Wirusy, wysakujace okienka, przeskakujace strony

oldzia007 · 17 Grudzień 2007 22:25

Czesc.

Ikony na pulpicie sa podswietlone oraz wyskakuja strony reklamowe-same z siebie.

[Logfile of HijackThis v1.99.1

Scan saved at 22:19, on 2007-12-17

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZCfgSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\S24EvMon.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\System32\DVDRAMSV.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\RegSrvc.exe

C:\Program Files\Spyware Doctor\svcntaux.exe

C:\Program Files\Spyware Doctor\swdsvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\Spyware Doctor\SDTrayApp.exe

C:\WINDOWS\System32\svchost.exe

c:\toshiba\ivp\swupdate\swupdtmr.exe

C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe

C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe

C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\1XConfig.exe

C:\WINDOWS\System32\00THotkey.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE

C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE

C:\WINDOWS\system32\TFNF5.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\Toshiba\TAudEffect\TAudEff.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\TOSHIBA\IVP\ISM\pinger.exe

C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\WINDOWS\mrofinu572.exe

C:\Program Files\ComPlus Applications\howyjosu77798.exe

C:\Program Files\Common Files\ConfidentUser\strpmon.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Ares\Ares.exe

C:\WINDOWS\MCROSO~1.NET\wuaclt.exe

C:\WINDOWS??crosoft\l?ass.exe

C:\Program Files\WinAble\winable.exe

C:\Documents and Settings\User\Application Data\WinTouch\WinTouch.exe

C:\Documents and Settings\User\Application Data\Microsoft\Windows\mjsbwn.exe

C:\WINDOWS\System32\dlcccoms.exe

C:\Program Files\Router\Router.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\WINDOWS\system32\RAMASST.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Documents and Settings\Administrator\My Documents\antywirusy\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshiba.com/

O4 - HKLM…\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe

O4 - HKLM…\Run: [000StTHK] 000StTHK.exe

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM…\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM…\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM…\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM…\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon

O4 - HKLM…\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service

O4 - HKLM…\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client

O4 - HKLM…\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe

O4 - HKLM…\Run: [TFNF5] TFNF5.exe

O4 - HKLM…\Run: [TPSMain] TPSMain.exe

O4 - HKLM…\Run: [TFncKy] TFncKy.exe

O4 - HKLM…\Run: [TosHKCW.exe] “C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe”

O4 - HKLM…\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM…\Run: [TAudEffect] C:\Program Files\Toshiba\TAudEffect\TAudEff.exe /run

O4 - HKLM…\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM…\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run

O4 - HKLM…\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe

O4 - HKLM…\Run: [dlccmon.exe] “C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe”

O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM…\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM…\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime

O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM…\Run: [sony Ericsson PC Suite] “C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions

O4 - HKLM…\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139

O4 - HKLM…\Run: [howyjosu] C:\Program Files\ComPlus Applications\howyjosu77798.exe

O4 - HKLM…\Run: [bm] “C:\Program Files\Common Files\SpyGuardPro\bm.exe” dm=http://spyguardpro.com ad=http://spyguardpro.com sd=http://ykeeper.spyguardpro.com

O4 - HKLM…\Run: [ptask] C:\Program Files\SpyGuardPro\ptask.exe

O4 - HKLM…\Run: [salestart] “C:\Program Files\Common Files\ConfidentUser\strpmon.exe” dm=http://confidentuser.com ad=http://confidentuser.com sd=http://inspaid.confidentuser.com

O4 - HKLM…\Run: [sDTray] “C:\Program Files\Spyware Doctor\SDTrayApp.exe”

O4 - HKCU…\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU…\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU…\Run: [ares] “C:\Program Files\Ares\Ares.exe” -h

O4 - HKCU…\Run: [uuse] “C:\WINDOWS\MCROSO~1.NET\wuaclt.exe” -vt yazb

O4 - HKCU…\Run: [Wjpqo] C:\WINDOWS??crosoft\l?ass.exe

O4 - HKCU…\Run: [WinAble] C:\Program Files\WinAble\winable.exe

O4 - HKCU…\Run: [WinTouch] C:\Documents and Settings\User\Application Data\WinTouch\WinTouch.exe

O4 - HKCU…\Run: [sfKg6w] C:\Documents and Settings\User\Application Data\Microsoft\Windows\mjsbwn.exe

O4 - HKCU…\Run: [Router] C:\Program Files\Router\Router.exe

O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VXNlcg\command.exe

O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\System32\dlcccoms.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe

O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service (file missing)

O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)

]

Gutek · 17 Grudzień 2007 22:31

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222

Pobierz program SDFix

oldzia007 · 17 Grudzień 2007 23:14

Problem z wykonaniem polecen. Po uruchomieniu SDFixx i wybraniu y pojawia sie informacja ‘starting repairs’ oraz 'checking running processes po czym okno dialogowe znika i pozostaje czarny pusty ekran.

Podobna sytuacja zaistaniala po uzyciu programy combofix z ta roznica, ze dokonczyl skanowanie i jak tylko zaczal usuwac problemy czesto pojawiala sie informacja ‘access is denied’ po czym wszystko zniknelo.

W tej chwili nie mam juz zadnych ikonek na pulpicie i sama juz nie wiem jak udalo mi sie wejsc na te strone.

boczi · 17 Grudzień 2007 23:21

Proszę zastosować się do poleceń Gutek2222 i edytować swój pierwszy post.

oldzia007 · 18 Grudzień 2007 19:11

Komputer sie jakby “wyspal” i udalo sie uruchomic SDFIX.(Mozliwe takze ,ze to ja cos poknocilam)

Oto raport:

SDFix: Version 1.118 Run by Administrator on Tue 12/18/2007 at 06:39 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting… Normal Mode: Checking Files: Trojan Files Found: C:\PROGRA~1\MSN\PROKYB~1.HTM - Deleted C:\PROGRA~1\MSN\LABUMU~1 - Deleted C:\PROGRA~1\COMPLU~1\HOWYJO~1.EXE - Deleted C:\WINDOWS\mrofinu572.exe.tmp - Deleted C:\Program Files\Common Files\Yazzle1281OinAdmin.exe - Deleted C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe - Deleted C:\Program Files.autoreg - Deleted C:\WINDOWS\mrofinu1000106.exe - Deleted C:\WINDOWS\mrofinu572.exe - Deleted C:\WINDOWS\mrofinu572.exe.tmp - Deleted C:\WINDOWS\system32\atmtd.dll - Deleted C:\WINDOWS\system32\atmtd.dll._ - Deleted C:\WINDOWS\uninstall_nmon.vbs - Deleted Folder C:\Program Files\InetGet2 - Removed Folder C:\Program Files\Network Monitor - Removed Folder C:\Program Files\Temporary - Removed Folder C:\Program Files\WinAble - Removed Folder C:\Temp\1cb - Removed Removing Temp Files… ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-18 18:54:16 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes … scanning hidden services & system hive … scanning hidden registry entries … scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] “C:\Program Files\Ares\Ares.exe”=“C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows” “C:\Program Files\Skype\Phone\Skype.exe”=“C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype” [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: Tue 30 Oct 2007 5,903,928 A…H. — “C:\Program Files\Picasa2\setup.exe” Tue 2 Aug 2005 187,904 A.SHR — “C:\WINDOWS\VXNlcg\asappsrv.dll” Sun 19 Aug 2007 4,348 …SH. — “C:\Documents and Settings\All Users\DRM\DRMv1.bak” Fri 27 Jul 2007 0 A.SH. — “C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp” Wed 12 Dec 2007 0 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT3.tmp” Wed 12 Dec 2007 0 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT1.tmp” Wed 12 Dec 2007 0 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT5.tmp” Wed 19 Sep 2007 0 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\5b662b7887793c36c7b10d29ea0e0cdc\BIT3.tmp” Wed 12 Dec 2007 0 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\b69c46c5109d0f8b0dee9fab84906813\BIT4.tmp” Wed 12 Dec 2007 0 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT6.tmp” Wed 12 Dec 2007 0 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\fa6c916bb150f8a929e7a4ffdfbc120f\BIT2.tmp” Finished!

I teraz log z combofix:

ComboFix 07-12-18.1 - Administrator 2007-12-18 20:13:24.9 - NTFSx86 MINIMAL Running from: C:\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\Documents and Settings\NetworkService\Application Data\NetMon C:\Documents and Settings\User\ResErrors.log C:\Documents and Settings\User\Start Menu\Programs\Outerinfo C:\Documents and Settings\User\Start Menu\Programs\Outerinfo\Terms.lnk C:\Documents and Settings\User\Start Menu\Programs\Outerinfo\Uninstall.lnk C:\Program Files\outerinfo C:\WINDOWS\crosof~1 C:\WINDOWS\mcroso~1.net C:\WINDOWS\mcroso~1.net\M?crosoft.NET\ C:\WINDOWS\system32\opnkkkh.dll C:\WINDOWS\system32\ssqqrqo.dll C:\WINDOWS\system32\uuutv.ini C:\WINDOWS\system32\uuutv.ini2 C:\WINDOWS\system32\vtuuu.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_CMDSERVICE -------\LEGACY_NETWORK_MONITOR -------\cmdService -------\Network Monitor ((((((((((((((((((((((((( Files Created from 2007-11-18 to 2007-12-18 ))))))))))))))))))))))))))))))) . 2007-12-18 20:08 . 2007-12-18 20:08 1,477,761 --a------ C:\ComboFix.exe 2007-12-18 18:31 . 2007-12-18 18:31 1,224,787 --a------ C:\SDFix.exe 2007-12-17 19:38 . 2007-12-17 19:38 2007-12-17 19:32 . 2007-12-17 20:21 2007-12-17 19:32 . 2007-12-17 19:32 2007-12-17 19:32 . 2007-12-17 19:32 2007-12-17 19:09 . 2007-12-17 19:09 2007-12-17 19:09 . 2007-12-17 19:09 2007-12-17 19:09 . 2007-12-17 19:09 2007-12-17 19:08 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll 2007-12-17 19:07 . 2007-12-17 19:46 2007-12-17 18:53 . 2007-12-18 00:05 2007-12-17 18:53 . 2007-12-17 18:53 2007-12-17 18:53 . 2007-12-17 18:53 2007-12-17 18:53 . 2007-12-17 18:53 2007-12-17 18:53 . 2007-12-17 18:53 2007-12-16 11:24 . 2007-12-16 11:24 2007-12-03 23:11 . 2004-08-03 23:00 22,016 --a------ C:\WINDOWS\system32\drivers\MSIRCOMM.sys 2007-12-03 23:11 . 2004-08-03 23:00 22,016 --a–c— C:\WINDOWS\system32\dllcache\msircomm.sys 2007-12-03 21:04 . 2007-12-03 21:04 2007-12-03 20:42 . 2007-12-03 21:13 97 --a------ C:\WINDOWS\WirelessFTP.INI 2007-12-03 20:17 . 2006-09-18 14:58 97,184 -ra------ C:\WINDOWS\system32\drivers\SE27mdm.sys 2007-12-03 20:17 . 2006-09-18 14:59 90,800 -ra------ C:\WINDOWS\system32\drivers\se27unic.sys 2007-12-03 20:17 . 2006-09-18 14:58 88,688 -ra------ C:\WINDOWS\system32\drivers\SE27mgmt.sys 2007-12-03 20:17 . 2006-09-18 14:59 86,560 -ra------ C:\WINDOWS\system32\drivers\SE27obex.sys 2007-12-03 20:17 . 2006-09-18 14:59 18,704 -ra------ C:\WINDOWS\system32\drivers\se27nd5.sys 2007-12-03 20:17 . 2006-09-18 14:58 9,360 -ra------ C:\WINDOWS\system32\drivers\SE27mdfl.sys 2007-12-03 20:17 . 2006-09-18 14:58 6,240 -ra------ C:\WINDOWS\system32\drivers\SE27cmnt.sys 2007-12-03 20:17 . 2006-09-18 14:58 6,240 -ra------ C:\WINDOWS\system32\drivers\SE27cm.sys 2007-12-03 20:17 . 2006-09-18 14:58 4,128 -ra------ C:\WINDOWS\system32\drivers\se27cr.sys 2007-12-03 20:12 . 2006-09-18 14:58 61,600 -ra------ C:\WINDOWS\system32\drivers\SE27bus.sys 2007-12-03 20:12 . 2006-09-18 14:59 5,872 -ra------ C:\WINDOWS\system32\drivers\SE27whnt.sys 2007-12-03 20:12 . 2006-09-18 14:59 5,872 -ra------ C:\WINDOWS\system32\drivers\SE27wh.sys 2007-12-03 20:12 . 2007-12-03 20:12 0 --a------ C:\WINDOWS\mngui.INI 2007-12-03 20:11 . 2007-12-03 23:11 2007-12-03 20:07 . 2007-12-03 20:07 2007-12-03 20:02 . 2007-12-03 20:02 2007-12-03 20:02 . 2007-12-03 20:02 2007-12-03 20:01 . 2007-12-03 20:01 2007-12-03 20:01 . 2007-12-03 20:01 2007-12-03 20:01 . 2007-12-03 20:02 2007-12-03 20:01 . 2007-12-03 20:02 2007-12-03 19:55 . 2007-12-11 20:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-03 19:55 . 2007-12-03 19:55 1,409 --a------ C:\WINDOWS\QTFont.for . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-18 18:36 --------- d—a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-12-16 21:10 --------- d-----w C:\Documents and Settings\User\Application Data\Skype 2007-12-13 06:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2007-12-10 21:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-12-05 00:17 --------- d-----w C:\Documents and Settings\User\Application Data\Nokia Multimedia Player 2007-12-05 00:15 --------- d-----w C:\Documents and Settings\User\Application Data\Nokia 2007-12-04 23:39 --------- d-----w C:\Documents and Settings\User\Application Data\PC Suite 2007-12-03 20:00 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-11-20 23:42 --------- d-----w C:\Program Files\Dl_cats 2007-11-17 15:04 --------- d-----w C:\Program Files\Microsoft Works 2007-11-13 19:07 --------- d-----w C:\Documents and Settings\User\Application Data\Simply Super Software 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-10 20:29 --------- d-----w C:\Program Files\Picasa2 2007-11-10 13:42 --------- d-----w C:\Program Files\CDCopy 2007-11-10 12:53 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-11-02 21:38 4,680 ----a-w C:\WINDOWS\system32\tmp.reg 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-28 19:33 --------- d-----w C:\Program Files\Murator 2007-10-28 19:14 --------- d-----w C:\Program Files\3k 2007-10-28 15:57 --------- d-----w C:\Program Files\Common Files\Adobe 2007-10-28 13:48 --------- d-----w C:\Program Files\Common Files\SWF Studio 2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-26 16:31 --------- d-----w C:\Program Files\Common Files\Real 2007-09-26 21:33 2,647,172 ----a-w C:\icytower(dobreprogramy.pl).exe 2005-08-02 16:46 187,904 --sha-r C:\WINDOWS\VXNlcg\asappsrv.dll 2005-07-29 16:24 472 --sha-r C:\WINDOWS\VXNlcg\prh5w0.vbs . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE~\Browser Helper Objects{77AD0C91-34CC-4579-9FB5-213FA57596B8}] C:\Program Files\MSN\labumu356.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{B8CCC722-8C59-42FC-9176-4F5005E685D6}] C:\Program Files\Messenger\hope83122.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NVIEW”=“nview.dll” [2003-12-10 14:50 C:\WINDOWS\system32\nview.dll] “TOSCDSPD”=“C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe” [2003-09-05 11:24] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 16:24] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 07:56] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “00THotkey”=“C:\WINDOWS\System32\00THotkey.exe” [2003-11-21 22:49] “000StTHK”=“000StTHK.exe” [2001-06-24 04:28 C:\WINDOWS\system32\000StTHK.exe] “NvCplDaemon”=“RUNDLL32.exe” [2004-08-04 07:56 C:\WINDOWS\system32\rundll32.exe] “nwiz”=“nwiz.exe” [2003-12-10 14:50 C:\WINDOWS\system32\nwiz.exe] “LtMoh”=“C:\Program Files\ltmoh\Ltmoh.exe” [2003-01-03 00:16] “AGRSMMSG”=“AGRSMMSG.exe” [2003-04-18 19:20 C:\WINDOWS\agrsmmsg.exe] “Apoint”=“C:\Program Files\Apoint2K\Apoint.exe” [2003-10-31 00:46] “TMESRV.EXE”=“C:\Program Files\TOSHIBA\TME3\TMESRV31.exe” [2003-12-10 04:50] “TMERzCtl.EXE”=“C:\Program Files\TOSHIBA\TME3\TMERzCtl.exe” [2003-10-07 01:43] “TMESBS.EXE”=“C:\Program Files\TOSHIBA\TME3\TMESBS32.exe” [2003-08-01 22:56] “DpUtil”=“C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe” [2003-11-12 04:19] “TFNF5”=“TFNF5.exe” [2003-11-18 03:42 C:\WINDOWS\system32\TFNF5.exe] “TPSMain”=“TPSMain.exe” [2003-12-15 19:54 C:\WINDOWS\system32\TPSMain.exe] “TFncKy”=“TFncKy.exe” [] “TosHKCW.exe”=“C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe” [2002-09-09 23:07] “SmoothView”=“C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe” [2003-12-03 20:26] “TAudEffect”=“C:\Program Files\Toshiba\TAudEffect\TAudEff.exe” [2003-12-26 00:17] “ezShieldProtector for Px”=“C:\WINDOWS\System32\ezSP_Px.exe” [2002-08-20 18:29] “Pinger”=“C:\TOSHIBA\IVP\ISM\pinger.exe” [2005-03-17 15:37] “PRONoMgr.exe”=“c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe” [2003-12-10 09:36] “dlccmon.exe”=“C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe” [2005-07-22 19:03] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2007-05-14 22:22] “RealTray”=“C:\Program Files\Real\RealPlayer\RealPlay.exe” [] “DLCCCATS”=“C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll” [2005-06-07 18:38] “QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2004-01-14 23:33] “PCSuiteTrayApplication”=“C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe” [2007-06-18 14:10] “Sony Ericsson PC Suite”=“C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” [2006-11-24 01:06] “howyjosu”=“C:\Program Files\ComPlus Applications\howyjosu77798.exe” [] “bm”=“C:\Program Files\Common Files\SpyGuardPro\bm.exe” [] “ptask”=“C:\Program Files\SpyGuardPro\ptask.exe” [] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “Nokia.PCSync”=“C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2007-06-19 09:17] “DWQueuedReporting”=“C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” [2007-02-26 08:01] “Picasa Media Detector”=“C:\Program Files\Picasa2\PicasaMediaDetector.exe” [2007-09-28 01:17] C:\Documents and Settings\User\Start Menu\Programs\Startup\ Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 13:06:14] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 13:06:14] RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2004-01-14 22:38:08] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring] c:\WINDOWS\System32\LgNotify.dll 2003-12-16 23:49 110592 c:\WINDOWS\system32\LgNotify.dll S1 TMEI3E;TMEI3E;C:\WINDOWS\system32\Drivers\TMEI3E.SYS [2002-09-26 21:15] S2 Tmesbs;Tmesbs32;“C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe” /Service [] S3 portio;TPM Service;C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys [2003-12-17 04:08] S3 TEchoCan;Toshiba Audio Effect;C:\WINDOWS\system32\DRIVERS\TEchoCan.sys [2004-01-10 03:26] S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2003-02-04 20:12] . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-18 20:16:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-18 20:17:39 . 2007-12-17 20:54:26 — E O F —

Gutek · 18 Grudzień 2007 21:13

Wklej do Notatnika:

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2t=29id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2t=29id=509

Opis RegCleaner - http://www.agavk.p9.pl/strony/progra_regcleaner.php

Zobacz - Obsługa jv16 PowerTools

oldzia007 · 18 Grudzień 2007 22:21

Mam nadzieje,ze tym razem zrobilam wszystko jak powinnam.

Nowy log:

ComboFix 07-12-19.2 - User 2007-12-18 22:12:22.10 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.201 [GMT 0:00] Running from: C:\ComboFix.exe Command switches used :: C:\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Temp\tpBe12 C:\Temp\tpBe12\etFr.log C:\WINDOWS\system32\ineWc01 C:\WINDOWS\system32\ineWc01\ineWc011065.exe C:\WINDOWS\system32\qui4 C:\WINDOWS\system32\qui4\qopre83122.exe C:\WINDOWS\system32\zfd1 C:\WINDOWS\system32\zfd1\kolcidr311.exe C:\WINDOWS\VXNlcg C:\WINDOWS\VXNlcg\asappsrv.dll C:\WINDOWS\VXNlcg\prh5w0.vbs . ((((((((((((((((((((((((( Files Created from 2007-11-19 to 2007-12-19 ))))))))))))))))))))))))))))))) . 2007-12-18 20:08 . 2007-12-18 22:08 1,478,174 --a------ C:\ComboFix.exe 2007-12-18 18:31 . 2007-12-18 18:31 1,224,787 --a------ C:\SDFix.exe 2007-12-17 19:38 . 2007-12-17 19:38 2007-12-17 19:32 . 2007-12-17 20:21 2007-12-17 19:32 . 2007-12-17 19:32 2007-12-17 19:32 . 2007-12-17 19:32 2007-12-17 19:09 . 2007-12-17 19:09 2007-12-17 19:09 . 2007-12-17 19:09 2007-12-17 19:09 . 2007-12-17 19:09 2007-12-17 19:08 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll 2007-12-17 19:07 . 2007-12-17 19:46 2007-12-16 11:24 . 2007-12-16 11:24 2007-12-03 23:11 . 2004-08-03 23:00 22,016 --a------ C:\WINDOWS\system32\drivers\MSIRCOMM.sys 2007-12-03 23:11 . 2004-08-03 23:00 22,016 --a–c— C:\WINDOWS\system32\dllcache\msircomm.sys 2007-12-03 21:04 . 2007-12-03 21:04 2007-12-03 20:42 . 2007-12-03 21:13 97 --a------ C:\WINDOWS\WirelessFTP.INI 2007-12-03 20:17 . 2006-09-18 14:58 97,184 -ra------ C:\WINDOWS\system32\drivers\SE27mdm.sys 2007-12-03 20:17 . 2006-09-18 14:59 90,800 -ra------ C:\WINDOWS\system32\drivers\se27unic.sys 2007-12-03 20:17 . 2006-09-18 14:58 88,688 -ra------ C:\WINDOWS\system32\drivers\SE27mgmt.sys 2007-12-03 20:17 . 2006-09-18 14:59 86,560 -ra------ C:\WINDOWS\system32\drivers\SE27obex.sys 2007-12-03 20:17 . 2006-09-18 14:59 18,704 -ra------ C:\WINDOWS\system32\drivers\se27nd5.sys 2007-12-03 20:17 . 2006-09-18 14:58 9,360 -ra------ C:\WINDOWS\system32\drivers\SE27mdfl.sys 2007-12-03 20:17 . 2006-09-18 14:58 6,240 -ra------ C:\WINDOWS\system32\drivers\SE27cmnt.sys 2007-12-03 20:17 . 2006-09-18 14:58 6,240 -ra------ C:\WINDOWS\system32\drivers\SE27cm.sys 2007-12-03 20:17 . 2006-09-18 14:58 4,128 -ra------ C:\WINDOWS\system32\drivers\se27cr.sys 2007-12-03 20:12 . 2006-09-18 14:58 61,600 -ra------ C:\WINDOWS\system32\drivers\SE27bus.sys 2007-12-03 20:12 . 2006-09-18 14:59 5,872 -ra------ C:\WINDOWS\system32\drivers\SE27whnt.sys 2007-12-03 20:12 . 2006-09-18 14:59 5,872 -ra------ C:\WINDOWS\system32\drivers\SE27wh.sys 2007-12-03 20:12 . 2007-12-03 20:12 0 --a------ C:\WINDOWS\mngui.INI 2007-12-03 20:11 . 2007-12-03 23:11 2007-12-03 20:07 . 2007-12-03 20:07 2007-12-03 20:02 . 2007-12-03 20:02 2007-12-03 20:02 . 2007-12-03 20:02 2007-12-03 20:01 . 2007-12-03 20:01 2007-12-03 20:01 . 2007-12-03 20:01 2007-12-03 20:01 . 2007-12-03 20:02 2007-12-03 20:01 . 2007-12-03 20:02 2007-12-03 19:55 . 2007-12-11 20:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-03 19:55 . 2007-12-03 19:55 1,409 --a------ C:\WINDOWS\QTFont.for . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-18 22:04 --------- d-----w C:\Program Files\Dl_cats 2007-12-18 18:36 --------- d—a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-12-16 21:10 --------- d-----w C:\Documents and Settings\User\Application Data\Skype 2007-12-13 06:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2007-12-10 21:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-12-05 00:17 --------- d-----w C:\Documents and Settings\User\Application Data\Nokia Multimedia Player 2007-12-05 00:15 --------- d-----w C:\Documents and Settings\User\Application Data\Nokia 2007-12-04 23:39 --------- d-----w C:\Documents and Settings\User\Application Data\PC Suite 2007-12-03 20:00 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-11-17 15:04 --------- d-----w C:\Program Files\Microsoft Works 2007-11-13 19:07 --------- d-----w C:\Documents and Settings\User\Application Data\Simply Super Software 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-10 20:29 --------- d-----w C:\Program Files\Picasa2 2007-11-10 13:42 --------- d-----w C:\Program Files\CDCopy 2007-11-10 12:53 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-11-02 21:38 4,680 ----a-w C:\WINDOWS\system32\tmp.reg 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-28 19:33 --------- d-----w C:\Program Files\Murator 2007-10-28 19:14 --------- d-----w C:\Program Files\3k 2007-10-28 15:57 --------- d-----w C:\Program Files\Common Files\Adobe 2007-10-28 13:48 --------- d-----w C:\Program Files\Common Files\SWF Studio 2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-26 16:31 --------- d-----w C:\Program Files\Common Files\Real 2007-09-26 21:33 2,647,172 ----a-w C:\icytower(dobreprogramy.pl).exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE~\Browser Helper Objects{77AD0C91-34CC-4579-9FB5-213FA57596B8}] C:\Program Files\MSN\labumu356.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{B8CCC722-8C59-42FC-9176-4F5005E685D6}] C:\Program Files\Messenger\hope83122.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NVIEW”=“nview.dll” [2003-12-10 14:50 C:\WINDOWS\system32\nview.dll] “TOSCDSPD”=“C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe” [2003-09-05 11:24] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 07:56] “swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2007-07-25 17:05] “ares”=“C:\Program Files\Ares\Ares.exe” [2007-05-04 00:32] “Uuse”=“C:\WINDOWS\MCROSO~1.NET\wuaclt.exe” [] “Wjpqo”=“C:\WINDOWS??crosoft\l?ass.exe” [] “Router”=“C:\Program Files\Router\Router.exe” [2007-12-17 19:07] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “00THotkey”=“C:\WINDOWS\System32\00THotkey.exe” [2003-11-21 22:49] “000StTHK”=“000StTHK.exe” [2001-06-24 04:28 C:\WINDOWS\system32\000StTHK.exe] “NvCplDaemon”=“RUNDLL32.exe” [2004-08-04 07:56 C:\WINDOWS\system32\rundll32.exe] “nwiz”=“nwiz.exe” [2003-12-10 14:50 C:\WINDOWS\system32\nwiz.exe] “LtMoh”=“C:\Program Files\ltmoh\Ltmoh.exe” [2003-01-03 00:16] “AGRSMMSG”=“AGRSMMSG.exe” [2003-04-18 19:20 C:\WINDOWS\agrsmmsg.exe] “Apoint”=“C:\Program Files\Apoint2K\Apoint.exe” [2003-10-31 00:46] “TMESRV.EXE”=“C:\Program Files\TOSHIBA\TME3\TMESRV31.exe” [2003-12-10 04:50] “TMERzCtl.EXE”=“C:\Program Files\TOSHIBA\TME3\TMERzCtl.exe” [2003-10-07 01:43] “TMESBS.EXE”=“C:\Program Files\TOSHIBA\TME3\TMESBS32.exe” [2003-08-01 22:56] “DpUtil”=“C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe” [2003-11-12 04:19] “TFNF5”=“TFNF5.exe” [2003-11-18 03:42 C:\WINDOWS\system32\TFNF5.exe] “TPSMain”=“TPSMain.exe” [2003-12-15 19:54 C:\WINDOWS\system32\TPSMain.exe] “TFncKy”=“TFncKy.exe” [] “TosHKCW.exe”=“C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe” [2002-09-09 23:07] “SmoothView”=“C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe” [2003-12-03 20:26] “TAudEffect”=“C:\Program Files\Toshiba\TAudEffect\TAudEff.exe” [2003-12-26 00:17] “ezShieldProtector for Px”=“C:\WINDOWS\System32\ezSP_Px.exe” [2002-08-20 18:29] “Pinger”=“C:\TOSHIBA\IVP\ISM\pinger.exe” [2005-03-17 15:37] “PRONoMgr.exe”=“c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe” [2003-12-10 09:36] “dlccmon.exe”=“C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe” [2005-07-22 19:03] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2007-05-14 22:22] “RealTray”=“C:\Program Files\Real\RealPlayer\RealPlay.exe” [] “DLCCCATS”=“C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll” [2005-06-07 18:38] “QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2004-01-14 23:33] “PCSuiteTrayApplication”=“C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe” [2007-06-18 14:10] “Sony Ericsson PC Suite”=“C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” [2006-11-24 01:06] “howyjosu”=“C:\Program Files\ComPlus Applications\howyjosu77798.exe” [] “bm”=“C:\Program Files\Common Files\SpyGuardPro\bm.exe” [] “ptask”=“C:\Program Files\SpyGuardPro\ptask.exe” [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] “SpybotSnD”=“C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe” [2005-05-31 00:04] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “Nokia.PCSync”=“C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2007-06-19 09:17] “DWQueuedReporting”=“C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” [2007-02-26 08:01] “Picasa Media Detector”=“C:\Program Files\Picasa2\PicasaMediaDetector.exe” [2007-09-28 01:17] C:\Documents and Settings\User\Start Menu\Programs\Startup\ Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 13:06:14] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 13:06:14] RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2004-01-14 22:38:08] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source= C:\Program Files\MSN\prokybo.html FriendlyName= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring] c:\WINDOWS\System32\LgNotify.dll 2003-12-16 23:49 110592 c:\WINDOWS\system32\LgNotify.dll R1 TMEI3E;TMEI3E;C:\WINDOWS\system32\Drivers\TMEI3E.SYS [2002-09-26 21:15] R2 Tmesbs;Tmesbs32;“C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe” /Service [] R3 TEchoCan;Toshiba Audio Effect;C:\WINDOWS\system32\DRIVERS\TEchoCan.sys [2004-01-10 03:26] S3 portio;TPM Service;C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys [2003-12-17 04:08] S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2003-02-04 20:12] . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-19 22:14:32 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-19 22:15:42 C:\ComboFix2.txt … 2007-12-18 20:17 . 2007-12-17 20:54:26 — E O F —

Gutek · 19 Grudzień 2007 20:01

Optymalizacja XP: viewtopic.php?t=76580

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

Opis RegCleaner - http://www.agavk.p9.pl/strony/progra_regcleaner.php

Zobacz - Obsługa jv16 PowerTools

oldzia007 · 20 Grudzień 2007 23:59

Wyczyscilam dysk i przeprowadzilam defragmentacje, uzylam takze regcleaner. Wszystko dziala jak powinno, a nawet lepiej. Tak tylko dla pewnosci wkleje jeszcze log z hj(zastanawia mnie czy widac efekty:) )

Kolejny raz dziekuje za pomoc, przez duze ‘d’.

[Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:52:21 PM, on 12/21/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\S24EvMon.exe

C:\WINDOWS\system32\ZCfgSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe

C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE

C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE

C:\WINDOWS\system32\TFNF5.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\Program Files\Toshiba\TAudEffect\TAudEff.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe

C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\System32\00THotkey.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Router\Router.exe

C:\Program Files\Ares\Ares.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\System32\DVDRAMSV.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\RegSrvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

c:\toshiba\ivp\swupdate\swupdtmr.exe

C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe

C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\WINDOWS\System32\dlcccoms.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\1XConfig.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\WINDOWS\system32\wuauclt.exe

C:\TOSHIBA\IVP\ISM\ivpsvmgr.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\WINDOWS\System32\imapi.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshiba.com/

O2 - BHO: 0 - {77AD0C91-34CC-4579-9FB5-213FA57596B8} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll

O2 - BHO: (no name) - {B8CCC722-8C59-42FC-9176-4F5005E685D6} - (no file)

O4 - HKLM…\Run: [bm] “C:\Program Files\Common Files\SpyGuardPro\bm.exe” dm=http://spyguardpro.com ad=http://spyguardpro.com sd=http://ykeeper.spyguardpro.com

O4 - HKLM…\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM…\Run: [TPSMain] TPSMain.exe

O4 - HKLM…\Run: [TosHKCW.exe] “C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe”

O4 - HKLM…\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon

O4 - HKLM…\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client

O4 - HKLM…\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service

O4 - HKLM…\Run: [TFNF5] TFNF5.exe

O4 - HKLM…\Run: [TFncKy] TFncKy.exe

O4 - HKLM…\Run: [TAudEffect] C:\Program Files\Toshiba\TAudEffect\TAudEff.exe /run

O4 - HKLM…\Run: [sony Ericsson PC Suite] “C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions

O4 - HKLM…\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM…\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime

O4 - HKLM…\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe

O4 - HKLM…\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run

O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM…\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM…\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe

O4 - HKLM…\Run: [dlccmon.exe] “C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe”

O4 - HKLM…\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16

O4 - HKLM…\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM…\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM…\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe

O4 - HKLM…\Run: [000StTHK] 000StTHK.exe

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [Wjpqo] C:\WINDOWS??crosoft\l?ass.exe

O4 - HKCU…\Run: [uuse] “C:\WINDOWS\MCROSO~1.NET\wuaclt.exe” -vt yazb

O4 - HKCU…\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU…\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU…\Run: [Router] C:\Program Files\Router\Router.exe

O4 - HKCU…\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU…\Run: [ares] “C:\Program Files\Ares\Ares.exe” -h

O4 - HKUS\S-1-5-18…\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User ‘SYSTEM’)

O4 - HKUS\S-1-5-18…\Run: [DWQueuedReporting] “C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” -t (User ‘SYSTEM’)

O4 - HKUS\S-1-5-18…\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User ‘Default user’)

O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne … nicode.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll