Strasznie wolno wczytujące się strony

krystian99901 · 19 Lipiec 2007 10:18

Otóż strony bardzo wolno się wczytują, aby się tu zalogować spędziłem chyba z pół godziny bo gdy kilikałem na zaloguj to czekałem jakiś czas a później pokazywało się błąd strony limit czasu został przekroczony i takie tam.

Logfile of HijackThis v1.99.1 Scan saved at 12:00:21, on 2007-07-19 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\System32\wdfmgr.exe D:\Programy sciagniete\Gadu-Gadu\gg.exe D:\Program Files\Kalendarz XP\Kalendarz.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Krystian\Pulpit\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = neostrada tp R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O3 - Toolbar: &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll O4 - HKLM…\RunServices: [Office XP hack] c:\office_patch.exe hack O4 - HKCU…\Run: [Gadu-Gadu] “D:\Programy sciagniete\Gadu-Gadu\gg.exe” /tray O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Kalendarz XP.lnk = D:\Program Files\Kalendarz XP\Kalendarz.exe O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open With JPEGCompress - res://D:\Program Files\JPEGCompress\owjc.dll/CONTEXT_HANDLE.HTM O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe O9 - Extra ‘Tools’ menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 7923057671 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) - O17 - HKLM\System\CCS\Services\Tcpip…{8CABA055-3DCA-429E-A7D0-94F0968674DE}: NameServer = 85.255.113.147,85.255.112.188 O17 - HKLM\System\CCS\Services\Tcpip…{D865AC75-38A1-4BA8-A273-1665D359BF87}: NameServer = 85.255.113.147 85.255.112.188 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.113.147 85.255.112.188 O17 - HKLM\System\CS3\Services\Tcpip…{8CABA055-3DCA-429E-A7D0-94F0968674DE}: NameServer = 85.255.113.147,85.255.112.188 O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.113.147 85.255.112.188 O17 - HKLM\System\CS4\Services\Tcpip…{8CABA055-3DCA-429E-A7D0-94F0968674DE}: NameServer = 85.255.113.147,85.255.112.188 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.147 85.255.112.188 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - D:\Program Files\Nowy folder\Nero 7\Nero BackItUp\NBService.exe

model12 · 19 Lipiec 2007 10:30

Miałem to samo pewnie awaria serwera?

krystian99901 · 19 Lipiec 2007 10:34

No być może ale to nie chodzi tylko o Dobre Programy, inne strony też mi się strasznie wolno wczytują.

model12 · 19 Lipiec 2007 10:38

No to musisz poczekać na mistrzów czytania logów.

adam9870 · 19 Lipiec 2007 10:38

O4 - HKLM…\RunServices: [Office XP hack] c:\office_patch.exe hack O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) - O17 - HKLM\System\CCS\Services\Tcpip…{8CABA055-3DCA-429E-A7D0-94F0968674DE}: NameServer = 85.255.113.147,85.255.112.188 O17 - HKLM\System\CCS\Services\Tcpip…{D865AC75-38A1-4BA8-A273-1665D359BF87}: NameServer = 85.255.113.147 85.255.112.188 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.113.147 85.255.112.188 O17 - HKLM\System\CS3\Services\Tcpip…{8CABA055-3DCA-429E-A7D0-94F0968674DE}: NameServer = 85.255.113.147,85.255.112.188 O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.113.147 85.255.112.188 O17 - HKLM\System\CS4\Services\Tcpip…{8CABA055-3DCA-429E-A7D0-94F0968674DE}: NameServer = 85.255.113.147,85.255.112.188 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.147 85.255.112.188

Plik zaznaczony na czerwono usuń ręcznie z dysku w trybie awaryjnym natomiast wpisy HijackThis.

Użyj narzędzia FixWareOut.

Po wykonaniu pokaż zawartość pliku c:\fixwareout\report.txt plus log z ComboFix. Aby zrobić w nim log należy go uruchomić => nacisnąć klawisz Y => czekać cierpliwie i log powinien być w formie pliku .txt o nazwie combofix na partycji C.

krystian99901 · 19 Lipiec 2007 10:56

FixWareOut

Username “Krystian” - 2007-07-19 12:46:44 [Fixwareout edited 2007/07/05] »»»»»Prerun check HKLM\SOFTWARE~\Winlogon\ “System”=“kdogv.exe” HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces{D865AC75-38A1-4BA8-A273-1665D359BF87} “nameserver”=“85.255.113.147” HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces{96319D83-69E9-44C5-9FBA-E1ED131B1118} “DhcpNameServer”=“85.255.113.147,85.255.112.188” Pomyślnie opróżniono pamięć podręczną programu rozpoznawania nazw DNS. System was rebooted successfully. »»»»» Postrun check HKLM\SOFTWARE~\Winlogon\ “system”="" … … »»»»» Misc files. … »»»»» Checking for older varients. … »»»»» Other C:\WINDOWS\TEMP\kdogv.ren 63436 2004-08-04 »»»»» Current runs (hklm hkcu “run” Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Gadu-Gadu”="“D:\Programy sciagniete\Gadu-Gadu\gg.exe” /tray" … Hosts file was reset, If you use a custom hosts file please replace it C:\WINDOWS\repair\autoexec.nt missing C:\WINDOWS\repair\Config.nt missing »»»»» End report »»»»»

Combofix

“Krystian” - 2007-07-19 12:50:30 - ComboFix 07-07-17.8 - Dodatek Service Pack 2 FAT32 ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32.exe ((((((((((((((((((((((((( Files Created from 2007-06-19 to 2007-07-19 ))))))))))))))))))))))))))))))) 2007-07-19 12:50 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-19 12:46 6,870 --a------ C:\dnsbak.reg 2007-07-16 21:00 2007-07-16 20:07 2007-07-13 20:29 2007-07-13 19:36 72,234 --a------ C:\WINDOWS\BricoPackUninst.cmd 2007-07-13 19:34 5,376 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd 2007-07-13 19:34 2007-07-12 22:33 2007-07-12 22:32 2007-07-12 22:27 2007-07-12 15:33 2007-07-12 13:45 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll 2007-07-11 20:14 2007-07-07 10:29 2007-07-05 10:33 111,104 --a------ C:\WINDOWS\system32\uharc.exe 2007-07-04 14:43 2007-07-04 14:39 2,321,408 --a------ C:\WINDOWS\system32\TUKernel.exe 2007-07-03 17:17 2007-07-03 16:21 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll 2007-07-03 16:21 2007-07-03 16:21 2007-07-02 21:41 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe 2007-07-02 21:41 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-07-02 21:41 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-07-02 21:41 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-07-02 21:37 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2007-07-02 21:37 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2007-07-02 21:37 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2007-07-02 21:37 740,442 --a------ C:\WINDOWS\system32\DivX.dll 2007-07-02 21:37 73,728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-07-02 21:37 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll 2007-07-02 21:37 57,344 --a------ C:\WINDOWS\system32\dpv11.dll 2007-07-02 21:37 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll 2007-07-02 21:37 344,064 --a------ C:\WINDOWS\system32\dpus11.dll 2007-07-02 21:37 294,912 --a------ C:\WINDOWS\system32\dpu11.dll 2007-07-02 21:37 294,912 --a------ C:\WINDOWS\system32\dpu10.dll 2007-07-02 21:37 196,608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-07-02 21:36 124,472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe 2007-07-02 21:36 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll 2007-07-02 14:55 45,568 --a------ C:\WINDOWS\UniFish3.exe 2007-06-29 08:29 23 --ahs---- C:\WINDOWS\system32\fe6_r.dll 2007-06-28 13:38 2007-06-28 13:29 2007-06-27 15:11 98,304 --a------ C:\WINDOWS\system32\N2PUtil.dll 2007-06-27 15:11 28,672 --a------ C:\WINDOWS\system32\N2PAuto.exe 2007-06-27 15:11 2007-06-27 15:11 2007-06-27 12:17 2007-06-26 15:52 2007-06-26 14:24 2007-06-24 10:46 2007-06-24 10:46 2007-06-24 10:46 2007-06-24 10:46 2007-06-24 10:46 2007-06-23 18:57 2007-06-23 18:06 2007-06-19 19:28 2007-06-19 19:25 2007-06-19 16:35 569,344 --a------ C:\WINDOWS\system32\imagr5.dll 2007-06-19 16:35 544,768 --a------ C:\WINDOWS\system32\imagx5.dll 2007-06-19 16:35 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll 2007-06-19 16:35 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-06-19 16:15 2007-06-19 15:02 2007-06-19 14:10 5 --ahs---- C:\WINDOWS\system32\ddaecdf3_g.dll 2007-06-19 14:04 8,192 --a------ C:\WINDOWS\system32\cidaemon.exe 2007-06-19 08:52 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-13 17:36:46 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll 2007-07-11 18:13:52 10,368 ----a-w C:\WINDOWS\system32\drivers\pfc.sys 2007-07-11 08:26:16 79,408 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-07-11 08:26:16 458,022 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-07-01 09:35:34 737,280 ----a-w C:\WINDOWS\iun6002.exe 2007-06-20 06:46:18 0 ----a-w C:\adware.exe 2007-06-19 09:16:26 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-06-17 17:57:06 129,522 ----a-w C:\WINDOWS\system32\otjshx.exe 2007-06-17 15:04:28 0 ----a-w C:\CONFIG.SYS 2007-06-17 15:04:28 0 ----a-w C:\AUTOEXEC.BAT 2007-06-14 12:00:06 -------- d-----w C:\DOCUME~1\Krystian\DANEAP~1\Gadu-Gadu 2007-06-04 13:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2007-06-04 13:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-06-04 13:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys 2007-05-31 13:53:32 27 ----a-w C:\WINDOWS\tamer.bat 2007-05-16 15:18:58 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-08 18:23:10 10,752 ----a-w C:\WINDOWS\system32\ff_vfw.dll 2007-04-25 14:23:30 144,896 ----a-w C:\WINDOWS\system32\schannel.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{00C6482D-C502-44C8-8409-FCE54AD9C208}] 2007-02-06 09:08 63048 --a------ C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2003-11-04 01:17 54248 --a------ D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}] 2005-05-31 02:04 853672 --a------ D:\PROGRA~2\SPYBOT~1\SDHelper.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] C:\Program Files\Java\jre1.6.0\bin\ssv.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Gadu-Gadu”=“D:\Programy sciagniete\Gadu-Gadu\gg.exe” [2006-11-14 11:12] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] “Office XP hack”=c:\office_patch.exe hack C:\DOCUME~1\ALLUSE~1\MENUST~1\Programy\AUTOST~1 Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-07-13 21:40:15] Kalendarz XP.lnk - D:\Program Files\Kalendarz XP\Kalendarz.exe [2007-07-17 16:12:52] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [2007-05-30 14:29] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^F-Secure Anti-Virus 2006.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Krystian^Menu Start^Programy^Autostart^UniSpiker-2.6.lnk] backup=C:\WINDOWS\pss\UniSpiker-2.6.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager] “D:\Program Files\F-Secure Internet Security\Common\FSM32.EXE” /splash [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Startup Wizard] “D:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE” /reboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB] “D:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe” /CHECKALL /WAITFORSW [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MKSRegmon] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mkstray] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mks_mail] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msvcc25] svcchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mysvcig38] mysvcc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD] D:\Program Files\Odkurzacz\odk_mcd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{3b7d5448-9c2c-11db-8360-0020ed839b95}] AutoRun\command- F:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{74c184a1-9a8c-11db-9b73-806d6172696f}] AutoRun\command- E:\setup.exe Contents of the ‘Scheduled Tasks’ folder 2007-07-13 15:39:38 C:\WINDOWS\tasks\1-Click Maintenance.job ************************************************************************** catchme 0.3.1040 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-19 12:51:33 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI scanning hidden processes … scanning hidden registry entries … disk error: C:\WINDOWS\system32\config\software disk error: C:\Documents and Settings\KRYSTIAN\ntuser.dat scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-19 12:51:52 C:\ComboFix-quarantined-files.txt … 2007-07-19 12:51 — E O F —

Złączono Posta : 19.07.2007 (Czw) 18:51

Chciałbym dodać, że właśnie skończyłem skanować komputer ewido oto raport po skanie

__________________________________________________ ewido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: TrackingCookie.Netflame Path: :mozilla.8:C:\Documents and Settings\Krystian\Dane aplikacji\Mozilla\Firefox\Profiles\vmrzqdmk.default\cookies.txt Risk: Medium Name: TrackingCookie.Webtrendslive Path: :mozilla.10:C:\Documents and Settings\Krystian\Dane aplikacji\Mozilla\Firefox\Profiles\vmrzqdmk.default\cookies.txt Risk: Medium Name: Trojan.Small.fb Path: C:\System Volume Information_restore{BA1EA6CC-5143-4738-B0B0-CE08ECAFF0EE}\RP143\A0055015.EXE Risk: High Name: Backdoor.Rizo.b Path: D:\System Volume Information_restore{928B8A94-E344-46E2-BB94-A39DE871C65C}\RP13\A0005248.exe Risk: High Name: Backdoor.Rizo.b Path: D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\VZL706HT\ho[1].exe Risk: High Name: Backdoor.Rizo.b Path: D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\YR22UD8Q\lam[1].exe Risk: High Name: Backdoor.Rizo.b Path: D:\WINDOWS\system32\NSecurity.exe Risk: High Name: Backdoor.Akbot.e Path: D:\WINDOWS\system32\slmss.exe Risk: High

Gutek · 19 Lipiec 2007 17:27

pliki do usuniecia

Pobierz tego ComboFix i daj log

krystian99901 · 19 Lipiec 2007 17:51

tych plików tam nie ma, widocznie ewido je usunęło

oto log z ComboFix:

“Krystian” - 2007-07-19 19:48:10 - ComboFix 07-07-14.6 - Dodatek Service Pack 2 FAT32 ((((((((((((((((((((((((( Files Created from 2007-06-19 to 2007-07-19 ))))))))))))))))))))))))))))))) 2007-07-19 12:50 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-19 12:46 6,870 --a------ C:\dnsbak.reg 2007-07-16 21:00 2007-07-16 20:07 2007-07-13 20:29 2007-07-13 19:36 72,234 --a------ C:\WINDOWS\BricoPackUninst.cmd 2007-07-13 19:34 5,376 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd 2007-07-13 19:34 2007-07-12 22:33 2007-07-12 22:32 2007-07-12 22:27 2007-07-12 15:33 2007-07-12 13:45 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll 2007-07-11 20:14 2007-07-07 10:29 2007-07-05 10:33 111,104 --a------ C:\WINDOWS\system32\uharc.exe 2007-07-04 14:43 2007-07-04 14:39 2,321,408 --a------ C:\WINDOWS\system32\TUKernel.exe 2007-07-03 17:17 2007-07-03 16:21 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll 2007-07-03 16:21 2007-07-03 16:21 2007-07-02 21:41 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe 2007-07-02 21:41 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-07-02 21:41 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-07-02 21:41 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-07-02 21:37 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2007-07-02 21:37 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2007-07-02 21:37 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2007-07-02 21:37 740,442 --a------ C:\WINDOWS\system32\DivX.dll 2007-07-02 21:37 73,728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-07-02 21:37 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll 2007-07-02 21:37 57,344 --a------ C:\WINDOWS\system32\dpv11.dll 2007-07-02 21:37 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll 2007-07-02 21:37 344,064 --a------ C:\WINDOWS\system32\dpus11.dll 2007-07-02 21:37 294,912 --a------ C:\WINDOWS\system32\dpu11.dll 2007-07-02 21:37 294,912 --a------ C:\WINDOWS\system32\dpu10.dll 2007-07-02 21:37 196,608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-07-02 21:36 124,472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe 2007-07-02 21:36 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll 2007-07-02 14:55 45,568 --a------ C:\WINDOWS\UniFish3.exe 2007-06-29 08:29 23 --ahs---- C:\WINDOWS\system32\fe6_r.dll 2007-06-28 13:38 2007-06-28 13:29 2007-06-27 15:11 98,304 --a------ C:\WINDOWS\system32\N2PUtil.dll 2007-06-27 15:11 28,672 --a------ C:\WINDOWS\system32\N2PAuto.exe 2007-06-27 15:11 2007-06-27 15:11 2007-06-27 12:17 2007-06-26 15:52 2007-06-26 14:24 2007-06-24 10:46 2007-06-24 10:46 2007-06-24 10:46 2007-06-24 10:46 2007-06-24 10:46 2007-06-23 18:57 2007-06-23 18:06 2007-06-19 19:28 2007-06-19 19:25 2007-06-19 16:35 569,344 --a------ C:\WINDOWS\system32\imagr5.dll 2007-06-19 16:35 544,768 --a------ C:\WINDOWS\system32\imagx5.dll 2007-06-19 16:35 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll 2007-06-19 16:35 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-06-19 16:15 2007-06-19 15:02 2007-06-19 14:10 5 --ahs---- C:\WINDOWS\system32\ddaecdf3_g.dll 2007-06-19 14:04 8,192 --a------ C:\WINDOWS\system32\cidaemon.exe 2007-06-19 08:52 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-13 17:36:46 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll 2007-07-11 18:13:52 10,368 ----a-w C:\WINDOWS\system32\drivers\pfc.sys 2007-07-11 08:26:16 79,408 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-07-11 08:26:16 458,022 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-07-01 09:35:34 737,280 ----a-w C:\WINDOWS\iun6002.exe 2007-06-20 06:46:18 0 ----a-w C:\adware.exe 2007-06-19 09:16:26 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-06-17 17:57:06 129,522 ----a-w C:\WINDOWS\system32\otjshx.exe 2007-06-17 15:04:28 0 ----a-w C:\CONFIG.SYS 2007-06-17 15:04:28 0 ----a-w C:\AUTOEXEC.BAT 2007-06-14 12:00:06 -------- d-----w C:\DOCUME~1\Krystian\DANEAP~1\Gadu-Gadu 2007-06-04 13:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2007-06-04 13:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-06-04 13:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys 2007-05-31 13:53:32 27 ----a-w C:\WINDOWS\tamer.bat 2007-05-16 15:18:58 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-08 18:23:10 10,752 ----a-w C:\WINDOWS\system32\ff_vfw.dll 2007-04-25 14:23:30 144,896 ----a-w C:\WINDOWS\system32\schannel.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{00C6482D-C502-44C8-8409-FCE54AD9C208}] 2007-02-06 09:08 63048 --a------ C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2003-11-04 01:17 54248 --a------ D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}] 2005-05-31 02:04 853672 --a------ D:\PROGRA~2\SPYBOT~1\SDHelper.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] C:\Program Files\Java\jre1.6.0\bin\ssv.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Gadu-Gadu”=“D:\Programy sciagniete\Gadu-Gadu\gg.exe” [2006-11-14 11:12] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] “Office XP hack”=c:\office_patch.exe hack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [2007-05-30 14:29] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^F-Secure Anti-Virus 2006.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Krystian^Menu Start^Programy^Autostart^UniSpiker-2.6.lnk] backup=C:\WINDOWS\pss\UniSpiker-2.6.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager] “D:\Program Files\F-Secure Internet Security\Common\FSM32.EXE” /splash [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Startup Wizard] “D:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE” /reboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB] “D:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe” /CHECKALL /WAITFORSW [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MKSRegmon] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mkstray] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mks_mail] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msvcc25] svcchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mysvcig38] mysvcc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD] D:\Program Files\Odkurzacz\odk_mcd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{3b7d5448-9c2c-11db-8360-0020ed839b95}] AutoRun\command- F:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{74c184a1-9a8c-11db-9b73-806d6172696f}] AutoRun\command- E:\setup.exe *Newly Created Service* - CATCHME Contents of the ‘Scheduled Tasks’ folder 2007-07-13 15:39:38 C:\WINDOWS\tasks\1-Click Maintenance.job ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-19 19:49:19 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI scanning hidden processes … CMD.EXE [2764] scanning hidden autostart entries … HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLs = ??? scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-19 19:49:37 C:\ComboFix-quarantined-files.txt … 2007-07-19 19:49 C:\ComboFix2.txt … 2007-07-19 12:51 — E O F —

Gutek · 19 Lipiec 2007 18:30

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

Do kasacji:

po tym nowy log z Combo

krystian99901 · 19 Lipiec 2007 18:55

Gutek2222

Przeczyściłem rejestr, wykasowałem pliki podane przez Ciebie

nowy log Combo:

“Krystian” - 2007-07-19 20:51:58 - ComboFix 07-07-14.6 - Dodatek Service Pack 2 FAT32 ((((((((((((((((((((((((( Files Created from 2007-06-19 to 2007-07-19 ))))))))))))))))))))))))))))))) 2007-07-19 20:37 2007-07-19 12:50 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-19 12:46 6,870 --a------ C:\dnsbak.reg 2007-07-16 21:00 2007-07-16 20:07 2007-07-13 20:29 2007-07-13 19:36 72,234 --a------ C:\WINDOWS\BricoPackUninst.cmd 2007-07-13 19:34 5,376 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd 2007-07-13 19:34 2007-07-12 22:33 2007-07-12 22:32 2007-07-12 22:27 2007-07-12 15:33 2007-07-12 13:45 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll 2007-07-11 20:14 2007-07-07 10:29 2007-07-05 10:33 111,104 --a------ C:\WINDOWS\system32\uharc.exe 2007-07-04 14:43 2007-07-04 14:39 2,321,408 --a------ C:\WINDOWS\system32\TUKernel.exe 2007-07-03 17:17 2007-07-03 16:21 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll 2007-07-03 16:21 2007-07-03 16:21 2007-07-02 21:41 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe 2007-07-02 21:41 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-07-02 21:41 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-07-02 21:41 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-07-02 21:37 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2007-07-02 21:37 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2007-07-02 21:37 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2007-07-02 21:37 740,442 --a------ C:\WINDOWS\system32\DivX.dll 2007-07-02 21:37 73,728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-07-02 21:37 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll 2007-07-02 21:37 57,344 --a------ C:\WINDOWS\system32\dpv11.dll 2007-07-02 21:37 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll 2007-07-02 21:37 344,064 --a------ C:\WINDOWS\system32\dpus11.dll 2007-07-02 21:37 294,912 --a------ C:\WINDOWS\system32\dpu11.dll 2007-07-02 21:37 294,912 --a------ C:\WINDOWS\system32\dpu10.dll 2007-07-02 21:37 196,608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-07-02 21:36 124,472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe 2007-07-02 21:36 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll 2007-06-28 13:38 2007-06-28 13:29 2007-06-27 15:11 98,304 --a------ C:\WINDOWS\system32\N2PUtil.dll 2007-06-27 15:11 28,672 --a------ C:\WINDOWS\system32\N2PAuto.exe 2007-06-27 15:11 2007-06-27 15:11 2007-06-27 12:17 2007-06-26 15:52 2007-06-26 14:24 2007-06-24 10:46 2007-06-24 10:46 2007-06-24 10:46 2007-06-24 10:46 2007-06-24 10:46 2007-06-23 18:57 2007-06-23 18:06 2007-06-19 19:28 2007-06-19 19:25 2007-06-19 16:35 569,344 --a------ C:\WINDOWS\system32\imagr5.dll 2007-06-19 16:35 544,768 --a------ C:\WINDOWS\system32\imagx5.dll 2007-06-19 16:35 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll 2007-06-19 16:35 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-06-19 15:02 2007-06-19 14:04 8,192 --a------ C:\WINDOWS\system32\cidaemon.exe 2007-06-19 08:52 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-13 17:36:46 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll 2007-07-11 18:13:52 10,368 ----a-w C:\WINDOWS\system32\drivers\pfc.sys 2007-07-11 08:26:16 79,408 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-07-11 08:26:16 458,022 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-07-01 09:35:34 737,280 ----a-w C:\WINDOWS\iun6002.exe 2007-06-20 06:46:18 0 ----a-w C:\adware.exe 2007-06-19 09:16:26 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-06-17 15:04:28 0 ----a-w C:\CONFIG.SYS 2007-06-17 15:04:28 0 ----a-w C:\AUTOEXEC.BAT 2007-06-14 12:00:06 -------- d-----w C:\DOCUME~1\Krystian\DANEAP~1\Gadu-Gadu 2007-06-04 13:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2007-06-04 13:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-06-04 13:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys 2007-05-31 13:53:32 27 ----a-w C:\WINDOWS\tamer.bat 2007-05-16 15:18:58 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-08 18:23:10 10,752 ----a-w C:\WINDOWS\system32\ff_vfw.dll 2007-04-25 14:23:30 144,896 ----a-w C:\WINDOWS\system32\schannel.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{00C6482D-C502-44C8-8409-FCE54AD9C208}] 2007-02-06 09:08 63048 --a------ C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2003-11-04 01:17 54248 --a------ D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}] 2005-05-31 02:04 853672 --a------ D:\PROGRA~2\SPYBOT~1\SDHelper.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Gadu-Gadu”=“D:\Programy sciagniete\Gadu-Gadu\gg.exe” [2006-11-14 11:12] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] “Office XP hack”=c:\office_patch.exe hack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [2007-05-30 14:29] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^F-Secure Anti-Virus 2006.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Krystian^Menu Start^Programy^Autostart^UniSpiker-2.6.lnk] backup=C:\WINDOWS\pss\UniSpiker-2.6.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager] “D:\Program Files\F-Secure Internet Security\Common\FSM32.EXE” /splash [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Startup Wizard] “D:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE” /reboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB] “D:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe” /CHECKALL /WAITFORSW [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MKSRegmon] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mkstray] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mks_mail] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msvcc25] svcchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mysvcig38] mysvcc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD] D:\Program Files\Odkurzacz\odk_mcd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{3b7d5448-9c2c-11db-8360-0020ed839b95}] AutoRun\command- F:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{74c184a1-9a8c-11db-9b73-806d6172696f}] AutoRun\command- E:\setup.exe Contents of the ‘Scheduled Tasks’ folder 2007-07-13 15:39:38 C:\WINDOWS\tasks\1-Click Maintenance.job ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-19 20:53:02 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI scanning hidden processes … CMD.EXE [252] scanning hidden autostart entries … HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLs = ??? scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-19 20:53:37 C:\ComboFix-quarantined-files.txt … 2007-07-19 20:53 C:\ComboFix3.txt … 2007-07-19 12:51 C:\ComboFix2.txt … 2007-07-19 19:49 — E O F —