Witam, po krotce mój problem. Od jakiegoś czasu w moim komputerze grzebie wstyd sie przyznac , mój tato który został pasjonatem stron erotycznych…(bez komentarza), nie zwróce mu uwagi bo mi niezręcznie, myśli staruszek że nikt nie wie…ale nie o tym, przy okazji ściąga jak domniemam mnóstwo brudków, próbowałam po omacku cos tam działać żeby to jakoś pracowało, ale jak ściagnęłam spyware doctora to mi ręce opadły jakieś 500 infekcji…, avast znalazl jakiegos dialera-1080 o ktorym nic nie moge znaleźć na żadnym forum, wiec odważyłam się poczytać i prosić o jakąś pomoc i sprawdzenie czy sie da jeszcze uratowac moj kompik, zrobiłam te logi z hijaka i silenta, też nie wiem czy wkleje poprawnie ale spróbuje. jestem poprostu laikiem…
Logfile of HijackThis v1.99.1 Scan saved at 00:05:49, on 2007-11-05 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Topro\tppoll.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Realtek\Rtl8180\RtlWake.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\xxxx\USTAWI~1\Temp\Rar$EX00.688\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.10.69 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM…\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM…\Run: [soundMAX] “C:\Program Files\Analog Devices\SoundMAX\Smax4.exe” /tray O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [Anti-Trojan-Watch] C:\Program Files\Anti-Trojan-55\ATWatch.exe O4 - HKLM…\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM…\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM…\Run: [tppoll] C:\Program Files\Topro\tppoll.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [Adobe Photo Downloader] “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe” O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” O4 - HKLM…\Run: [sDTray] “C:\Program Files\Spyware Doctor\SDTrayApp.exe” O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\PowerGG.exe” O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: RtlWake.lnk = ? O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {A67BA5E3-5B79-11D6-A711-00C12601EA00} - http://www2.babajaga.pl/wejscie/+/5/babajaga.exe O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} - http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip…{10C5523D-525D-4236-A69D-AAFE95AA704D}: NameServer = 192.168.10.1,217.98.56.2 O17 - HKLM\System\CS1\Services\Tcpip…{10C5523D-525D-4236-A69D-AAFE95AA704D}: NameServer = 192.168.10.1,217.98.56.2 O17 - HKLM\System\CS2\Services\Tcpip…{10C5523D-525D-4236-A69D-AAFE95AA704D}: NameServer = 192.168.10.1,217.98.56.2 O17 - HKLM\System\CS3\Services\Tcpip…{10C5523D-525D-4236-A69D-AAFE95AA704D}: NameServer = 192.168.10.1,217.98.56.2 O17 - HKLM\System\CS4\Services\Tcpip…{10C5523D-525D-4236-A69D-AAFE95AA704D}: NameServer = 192.168.10.1,217.98.56.2 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
“Silent Runners.vbs”, revision 52, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”] “swg” = “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [“Google Inc.”] “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\PowerGG.exe”” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “SoundMAXPnP” = “C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe” [“Analog Devices, Inc.”] “SoundMAX” = ““C:\Program Files\Analog Devices\SoundMAX\Smax4.exe” /tray” [“Analog Devices, Inc.”] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit” [MS] “NeroCheck” = “C:\WINDOWS\System32\NeroCheck.exe” [“Ahead Software Gmbh”] “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [“ALWIL Software”] “AT-Watch” = “(empty string)” [file not found] “Anti-Trojan-Watch” = “C:\Program Files\Anti-Trojan-55\ATWatch.exe” [file not found] “CamMonitor” = “C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe” [empty string] “Share-to-Web Namespace Daemon” = “C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe” [“Hewlett-Packard”] “tppoll” = “C:\Program Files\Topro\tppoll.exe” [null data] “NeroFilterCheck” = “C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [“Nero AG”] “Adobe Photo Downloader” = ““C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe”” [“Adobe Systems Incorporated”] “Adobe Reader Speed Launcher” = ““C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”” [“Adobe Systems Incorporated”] “SDTray” = ““C:\Program Files\Spyware Doctor\SDTrayApp.exe”” [“PC Tools”] HKLM\Software\Microsoft\Active Setup\Installed Components\ >{881dd1c5-3dcf-431b-b061-f3f88e8be88a}(Default) = “Outlook Express” \StubPath = “C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “Adobe PDF Reader Link Helper” \InProcServer32(Default) = “C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {22BF413B-C6D2-4d91-82A9-A0F997BA588C}(Default) = “Skype add-on (mastermind)” -> {HKLM…CLSID} = “Skype add-on (mastermind)” \InProcServer32(Default) = “C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll” [“Skype Technologies S.A.”] {AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided) -> {HKLM…CLSID} = “Google Toolbar Helper” \InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}(Default) = (no title provided) -> {HKLM…CLSID} = “Google Toolbar Notifier BHO” \InProcServer32(Default) = “C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll” [“Google Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL” [MS] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}” = “NeroCoverEd Live Icons” -> {HKLM…CLSID} = “NeroCoverEdLiveIcons Class” \InProcServer32(Default) = “C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll” [“Nero AG”] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}” -> {HKLM…CLSID} = “WPDShServiceObj Class” \InProcServer32(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ 7-Zip(Default) = “{23170F69-40C1-278A-1000-000100020000}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\7-Zip\7-zipn.dll” [“Igor Pavlov”] avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] Cover Designer(Default) = “{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}” -> {HKLM…CLSID} = “NeroCoverEdContextMenu Class” \InProcServer32(Default) = “C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll” [“Nero AG”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ 7-Zip(Default) = “{23170F69-40C1-278A-1000-000100020000}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\7-Zip\7-zipn.dll” [“Igor Pavlov”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ 7-Zip(Default) = “{23170F69-40C1-278A-1000-000100020000}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\7-Zip\7-zipn.dll” [“Igor Pavlov”] avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be enabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Active Desktop web content (hidden if disabled): HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\2\ “FriendlyName” = “” “Source” = “file:///C:/DOCUME~1/xxxx/USTAWI~1/Temp/msoclip1/01/clip_image002.jpg” “SubscribedURL” = “file:///C:/DOCUME~1/xxxx/USTAWI~1/Temp/msoclip1/01/clip_image002.jpg” HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\3\ “FriendlyName” = “” “Source” = “http://big.fingo.info/iza/zdjecia/25tc.jpg ” “SubscribedURL” = “http://big.fingo.info/iza/zdjecia/25tc.jpg ” Startup items in “xxxx” & “All Users” startup folders: ------------------------------------------------------ C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “NkbMonitor.exe” -> shortcut to: “C:\Program Files\Nikon\PictureProject\NkbMonitor.exe” [“Nikon Corporation”] “RtlWake” -> shortcut to: “C:\Program Files\Realtek\Rtl8180\RtlWake.exe” [empty string] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided) -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {77BF5300-1474-4EC7-9980-D32B190E9B07}\ “ButtonText” = “Skype” “CLSIDExtension” = “{77BF5300-1474-4EC7-9980-D32B190E9B07}” -> {HKLM…CLSID} = “Skype add-on (button)” \InProcServer32(Default) = “C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll” [“Skype Technologies S.A.”] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [“ALWIL Software”] avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [“ALWIL Software”] avast! Mail Scanner, avast! Mail Scanner, ““C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\System32\nvsvc32.exe” [“NVIDIA Corporation”] PC Tools Auxiliary Service, sdAuxService, “C:\Program Files\Spyware Doctor\svcntaux.exe” [“PC Tools”] PC Tools Security Service, sdCoreService, “C:\Program Files\Spyware Doctor\swdsvc.exe” [“PC Tools”] SoundMAX Agent Service, SoundMAX Agent Service (default), “C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe” [“Analog Devices, Inc.”] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Monitor języka BJ\Driver = “CNBJMON.DLL” [MS] ---------- (launch time: 2007-11-05 00:01:14) + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 110 seconds, including 31 seconds for message boxes)
jessica
(jessica)
5 Listopad 2007 10:42
#2
>>Hijack>>scan(Do a system scan only)>>zaznacz (V) >> Fix checked .
Znasz to ?
Jeśli nie, to też sfiksuj w Hijacku.
Nic tu więcej podejrzanego nie widzę.
Możesz dać jeszcze log z ComboFix
Log wklej na http://wklej.org/ , a w poście daj tylko link.(czyli skopiuj adres z paska adresów) .
jessi
jessica, bardzo dziękuje za rady, zrobiłam jak poleciłaś, dodaje link. sprawdzam jeszcze avastem czy jest ten dialer ale strasznie wolno chodzi,…własnie sie znalazł, niestety siedzi C:\System Volume Information_restore{C3ECE69C-A59B-4DBA-9CBF-D57860EAD372}\RP117\A0018547.exe[uPX], (link do antydialera od kolegi z góry ma niepełne archiwum i nie da się otworzyć niestety) nie wiem czy to ma znaczenie ale np. gdy na stronie jest coś w formacie pdf. to acrobat płacze że nie może otworzyć, może jakaś dobra rada , i ostatni mój dylemat odnośnie plików które są w kwarantannie spyware doctora(jest ich sporo i różniste), naprawde nie mam pojęcia co mam z nimi zrobić … czy moge usunąć? czy muszą tam być , a jeżeli tak to jak długo? a gdybym chciała odinstalować ten program to co będzie z tymi insektami co w środku siedzą? jeżeli ktoś znajdzie chwilę na moje być może śmieszne problemy to będę bardzo wdzięczna… :lol: aaaa no i jak zablokować strony erotyczne to podstawa, pozdrawiam.
http://up.wklej.org/download.php?id=5e6 … 02667f7f73
jessica
(jessica)
5 Listopad 2007 12:44
#4
wirusa z folderu “System Volume Information” można usunąć najlepiej poprzez chwilowe wyłączenie “Przywracania Systemu”:
>>Panel Sterowania>>System>>Przywracanie Systemu>>zaznacz w okienku przy “Wyłącz przywracanie na wszystkich dyskach”>>Zastosuj>>OK.
Potem możesz powrócić do poprzedniego ustawienia (czyli usunąć zaznaczenie z okienka przy “Wyłącz…”
zamiast Adobe Readera lepiej jest używać "Foxit Readera–>http://dobreprogramy.pl/index.php?dz=2&id=1332&t=33 .
Jest lżejszy niż Adobe, ja go używam.
szkodniki z Kwarantanny Spybota oczywiście usuń już teraz, po co Ci one?
jessi