Arco
(Arco)
13 Styczeń 2008 07:14
#1
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:11:36, on 2008-01-13
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe
C:\PROGRA~1\ArcaBit\ARCAUP~1\update.exe
C:\Program Files\ArcaBit\ArcaVir\FileMonSV.exe
C:\Program Files\ArcaBit\ArcaVir\NetMonSV.exe
C:\Program Files\ArcaBit\Common\TaskScheduler.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe
C:\Program Files\ArcaBit\ArcaVir\ABregmon.exe
C:\Program Files\F-Group\Absolute StartUp\ASMon.exe
C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ashampoo\Ashampoo Magical UnInstall\MagicalUnInstall.exe
C:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKLM\..\Run: [ABRegmon] C:\Program Files\ArcaBit\ArcaVir\ABregmon.exe
O4 - HKLM\..\Run: [Absolute StartUp monitor] C:\Program Files\F-Group\Absolute StartUp\ASMon.exe
O4 - HKLM\..\Run: [ArcaCheck] C:\Program Files\ArcaBit\ArcaVir\ArcaCheck.exe /startup
O4 - HKLM\..\Run: [AvMenu] C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [MagUninstall] "C:\Program Files\Ashampoo\Ashampoo Magical UnInstall\MagicalUnInstall.exe"
O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll
O9 - Extra 'Tools' menuitem: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - D:\Spik\url_wpmsg.dll
O20 - Winlogon Notify: TS_LogonListener - C:\WINDOWS\SYSTEM32\TS_LogonListener.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - d:\a-squared free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ArcaBit FileMonitor (ABFileMon) - ArcaBit - C:\Program Files\ArcaBit\ArcaVir\FileMonSV.exe
O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit - C:\Program Files\ArcaBit\ArcaVir\NetMonSV.exe
O23 - Service: ArcaBit.Core.Configurator - ArcaBit - C:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe
O23 - Service: ArcaBit.Core.LoggingService - ArcaBit - C:\Program Files\ArcaBit\Common\ArcaBit.Core.LoggingService.exe
O23 - Service: ArcaBit.TaskScheduler - ArcaBit - C:\Program Files\ArcaBit\Common\TaskScheduler.exe
O23 - Service: ArcaBit Update Service (AVUpdate) - ArcaBit - C:\PROGRA~1\ArcaBit\ARCAUP~1\update.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 6082 bytes
Gutek
(Gutek)
13 Styczeń 2008 10:52
#2
Pulpit => PPM => Rozmieść ikony według => Autorozmieszczenie (wyłącz)
HJT Ok, ale jak usuniesz te wpisy powinno być Ok
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
Arco
(Arco)
13 Styczeń 2008 12:03
#3
Usunołem 06 nie pomogło dam jeszcze loga Silent Runners
“Silent Runners.vbs”, revision 45, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “a-squared” = ““C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe” /d=60” [“Emsi Software GmbH”] “ABRegmon” = “C:\Program Files\ArcaBit\ArcaVir\ABregmon.exe” [“ArcaBit”] “Absolute StartUp monitor” = “C:\Program Files\F-Group\Absolute StartUp\ASMon.exe” [“F-Group Software”] “ArcaCheck” = “C:\Program Files\ArcaBit\ArcaVir\ArcaCheck.exe /startup” [“ArcaBit”] “AvMenu” = “C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe” [“ArcaBit”] “DU Meter” = “C:\Program Files\DU Meter\DUMeter.exe” [“Hagel Technologies Ltd”] “MagUninstall” = ““C:\Program Files\Ashampoo\Ashampoo Magical UnInstall\MagicalUnInstall.exe”” [“ashampoo GmbH & Co. KG”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{30D02401-6A81-11d0-8274-00C04FD5AE38}” = “IE Search Band” -> {HKLM…CLSID} = “IE Search Band” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}” = “Shell DocObject Viewer” -> {HKLM…CLSID} = “Shell DocObject Viewer” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{FBF23B40-E3F0-101B-8488-00AA003E56F8}” = “InternetShortcut” -> {HKLM…CLSID} = “Internet Shortcut” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{3C374A40-BAE4-11CF-BF7D-00AA006946EE}” = “Microsoft Url History Service” -> {HKLM…CLSID} = “Microsoft Url History Service” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{FF393560-C2A7-11CF-BFF4-444553540000}” = “History” -> {HKLM…CLSID} = “History” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{7BD29E00-76C1-11CF-9DD0-00A0C9034933}” = “Temporary Internet Files” -> {HKLM…CLSID} = “Temporary Internet Files” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{7BD29E01-76C1-11CF-9DD0-00A0C9034933}” = “Temporary Internet Files” -> {HKLM…CLSID} = “Temporary Internet Files” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{CFBFAE00-17A6-11D0-99CB-00C04FD64497}” = “Microsoft Url Search Hook” -> {HKLM…CLSID} = “Microsoft Url Search Hook” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}” = “The Internet” -> {HKLM…CLSID} = “The Internet” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{871C5380-42A0-1069-A2EA-08002B30309D}” = “Internet Name Space” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{07C45BB1-4A8C-4642-A1F5-237E7215FF66}” = “IE Microsoft BrowserBand” -> {HKLM…CLSID} = “IE Microsoft BrowserBand” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{1C1EDB47-CE22-4bbb-B608-77B48F83C823}” = “IE Fade Task” -> {HKLM…CLSID} = “IE Fade Task” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{205D7A97-F16D-4691-86EF-F3075DCCA57D}” = “IE Menu Desk Bar” -> {HKLM…CLSID} = “IE Menu Desk Bar” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{3028902F-6374-48b2-8DC6-9725E775B926}” = “IE AutoComplete” -> {HKLM…CLSID} = “IE AutoComplete” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{43886CD5-6529-41c4-A707-7B3C92C05E68}” = “IE Navigation Bar” -> {HKLM…CLSID} = “IE Navigation Bar” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{44C76ECD-F7FA-411c-9929-1B77BA77F524}” = “IE Menu Site” -> {HKLM…CLSID} = “IE Menu Site” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{4B78D326-D922-44f9-AF2A-07805C2A3560}” = “IE Menu Band” -> {HKLM…CLSID} = “IE Menu Band” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{6038EF75-ABFC-4e59-AB6F-12D397F6568D}” = “IE Microsoft History AutoComplete List” -> {HKLM…CLSID} = “IE Microsoft History AutoComplete List” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}” = “IE Tracking Shell Menu” -> {HKLM…CLSID} = “IE Tracking Shell Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{6CF48EF8-44CD-45d2-8832-A16EA016311B}” = “IE IShellFolderBand” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{73CFD649-CD48-4fd8-A272-2070EA56526B}” = “IE BandProxy” -> {HKLM…CLSID} = “IE BandProxy” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}” = “IE MRU AutoComplete List” -> {HKLM…CLSID} = “IE MRU AutoComplete List” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E}” = “IE RSS Feeder Folder” -> {HKLM…CLSID} = “IE RSS Feeds Folder” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}” = “IE Microsoft Shell Folder AutoComplete List” -> {HKLM…CLSID} = “IE Microsoft Shell Folder AutoComplete List” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{B31C5FAE-961F-415b-BAF0-E697A5178B94}” = “IE Microsoft Multiple AutoComplete List Container” -> {HKLM…CLSID} = “IE Microsoft Multiple AutoComplete List Container” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}” = “Microsoft Browser Architecture” -> {HKLM…CLSID} = “Microsoft Browser Architecture” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}” = “IE Shell Rebar BandSite” -> {HKLM…CLSID} = “IE Shell Rebar BandSite” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{E6EE9AAC-F76B-4947-8260-A9F136138E11}” = “IE Shell Band Site Menu” -> {HKLM…CLSID} = “IE Shell Band Site Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{F2CF5485-4E02-4f68-819C-B92DE9277049}” = “&Links” -> {HKLM…CLSID} = “&Links” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}” = “IE Registry Tree Options Utility” -> {HKLM…CLSID} = “IE Registry Tree Options Utility” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}” = “IE User Assist” -> {HKLM…CLSID} = “IE User Assist” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}” = “IE Custom MRU AutoCompleted List” -> {HKLM…CLSID} = “IE Custom MRU AutoCompleted List” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}” = “TuneUp Shredder Shell Extension” -> {HKLM…CLSID} = “TuneUp Shredder Shell Extension” \InProcServer32(Default) = “C:\Program Files\TuneUp Utilities 2006\SDShelEx-win32.dll” [“TuneUp Software GmbH”] “{44440D00-FF19-4AFC-B765-9A0970567D97}” = “TuneUp Theme Extension” -> {HKLM…CLSID} = “TuneUp Theme Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\uxtuneup.dll” [“TuneUp Software GmbH”] “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” = “UnlockerShellExtension” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “C:\Program Files\Unlocker\UnlockerCOM.dll” [null data] “{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682}” = “IZArc DragDrop Menu” -> {HKLM…CLSID} = “IZArc DragDrop Menu” \InProcServer32(Default) = “C:\PROGRA~1\IZArc\IZArcCM.dll” [null data] “{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}” = “IZArc Shell Context Menu” -> {HKLM…CLSID} = “IZArc Shell Context Menu” \InProcServer32(Default) = “C:\PROGRA~1\IZArc\IZArcCM.dll” [null data] “{640167b4-59b0-47a6-b335-a6b3c0695aea}” = “Portable Media Devices” -> {HKLM…CLSID} = “Portable Media Devices” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{35786D3C-B075-49b9-88DD-029876E11C01}” = “Portable Devices” -> {HKLM…CLSID} = “Portable Devices” \InProcServer32(Default) = “C:\WINDOWS\system32\wpdshext.dll” [MS] “{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}” = “Portable Devices Menu” -> {HKLM…CLSID} = “Portable Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\wpdshext.dll” [MS] “{e82a2d71-5b2f-43a0-97b8-81be15854de8}” = “ShellLink for Application References” -> {HKLM…CLSID} = “ShellLink for Application References” \InProcServer32(Default) = “C:\WINDOWS\system32\dfshim.dll” [MS] “{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}” = “Shell Icon Handler for Application References” -> {HKLM…CLSID} = “Shell Icon Handler for Application References” \InProcServer32(Default) = “C:\WINDOWS\system32\dfshim.dll” [MS] “{0563DB41-F538-4B37-A92D-4659049B7766}” = “WLMD Message Handler” -> {HKLM…CLSID} = “CLSID_WLMCMimeFilter” \InProcServer32(Default) = “C:\Program Files\Windows Live\Mail\mailcomm.dll” [MS] “{97e467b4-98c6-4f19-9588-161b7773d6f6}” = “Office Document Property Handler” -> {HKLM…CLSID} = “Office Document Property Handler” \InProcServer32(Default) = “C:\WINDOWS\system32\propsys.dll” [MS] “{97090E2F-3062-4459-855B-014F0D3CDBB1}” = “Windows Search Deskbar” -> {HKCU…CLSID} = “Pasek wyszukiwania z pulpitu systemu Windows” \InProcServer32(Default) = “C:\Program Files\Windows Desktop Search\deskbar.dll” [MS] -> {HKLM…CLSID} = “Windows Search Deskbar” \InProcServer32(Default) = “C:\Program Files\Windows Desktop Search\deskbar.dll” [MS] “{13E7F612-F261-4391-BEA2-39DF4F3FA311}” = “Windows Desktop Search” -> {HKLM…CLSID} = “Windows Desktop Search” \InProcServer32(Default) = “C:\Program Files\Windows Desktop Search\msnlExt.dll” [MS] “{00F33137-EE26-412F-8D71-F84E4C2C6625}” = (no title provided) -> {HKLM…CLSID} = “Windows Live Photo Gallery Import Autoplay Shim” \InProcServer32(Default) = “C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll” [MS] “{00F346CB-35A4-465B-8B8F-65A29DBAB1F6}” = “Windows Live Photo Gallery Viewer Drop Target Shim” -> {HKLM…CLSID} = “Windows Live Photo Gallery Viewer Shim” \InProcServer32(Default) = “C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll” [MS] “{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D}” = “Windows Live Photo Gallery Editor Drop Target Shim” -> {HKLM…CLSID} = “Windows Live Photo Gallery Editor Shim” \InProcServer32(Default) = “C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll” [MS] “{00F30F90-3E96-453B-AFCD-D71989ECC2C7}” = “Windows Live Photo Gallery Autoplay Drop Target Shim” -> {HKLM…CLSID} = “Windows Live Photo Gallery Viewer Autoplay Shim” \InProcServer32(Default) = “C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll” [MS] “{AB77609F-2178-4E6F-9C4B-44AC179D937A}” = “a-squared Anti-Malware Shell Extension” -> {HKLM…CLSID} = “a-squared Anti-Malware Shell Extension” \InProcServer32(Default) = “C:\Program Files\a-squared Anti-Malware\a2contmenu.dll” [“Emsi Software GmbH”] “{03DAACC5-10BA-4E3E-9D54-2A569F6B4B87}” = “Sony Ericsson File Manager” -> {HKLM…CLSID} = “Sony Ericsson File Manager” \InProcServer32(Default) = “C:\Program Files\Sony Ericsson\Mobile2\File Manager\FM.dll” [“Popwire AB”] “{738D66C6-0149-4D40-84E4-A7BB2D0CE949}” = “Sony Ericsson File Manager” -> {HKLM…CLSID} = “Sony Ericsson File Manager” \InProcServer32(Default) = “C:\Program Files\Sony Ericsson\Mobile2\File Manager\FM.dll” [“Popwire AB”] “{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}” = “Microsoft Office Thumbnail Handler” -> {HKLM…CLSID} = “Microsoft Office Thumbnail Handler” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll” [MS] “{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}” = “Microsoft Office Metadata Handler” -> {HKLM…CLSID} = “Microsoft Office Metadata Handler” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office12\msohevi.dll” [MS] “{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}” = “Microsoft Office OneNote Namespace Extension for Windows Desktop Search” -> {HKLM…CLSID} = “Microsoft Office OneNote Namespace Extension for Windows Desktop Search” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~4\Office12\ONFILTER.DLL” [MS] “{D7824897-C8DC-49b4-B790-30F7ED16A5FD}” = “ArcaVir Shell Extension” -> {HKLM…CLSID} = “ArcaVir Shell Extension” \InProcServer32(Default) = “C:\Program Files\ArcaBit\arcavir\avshell.dll” [null data] “{B4B924A2-EBDA-11DA-95DA-00E08161165F}” = “Dodatki Spika” -> {HKLM…CLSID} = “SpikShellExt Class” \InProcServer32(Default) = “D:\Spik\shellext_wpmsg.dll” [“Wirtualna Polska”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! “{56F9679E-7826-4C84-81F3-532071A8BCC5}” = (no title provided) -> {HKLM…CLSID} = “Windows Desktop Search Namespace Manager” \InProcServer32(Default) = “C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}” -> {HKLM…CLSID} = “WPDShServiceObj Class” \InProcServer32(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll” [MS] HKLM\System\CurrentControlSet\Control\Session Manager\ INFECTION WARNING! “BootExecute” = “OOBCPRO autocheck autochk * lsdelete” [file not found], [file not found], [MS], [file not found], [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! TS_LogonListener\DLLName = “TS_LogonListener.dll” [“ArcaBit sp. z o.o.”] INFECTION WARNING! WgaLogon\DLLName = “WgaLogon.dll” [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ INFECTION WARNING! taskmgr.exe\Debugger = “C:\Program Files\TuneUp Utilities 2006\PMLauncher.exe” [“TuneUp Software GmbH”] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = “{807563E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = “Microsoft Office InfoPath XML Mime Filter” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ ArcaVirShell(Default) = “{D7824897-C8DC-49b4-B790-30F7ED16A5FD}” -> {HKLM…CLSID} = “ArcaVir Shell Extension” \InProcServer32(Default) = “C:\Program Files\ArcaBit\arcavir\avshell.dll” [null data] IZArcCM(Default) = “{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}” -> {HKLM…CLSID} = “IZArc Shell Context Menu” \InProcServer32(Default) = “C:\PROGRA~1\IZArc\IZArcCM.dll” [null data] Spik(Default) = “{B4B924A2-EBDA-11DA-95DA-00E08161165F}” -> {HKLM…CLSID} = “SpikShellExt Class” \InProcServer32(Default) = “D:\Spik\shellext_wpmsg.dll” [“Wirtualna Polska”] TuneUp Shredder Shell Extension(Default) = “{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}” -> {HKLM…CLSID} = “TuneUp Shredder Shell Extension” \InProcServer32(Default) = “C:\Program Files\TuneUp Utilities 2006\SDShelEx-win32.dll” [“TuneUp Software GmbH”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ IZArcCM(Default) = “{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}” -> {HKLM…CLSID} = “IZArc Shell Context Menu” \InProcServer32(Default) = “C:\PROGRA~1\IZArc\IZArcCM.dll” [null data] TuneUp Shredder Shell Extension(Default) = “{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}” -> {HKLM…CLSID} = “TuneUp Shredder Shell Extension” \InProcServer32(Default) = “C:\Program Files\TuneUp Utilities 2006\SDShelEx-win32.dll” [“TuneUp Software GmbH”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ a-squared Anti-Malware Shell Extension(Default) = “{AB77609F-2178-4E6F-9C4B-44AC179D937A}” -> {HKLM…CLSID} = “a-squared Anti-Malware Shell Extension” \InProcServer32(Default) = “C:\Program Files\a-squared Anti-Malware\a2contmenu.dll” [“Emsi Software GmbH”] ArcaVirShell(Default) = “{D7824897-C8DC-49b4-B790-30F7ED16A5FD}” -> {HKLM…CLSID} = “ArcaVir Shell Extension” \InProcServer32(Default) = “C:\Program Files\ArcaBit\arcavir\avshell.dll” [null data] Spik(Default) = “{B4B924A2-EBDA-11DA-95DA-00E08161165F}” -> {HKLM…CLSID} = “SpikShellExt Class” \InProcServer32(Default) = “D:\Spik\shellext_wpmsg.dll” [“Wirtualna Polska”] UnlockerShellExtension(Default) = “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “C:\Program Files\Unlocker\UnlockerCOM.dll” [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp” Startup items in “Arco” & “All Users” startup folders: ------------------------------------------------------ C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Kalendarz XP” -> shortcut to: “C:\Program Files\Kalendarz XP\Kalendarz.exe” [null data] Enabled Scheduled Tasks: ------------------------ “1-Click Maintenance” -> launches: “C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe /schedulestart” [“TuneUp Software GmbH”] “MP Scheduled Scan” -> launches: “C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges” [file not found] “Sprawdź aktualizacje paska narzędzi Windows Live Toolbar” -> launches: “C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {40525A66-DB98-480D-BCF9-7AF88C1AF438}\ “ButtonText” = “ArcaVir >>” “MenuText” = “ArcaVir >>” “CLSIDExtension” = “{40525A66-DB98-480D-BCF9-7AF88C1AF438}” -> {HKLM…CLSID} = “ArcaExtIE Class” \InProcServer32(Default) = “C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll” [“ArcaBit sp. z o.o”] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ “MenuText” = “@xpsp3res.dll ,-20001” “Exec” = “%windir%\Network Diagnostic\xpnetdiag.exe” [MS] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to “Reset Web Settings”) Added lines (compared with English-language version): [strings]: START_PAGE_URL=“http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ” [strings]: MS_START_PAGE_URL=“http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ” Missing lines (compared with English-language version): [strings]: 2 lines HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ “{EF99BD32-C1FB-11D2-892F-0090271D4F88}” = (no title provided) -> {HKLM…CLSID} = “Yahoo! Toolbar” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”] HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ HIJACK WARNING! “NavigationFailure” = “res://ieframe.dll/navcancl.htm” [MS] HIJACK WARNING! “DesktopItemNavigationFailure” = “res://ieframe.dll/navcancl.htm” [MS] HIJACK WARNING! “NavigationCanceled” = “res://ieframe.dll/navcancl.htm” [MS] HIJACK WARNING! “OfflineInformation” = “res://ieframe.dll/offcancl.htm” [MS] HIJACK WARNING! “PostNotCached” = “res://ieframe.dll/repost.htm” [MS] HIJACK WARNING! “TuneUp” = “file://C|/Documents and Settings/All Users/Dane aplikacji/TuneUp Software/Common/base.css” [file not found] HIJACK WARNING! “NoAdd-ons” = “res://ieframe.dll/noaddon.htm” [MS] HIJACK WARNING! “NoAdd-onsInfo” = “res://ieframe.dll/noaddoninfo.htm” [MS] HIJACK WARNING! “SecurityRisk” = “res://ieframe.dll/securityatrisk.htm” [MS] HIJACK WARNING! “Tabs” = “res://ieframe.dll/tabswelcome.htm” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ a-squared Anti-Malware Service, a2AntiMalware, ““C:\Program Files\a-squared Anti-Malware\a2service.exe”” [“Emsi Software GmbH”] ArcaBit FileMonitor, ABFileMon, ““C:\Program Files\ArcaBit\ArcaVir\FileMonSV.exe”” [“ArcaBit”] ArcaBit NetMonitor, ABNetMon, “C:\Program Files\ArcaBit\ArcaVir\NetMonSV.exe” [“ArcaBit”] ArcaBit Update Service, AVUpdate, “C:\PROGRA~1\ArcaBit\ARCAUP~1\update.exe” [“ArcaBit”] ArcaBit.Core.Configurator, ArcaBit.Core.Configurator, ““C:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe”” [“ArcaBit”] ArcaBit.TaskScheduler, ArcaBit.TaskScheduler, ““C:\Program Files\ArcaBit\Common\TaskScheduler.exe”” [“ArcaBit”] TuneUp Design Expansion, UxTuneUp, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\uxtuneup.dll” [“TuneUp Software GmbH”]} Usługa wyszukiwania systemu Windows, WSearch, “C:\WINDOWS\system32\SearchIndexer.exe /Embedding” [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer “No” at the first message box. ---------- (total run time: 23 seconds, including 5 seconds for message boxes)
Gutek
(Gutek)
13 Styczeń 2008 12:26
#4
Gdy wyłączysz ArcaBit - działa?
Pulpit => PPM => Rozmieść ikony według => Autorozmieszczenie (wyłącz)
TuneUp Utilities 2006 - co robiłeś?
Coś namieszałeś a ja nie wiem co robiłeś wczoraj?
Daj log z ComboFix z trybu awaryjnynego
Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350
Arco
(Arco)
13 Styczeń 2008 13:02
#5
Gdy wyłączysz ArcaBit - działa?
Pulpit => PPM => Rozmieść ikony według => Autorozmieszczenie (wyłącz)
tak mam wyłączone
“Arco” - 2008-01-13 13:52:32 Dodatek Service Pack 2 [sAFE MODE] ComboFix 07-05.21.6.V - Running from: “J:\Programy do kasowania syf” ((((((((((((((((((((((((((((((( Files Created from 2007-12-01 to 2008-01-13 )))))))))))))))))))))))))))))))))) 2008-01-13 13:45 49,152 --a------ C:\WINDOWS\nircmd.exe 2008-01-11 20:57 83,392 --a------ C:\WINDOWS\system32\prfc0415.dat 2008-01-11 20:57 470,628 --a------ C:\WINDOWS\system32\prfh0415.dat 2008-01-11 20:06 2008-01-11 19:38 2008-01-11 19:38 2008-01-11 19:36 2008-01-11 08:33 2008-01-10 10:22 2008-01-07 10:50 2008-01-07 10:47 2008-01-06 11:07 2008-01-05 17:24 2008-01-04 20:08 2008-01-04 17:08 6,553,600 --a------ C:\DOCUME~1\Arco\ntuser.dat 2008-01-04 17:08 1,200,128 --a------ C:\DOCUME~1\LOCALS~1\ntuser.dat 2008-01-03 14:11 2008-01-02 19:47 2008-01-02 19:46 2008-01-01 21:30 2008-01-01 21:26 2008-01-01 21:26 2008-01-01 21:26 2007-12-19 13:45 2007-12-16 20:22 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2007-12-16 20:22 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2007-12-16 14:28 2007-12-15 11:58 2007-12-15 11:56 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-12-15 11:56 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-12-15 11:56 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2007-12-15 11:56 2007-12-13 21:18 2007-12-13 21:18 2007-12-13 21:18 2007-12-13 21:18 2007-12-13 20:54 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-12-13 20:54 2007-12-13 20:54 2007-12-13 20:54 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2008-01-13 12:49:30 -------- d-----w C:\Program Files\Kalendarz XP 2008-01-13 12:06:12 -------- d-----w C:\DOCUME~1\Arco\DANEAP~1\The Bat! Pwd 2008-01-12 09:02:00 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-01-11 22:08:46 -------- d-----w C:\Program Files\a-squared Anti-Malware 2008-01-11 19:05:10 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-01-11 18:52:34 -------- d-----w C:\Program Files\jv16 PowerTools 2008-01-11 18:38:37 -------- d-----w C:\Program Files\VS Revo Group 2008-01-11 18:38:08 -------- d-----w C:\Program Files\WINnerTweak3 2008-01-11 18:38:05 -------- d-----w C:\Program Files\TuneUp Utilities 2006 2008-01-11 18:15:17 84,400 ----a-w C:\WINDOWS\system32\perfc015.dat 2008-01-11 18:15:17 472,662 ----a-w C:\WINDOWS\system32\perfh015.dat 2008-01-11 11:01:56 11,720 ----a-w C:\WINDOWS\unins000.dat 2008-01-10 09:11:45 -------- d-----w C:\Program Files\Advanced System Optimizer 2008-01-04 15:46:01 -------- d-----w C:\Program Files\Yahoo! 2008-01-04 15:46:01 -------- d-----w C:\Program Files\Xvid 2008-01-04 15:46:01 -------- d-----w C:\Program Files\WinSysClean 2007 2008-01-04 15:46:01 -------- d-----w C:\Program Files\altcmd 2008-01-04 15:46:01 -------- d-----w C:\Program Files\Acronis 2008-01-04 15:46:01 -------- d-----w C:\Program Files\1-abc 2008-01-04 15:46:00 -------- d–h--w C:\Program Files\WindowsUpdate 2008-01-04 15:46:00 -------- d-----w C:\Program Files\Windows NT 2008-01-04 15:46:00 -------- d-----w C:\Program Files\Windows Media Connect 2 2008-01-04 15:46:00 -------- d-----w C:\Program Files\Windows Live Toolbar 2008-01-04 15:46:00 -------- d-----w C:\Program Files\Windows Live 2008-01-04 15:46:00 -------- d-----w C:\Program Files\Windows Desktop Search 2008-01-04 15:46:00 -------- d-----w C:\Program Files\VIA 2008-01-04 15:46:00 -------- d-----w C:\Program Files\Usługi online 2008-01-04 15:46:00 -------- d-----w C:\Program Files\UltraISO 2008-01-04 15:46:00 -------- d-----w C:\Program Files\Trend Micro 2008-01-04 15:46:00 -------- d-----w C:\Program Files\The Bat! 2008-01-04 15:46:00 -------- d-----w C:\Program Files\Tall Emu 2008-01-04 15:46:00 -------- d-----w C:\Program Files\SystemRequirementsLab 2008-01-04 15:46:00 -------- d-----w C:\Program Files\Sony Ericsson 2008-01-04 15:46:00 -------- d-----w C:\Program Files\smplayer 2008-01-04 15:46:00 -------- d-----w C:\Program Files\Smarty Uninstaller Pro 2008-01-04 15:46:00 -------- d-----w C:\Program Files\Skype 2008-01-04 15:46:00 -------- d-----w C:\Program Files\Safer Networking 2008-01-04 15:46:00 -------- d-----w C:\Program Files\Realtek Sound Manager 2008-01-04 15:46:00 -------- d-----w C:\Program Files\Paragon Software 2008-01-04 15:46:00 -------- d-----w C:\Program Files\Opera 9.5 beta 2008-01-04 15:46:00 -------- d-----w C:\Program Files\NVIDIA Corporation 2008-01-04 15:46:00 -------- d-----w C:\Program Files\MSXML 6.0 2008-01-04 15:46:00 -------- d-----w C:\Program Files\MSXML 4.0 2008-01-04 15:46:00 -------- d-----w C:\Program Files\MSN Gaming Zone 2008-01-04 15:46:00 -------- d-----w C:\Program Files\Movie Maker 2008-01-04 15:46:00 -------- d-----w C:\Program Files\Microsoft.NET 2008-01-04 15:46:00 -------- d-----w C:\Program Files\Microsoft Works 2008-01-04 15:46:00 -------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition 2008-01-04 15:46:00 -------- d-----w C:\Program Files\Microsoft Kalkulator Plus 2008-01-04 15:46:00 -------- d-----w C:\Program Files\microsoft frontpage 2008-01-04 15:46:00 -------- d-----w C:\Program Files\Messenger 2008-01-04 15:46:00 -------- d-----w C:\Program Files\Marvell 2008-01-04 15:46:00 -------- d-----w C:\Program Files\MAGIX 2008-01-04 15:46:00 -------- d-----w C:\Program Files\Lavalys 2008-01-04 15:46:00 -------- d-----w C:\Program Files\IZArc 2008-01-04 15:46:00 -------- d-----w C:\Program Files\Internet Translator 2(2) 2008-01-04 15:45:59 -------- d–h--w C:\Program Files\InstallShield Installation Information 2008-01-04 15:45:59 -------- d-----w C:\Program Files\Internet Translator 2 2008-01-04 15:45:59 -------- d-----w C:\Program Files\Intel 2008-01-04 15:45:59 -------- d-----w C:\Program Files\Hide Folders XP 2 2008-01-04 15:45:59 -------- d-----w C:\Program Files\HEXelon MAX 6 2008-01-04 15:45:59 -------- d-----w C:\Program Files\Google(2) 2008-01-04 15:45:59 -------- d-----w C:\Program Files\Google 2008-01-04 15:45:59 -------- d-----w C:\Program Files\Foxit Software 2008-01-04 15:45:59 -------- d-----w C:\Program Files\F-Group 2008-01-04 15:45:59 -------- d-----w C:\Program Files\CleanMyPC 2008-01-04 15:45:59 -------- d-----w C:\Program Files\CCleaner 2008-01-04 15:45:59 -------- d-----w C:\Program Files\AvRack 2008-01-04 15:45:58 -------- d-----w C:\Program Files\Ashampoo 2008-01-01 20:29:19 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-12-13 21:12:41 3,374 ----a-w C:\WINDOWS\unins001.dat 2007-12-05 12:35:56 3,049 ----a-w C:\WINDOWS\mozver.dat 2007-12-04 18:38:14 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-12-04 18:38:12 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-12-04 18:38:08 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys 2007-12-04 18:38:08 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2007-12-04 18:38:08 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2007-12-04 18:38:02 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-12-04 18:38:02 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-12-04 18:36:22 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-12-04 18:36:22 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-12-04 18:36:16 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-12-04 18:36:16 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-12-04 18:36:16 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-12-04 18:36:16 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-12-04 18:36:16 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-12-04 18:36:16 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-12-04 18:36:14 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-12-04 18:36:14 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-12-04 18:36:14 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-12-04 18:36:14 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2007-12-04 18:35:48 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-12-04 18:35:32 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-11-25 18:54:03 -------- d-----w C:\DOCUME~1\Arco\DANEAP~1\FMA 2007-11-25 17:27:27 -------- d-----w C:\DOCUME~1\Arco\DANEAP~1\Leadertech 2007-11-24 21:03:04 -------- d-----w C:\DOCUME~1\Arco\DANEAP~1\AdobeAUM 2007-11-24 21:03:03 -------- d-----w C:\DOCUME~1\Arco\DANEAP~1\AdobeUM 2007-11-24 20:42:28 -------- d-----w C:\DOCUME~1\Arco\DANEAP~1\Teleca 2007-11-24 20:34:24 -------- d-----w C:\DOCUME~1\Arco\DANEAP~1\Sony Ericsson 2007-11-24 20:30:55 -------- d-----w C:\Program Files\Common Files\Teleca Shared 2007-11-24 20:30:23 -------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared 2007-11-17 09:59:06 -------- d-----w C:\Program Files\Common Files\MAGIX Shared 2007-11-13 10:25:55 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-07 09:29:33 723,968 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:44:30 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-25 08:28:30 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-23 16:49:24 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 02:43] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “a-squared”=“C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe” [2007-12-28 09:48] “ABRegmon”=“C:\Program Files\ArcaBit\ArcaVir\ABregmon.exe” [2007-10-23 11:41] “Absolute StartUp monitor”=“C:\Program Files\F-Group\Absolute StartUp\ASMon.exe” [2007-07-03 12:59] “ArcaCheck”=“C:\Program Files\ArcaBit\ArcaVir\ArcaCheck.exe” [2007-11-22 10:54] “AvMenu”=“C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe” [2007-12-05 10:24] “DU Meter”=“C:\Program Files\DU Meter\DUMeter.exe” [2006-11-27 15:18] “MagUninstall”=“C:\Program Files\Ashampoo\Ashampoo Magical UnInstall\MagicalUnInstall.exe” [2007-11-02 15:58] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoCDBurning”=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoRecentDocsNetHood”=1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{56F9679E-7826-4C84-81F3-532071A8BCC5}”=“C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll” [2007-02-05 14:39] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TS_LogonListener] TS_LogonListener.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] “nwiz”=nwiz.exe /install HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] AutoRun\command- G:\instaluj.exe /VERYSILENT [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\systems.com start\command- RECYCLER\systems.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{5e185aa9-2718-11dc-96dd-806d6172696f}] AutoRun\command- G:\instaluj.exe /VERYSILENT [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{89c3eba4-62b9-11dc-be28-001485bb5c1d}] Auto\command- I:\activexdebugger32.exe f AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f explore\Command- I:\activexdebugger32.exe f open\Command- I:\activexdebugger32.exe f [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{e7344da0-a0bd-11dc-bf80-001485bb5c1d}] AutoRun\command- I:\USBNB.exe Contents of the ‘Scheduled Tasks’ folder 2008-01-04 16:15:00 C:\WINDOWS\tasks\1-Click Maintenance.job 2008-01-06 01:16:00 C:\WINDOWS\tasks\MP Scheduled Scan.job 2008-01-13 12:11:02 C:\WINDOWS\tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-13 13:55:40 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2008-01-13 13:56:05 C:\ComboFix-quarantined-files.txt … 2008-01-13 13:56 C:\ComboFix2.txt … 2008-01-13 13:45 — E O F —
Gutek
(Gutek)
13 Styczeń 2008 13:10
#6
Gdy wyłaczysz antywirusa, zapytałem to działa pulpit? Może coś ustawiłeś w ArcaVir
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe już nie używasz?
Wklej do Notatnika:
File::
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )
– podobnie jak na tym obrazku –>
(jeśli pojawi się pytanie " 1 or 2 " - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: * * Qoobox**.
Gutek
(Gutek)
13 Styczeń 2008 14:21
#8
Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350
Dlaczego nie odpowiadasz na moje pytania?
Arco
(Arco)
13 Styczeń 2008 15:18
#9
Gutek 2222 sorry doszedłem naprowadziłeś mnie tym ze namieszałem programem Tune Utilities 2006 przywróciłem kopie jest już w porządku a co do loga to umnie ta funkcja przenieś upuść nie działała ,ale teraz już jest ok =D> dziękuje za pomoc. A co loga to nie wiedziałem że jest nowy sposób wklejania .