysku wybieramy opcje “UWOLNIJ WSZYSTKIE”

Następnie należy wybrać akcje i mamy do wyboru “skasuj” “zmień nazwę”, “przesuń” W przypadku naszego złośliwego pliku wybieramy oczywiście “skasuj”

crooliq · 8 Lipiec 2006 19:41

Plik sie usuwa ale po restarcie jest znowu. Na poczatku pokazuje sie jeszcze blad ze bibloteka dll (tu sciezka i plik) nie jest wlasciwym obrazem systemu windows NT. W ogole zanim sie wszystko uruchomi mija duzo czasu, tak jakby przez jakies pare chwil komp nic nie robil tylko czekal na niewiadomo co.

No i jak zwykle full trojanow na kompie.

Dodam jeszcze ze na dysku c jest ukryty folder “System Volume Information” i tam w srodku jest ponad 1,5 giga plikow exe o nazwach np “A0009442.EXE” z ikonkami aplikacji ktore mam lub mialem na dysku.

Oprocz tego w katalogu glownym dysku c sa jakies pliki rodem z win98 np. Autoexec.bat, config.sys, IO.sys, boot.ini itp. Wczesniej ich nie bylo (raczej).

InfinityToJa · 8 Lipiec 2006 20:16

punkty przywracania systemu, możesz wyłączyć tą usługe, start>>>uruchom>>>services.msc>>>zatrzymaj i wyłącz usługa przywracania systemu

nie ruszaj ich, pokazały się bo masz zaznaczone w opcjach folderów pokazuj ukryte pliki i foldery i odznaczone ukryj chronione pliki windows

Wklej nowe logi

crooliq · 9 Lipiec 2006 08:02

OK daje nowe logi:

Logfile of HijackThis v1.99.1 Scan saved at 10:00:14, on 2006-07-09 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\MKS\Bin\mks_menu.exe C:\Program Files\MKS\Bin\ABregmon.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\CNYHKey.exe C:\WINDOWS\StopHid.exe C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSI\Core Center\CoreCenter.exe C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe C:\Program Files\MKS\Bin\NetMonSV.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\MKS\Bin\mksmonsv.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Gadu-Gadu\gg.exe C:\DOCUME~1\Tomek\USTAWI~1\Temp\winktbeŕ.exe C:\Program Files\Winamp\winamp.exe C:\Documents and Settings\Tomek\Moje dokumenty\Download\Instalki\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/firefox R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe O4 - HKLM…\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe O4 - HKLM…\Run: [CHotkey] mHotkey.exe O4 - HKLM…\Run: [CNYHKey] CNYHKey.exe O4 - HKLM…\Run: [stopHid] StopHid.exe O4 - HKLM…\Run: [CreativeMouse] C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe O4 - HKLM…\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [unlockerAssistant] “C:\Program Files\Unlocker\UnlockerAssistant.exe” -H O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - Startup: Y’z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O17 - HKLM\System\CCS\Services\Tcpip…{07221A54-1D7D-4215-A199-3A61FCE3E660}: NameServer = 194.204.152.34 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip…{07221A54-1D7D-4215-A199-3A61FCE3E660}: NameServer = 194.204.152.34 217.98.63.164 O17 - HKLM\System\CS2\Services\Tcpip…{07221A54-1D7D-4215-A199-3A61FCE3E660}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - C:\Program Files\MKS\Bin\NetMonSV.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program Files\MKS\bin\MkSUpdateInt.exe O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS\Bin\mksmonsv.exe O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\MKS\Bin\mks_scan.exe O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - C:\WINDOWS\update\updmgr.exe (file missing)

“Silent Runners.vbs”, revision 44, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS] “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu Sp. z oo”] “Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “ATIPTA” = “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [“ATI Technologies, Inc.”] “ATICCC” = ““C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime” [null data] “SpeedTouch USB Diagnostics” = ““C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon” [“THOMSON Telecom Belgium”] “DAEMON Tools” = ““C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033” [“DT Soft Ltd.”] “MKS_MENU” = “C:\Program Files\MKS\Bin\mks_menu.exe” [“MKS Sp. z o.o.”] “ABREGMON” = “C:\Program Files\MKS\Bin\ABregmon.exe” [“ArcaBit”] “CHotkey” = “mHotkey.exe” [“Creative”] “CNYHKey” = “CNYHKey.exe” [“Creative”] “StopHid” = “StopHid.exe” [null data] "CreativeMouse " = “C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe” [empty string] “PinnacleDriverCheck” = “C:\WINDOWS\System32\PSDrvCheck.exe” [empty string] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “SunJavaUpdateSched” = “C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [“Sun Microsystems, Inc.”] “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “KernelFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -k” [MS] “UnlockerAssistant” = ““C:\Program Files\Unlocker\UnlockerAssistant.exe” -H” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{5E2121EE-0300-11D4-8D3B-444553540000}” = “Catalyst Context Menu extension” -> {HKLM…CLSID} = “SimpleShlExt Class” \InProcServer32(Default) = “C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll” [empty string] “{ABC70703-32AF-11d4-90C4-D483A70F4825}” = “CMenuExtender” -> {HKLM…CLSID} = “CMenuExtender” \InProcServer32(Default) = “C:\WINDOWS\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll” [“Revenger inc.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL” [MS] “{FED7043D-346A-414D-ACD7-550D052499A7}” = “dBpowerAMP Music Converter 1” -> {HKLM…CLSID} = “dBpShell Class” \InProcServer32(Default) = “C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll” [empty string] “{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}” = “dBpowerAMP Music Converter” -> {HKLM…CLSID} = “dMCIShell Class” \InProcServer32(Default) = “C:\Program Files\Illustrate\dBpowerAMP\dMCShell.dll” [empty string] “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” = “UnlockerShellExtension” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “C:\Program Files\Unlocker\UnlockerCOM.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! “{54D9498B-CF93-414F-8984-8CE7FDE0D391}” = “ewido shell guard” -> {HKLM…CLSID} = “CShellExecuteHookImpl Object” \InProcServer32(Default) = “C:\Program Files\ewido anti-malware\shellhook.dll” ["TODO: "] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {FED7043D-346A-414D-ACD7-550D052499A7}(Default) = “dBpowerAMP Column Handler” -> {HKLM…CLSID} = “dBpShell Class” \InProcServer32(Default) = “C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll” [empty string] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ ewido(Default) = “{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}” -> {HKLM…CLSID} = “Ctest Object” \InProcServer32(Default) = “C:\Program Files\ewido anti-malware\context.dll” [“ewido networks”] MkS_Vir(Default) = “{CC4245C0-D511-11D0-8918-444553540000}” -> {HKLM…CLSID} = “MkS_Vir Shell Extension” \InProcServer32(Default) = “C:\Program Files\MKS\Bin\MkSShell.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ CMenuExtender(Default) = “{ABC70703-32AF-11d4-90C4-D483A70F4825}” -> {HKLM…CLSID} = “CMenuExtender” \InProcServer32(Default) = “C:\WINDOWS\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll” [“Revenger inc.”] ewido(Default) = “{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}” -> {HKLM…CLSID} = “Ctest Object” \InProcServer32(Default) = “C:\Program Files\ewido anti-malware\context.dll” [“ewido networks”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ MkS_Vir(Default) = “{CC4245C0-D511-11D0-8918-444553540000}” -> {HKLM…CLSID} = “MkS_Vir Shell Extension” \InProcServer32(Default) = “C:\Program Files\MKS\Bin\MkSShell.dll” [null data] UnlockerShellExtension(Default) = “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “C:\Program Files\Unlocker\UnlockerCOM.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Startup items in “Tomek” & “All Users” startup folders: ------------------------------------------------------- C:\Documents and Settings\Tomek\Menu Start\Programy\Autostart “Y’z ToolBar” -> shortcut to: “C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe” [“Y’z@Home”] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “ATI CATALYST System Tray” -> shortcut to: “C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe SystemTray” [null data] “Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS] “CoreCenter” -> shortcut to: “C:\Program Files\MSI\Core Center\CoreCenter.exe” [empty string] Enabled Scheduled Tasks: ------------------------ “MkSUpdate” -> launches: “C:\Program Files\MKS\bin\mks_upd.exe Task” [“MkS Sp. z o. o.”] “Nowe zadanie” -> WARNING – The file “Nowe zadanie.job” is corrupt! (no executable) Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_06” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll” [“Sun Microsystems, Inc.”] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ ArcaBit NetMonitor, ABNetMon, “C:\Program Files\MKS\Bin\NetMonSV.exe” [“ArcaBit sp. z o.o.”] Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\System32\Ati2evxx.exe” [“ATI Technologies Inc.”] ewido security suite control, ewido security suite control, “C:\Program Files\ewido anti-malware\ewidoctrl.exe” [“ewido networks”] MkS_Vir Monitor, MksVirMonSvc, “C:\Program Files\MKS\Bin\mksmonsv.exe” [empty string] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Monitor 2 języka BJ\Driver = “CNBJMON2.DLL” [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer “No” at the first message box. ---------- (total run time: 133 seconds, including 4 seconds for message boxes)

W ogole dziwnie bo mialem wylaczone przywracanie systemu, a teraz mam wlaczone…

Złączono Posta : 11.07.2006 (Wto) 9:08

Logi są czyste? Nadal komp mi sie dlugo odpala i ciagle jest tamten zlosliwy plik, po usunieciu i restarcie znow sie tworzy.

Złączono Posta : 14.07.2006 (Pią) 15:25

Ktos mi pomoze ???