Żadna aplikacja nie odpowiada

Rikson · 16 Sierpień 2007 16:42

Witam wszystkich!

Ponieważ to jest mój pierwszy post na tym forum, prosze o wyrozumiałośc ze strony moderatorów.

Pisze tutaj ponieważ mam problem ze swoim kompem. Otóż od jakiegoś czasu zaczął zachowywać się poniżej krytyki…

CHodzi wolno jak mułłł … Czekam po 2 minuty na urucomienie każdej aplikacji, a czasami uruchomi mi się nawet windows, wskakuje mi widok na pulpit, a później nie mogę nic uruchomić.Po prostu żadna aplikacja nie odpowiada. MIałem także problem z dziwnym dialerem…mam nadzieję,że już zniknął lecz sam nie wiem… po prostu uruchamiał mi stronki o wiadomej treści- a to tymbardziej dziwi ponieważ nikt z tego komputera nie przeglada teg o typu stron. Poza tym mam jeszcze jeden problem. Otóż przy każdym uruchamianiu sytemu (WindowsXP pojawia mi się informacja, że mogłem paść ofiarą fałszowania systemu operacyjnego i musze czakac na takie odliczanie od 5s w dół na cotrace w sumie sporo czasu.Czy możecie mi jakos pomoc z tym calym syfem. Bo zaczynam juz rozwazac format partycji… lecz od czasów windows 98 tego nie robilem,wiec takze przydaloby mi sie nawet z tym wsparcie. Nie jestem specjalista w tych sprawach wiec bede wdzieczny za kazda rade. Ponizej umieszczam log z hijacka, postaram sie takze o log z combofixa w najblizszym czasie. Dodam takze,ze mam zinstalowany antyvirus AOL oraz SUPERAntipyware, ktory juz mi troche syfu wykurzyl.

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:19:53, on 2007-08-16 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AOL\Active Virus Shield\avp.exe C:\AdventNet\ME\EventLog\bin\wrapper.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\UAService7.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\AdventNet\ME\EventLog\mysql\bin\mysqld-nt.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE C:\WINDOWS\mHotkey.exe C:\Program Files\ASUS\Probe\AsusProb.exe C:\WINDOWS\AGRSMMSG.exe C:\program files\zte corporation\zxdsl852\CnxDslTb.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\Program Files\AOL\Active Virus Shield\avp.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Spyware Process Detector\spydetector.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Kalendarz XP\Kalendarz.exe F:\programy\HijackThis.exe C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\WINDOWS\system32\cmd.exe C:\AdventNet\ME\EventLog\bin\SysEvtCol.exe C:\AdventNet\ME\EventLog\jre\bin\java.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file) O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\tbu35C\AOL_security_toolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\tbu35C\AOL_security_toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM…\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM…\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE O4 - HKLM…\Run: [CHotkey] mHotkey.exe O4 - HKLM…\Run: [Pop3trap.exe] “C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe” O4 - HKLM…\Run: [pccguide.exe] “C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe” O4 - HKLM…\Run: [PCCClient.exe] “C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe” O4 - HKLM…\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe O4 - HKLM…\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM…\Run: [CnxDslTaskBar] “c:\program files\zte corporation\zxdsl852\CnxDslTb.exe” “ZTE Corporation\ZXDSL852” O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [Onet.pl AutoUpdate] C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr O4 - HKLM…\Run: [aol] “C:\Program Files\AOL\Active Virus Shield\avp.exe” O4 - HKLM…\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM…\Run: [sony Ericsson PC Suite] “C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Komunikator] C:\PROGRA~1\Tlen.pl\tlen.exe O4 - HKCU…\Run: [AMP Agent] C:\Program Files\Common Files\ARS Company\Agent\Agent.exe O4 - HKCU…\Run: [MailScanner] C:\Program Files\MKS_VIR_2006\Mks_mail.exe O4 - HKCU…\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU…\Run: [spyprodetector] C:\Program Files\Spyware Process Detector\spydetector.exe TRAY O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’) O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra ‘Tools’ menuitem: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach … 0.0.15.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v … 3240351656 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Active Virus Shield (AVP) - AOL - C:\Program Files\AOL\Active Virus Shield\avp.exe O23 - Service: ManageEngine EventLog Analyzer 4.0 (eventloganalyzer) - Unknown owner - C:\AdventNet\ME\EventLog\bin\wrapper.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe – End of file - 8433 bytes

Gutek · 16 Sierpień 2007 21:20

Daj log z ComboFix

Rikson · 17 Sierpień 2007 18:25

A oto i log z ComboFix

ComboFix 07-08-14.4 - “B” 2007-08-17 19:49:04.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.8 [GMT 2:00] * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\B\DANEAP~1.\hidires C:\DOCUME~1\B\MENUST~1.\crazy girls.lnk C:\WINDOWS\dialerexe.ini C:\WINDOWS\exefld C:\WINDOWS\hosts C:\WINDOWS\svchost.exe C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\nvs2.inf C:\WINDOWS\system32\tzylvxf.dat C:\WINDOWS\system32\tzylvxf.exe C:\WINDOWS\system32\tzylvxf_nav.dat C:\WINDOWS\system32\tzylvxf_navps.dat ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\m_hook -------\NPF ((((((((((((((((((((((((( Files Created from 2007-07-17 to 2007-08-17 ))))))))))))))))))))))))))))))) 2007-08-17 19:29 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-15 13:14 360,448 --a------ C:\WINDOWS\system32\myodbc3.dll 2007-08-15 13:08 2007-08-15 13:06 2007-08-13 15:47 2007-08-11 22:09 2007-08-09 21:30 2007-08-09 19:19 2007-08-09 19:18 2007-08-09 19:18 2007-08-09 19:17 2007-08-03 18:19 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-17 20:05 42203424 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-08-17 20:05 1714720 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-08-17 20:03 571448 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2007-08-17 20:03 164840 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2007-08-17 20:01 --------- d-------- C:\Program Files\Kalendarz XP 2007-08-17 15:43 --------- d-------- C:\Program Files\eMule 2007-08-15 13:06 --------- d–h----- C:\Program Files\InstallShield Installation Information 2007-08-13 15:47 --------- d-------- C:\Program Files\Google 2007-08-11 22:23 --------- d-------- C:\Program Files\Picasa2 2007-08-09 20:27 --------- d-------- C:\Program Files\NAPI-PROJEKT 2007-07-15 18:00 --------- d-------- C:\Program Files\CDex_150 2007-07-15 12:51 --------- d-------- C:\DOCUME~1\B\DANEAP~1\Teleca 2007-07-15 12:43 --------- d-------- C:\DOCUME~1\B\DANEAP~1\Sony Ericsson 2007-07-15 12:42 --------- d-------- C:\Program Files\Sony Ericsson 2007-07-15 12:42 --------- d-------- C:\Program Files\Common Files\Teleca Shared 2007-07-15 12:42 --------- d-------- C:\Program Files\Common Files\Sony Ericsson Shared 2007-07-14 12:37 --------- d-------- C:\Program Files\Neostrada TP 2007-06-28 12:52 --------- d-------- C:\Program Files\Managed DirectX (0901) 2007-06-28 12:51 --------- d-------- C:\Program Files\FrostWire 2007-06-26 11:55 --------- d-------- C:\Program Files\Codec Pack - All In 1 2007-06-26 11:53 --------- d-------- C:\Program Files\Windows Media Connect 2 2007-05-14 17:48 477 --a------ C:\Program Files\INSTALL.LOG 2007-03-19 20:13 6422611 --a------ C:\Program Files\frostwire-4.13.1.6.windows.exe 2004-03-11 13:27 40960 --a------ C:\Program Files\Uninstall_CDS.exe 2007-05-04 10:09:29 6,144 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\10_credui.dll\Thumbs.db 2007-05-04 10:35:00 43,008 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\12_explorer.exe\Thumbs.db 2007-05-04 10:34:49 15,872 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\13_fontext.dll\Thumbs.db 2007-05-04 10:35:16 25,600 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\16_inetcplc.dll\Thumbs.db 2007-05-04 10:09:32 7,680 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\19_keymgr.dll\Thumbs.db 2007-05-04 10:09:38 32,768 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\20_logon.scr\Thumbs.db 2007-05-04 10:09:33 10,752 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\23_moricons.dll\Thumbs.db 2007-05-04 10:35:31 22,528 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\24_msgina.dll\Thumbs.db 2007-05-04 10:36:38 65,536 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\25_mshtml.dll\Thumbs.db 2007-05-04 10:35:24 13,824 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\26_mspaint.exe\Thumbs.db 2007-05-04 10:30:39 13,312 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\27_mstask.dll\Thumbs.db 2007-05-04 10:09:32 7,168 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\28_mstscax.dll\Thumbs.db 2007-05-04 12:08:59 10,240 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\29_mydocs.dll\Thumbs.db 2007-05-04 12:06:53 9,216 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\31_netid.dll\Thumbs.db 2007-05-04 10:09:31 9,216 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\32_netshell.dll\Thumbs.db 2007-05-04 12:04:38 22,528 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\33_newdev.dll\Thumbs.db 2007-05-04 10:09:34 5,632 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\34_notepad.exe\Thumbs.db 2007-05-04 10:36:30 17,920 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\35_ntshrui.dll\Thumbs.db 2007-05-04 10:09:34 8,704 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\37_occache.dll\Thumbs.db 2007-05-04 10:09:34 9,216 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\39_printui.dll\Thumbs.db 2007-05-04 10:29:54 9,728 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\3_browseui.dll\Thumbs.db 2007-05-04 10:09:34 9,216 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\40_rasdlg.dll\Thumbs.db 2007-05-04 12:09:15 26,624 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\41_regedit.exe\Thumbs.db 2007-05-04 10:09:35 8,192 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\42_shdoclc.dll\Thumbs.db 2007-05-04 10:09:35 7,680 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\43_shdocvw.dll\Thumbs.db 2007-05-04 12:06:20 105,472 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\44_shell32.dll\Thumbs.db 2007-05-04 10:09:48 7,680 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\45_shimgvw.dll\Thumbs.db 2007-05-04 10:09:48 5,632 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\46_shlwapi.dll\Thumbs.db 2007-05-04 10:09:48 5,632 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\47_sndrec32.exe\Thumbs.db 2007-05-04 10:09:49 7,168 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\48_sndvol32.exe\Thumbs.db 2007-05-04 12:08:43 45,568 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\49_stobject.dll\Thumbs.db 2007-05-04 10:29:58 9,728 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\4_cabview.dll\Thumbs.db 2007-05-04 10:09:49 7,680 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\51_sysocmgr.exe\Thumbs.db 2007-05-04 10:09:49 8,704 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\52_syssetup.dll\Thumbs.db 2007-05-04 12:07:52 27,648 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\53_taskmgr.exe\Thumbs.db 2007-05-04 10:09:50 7,680 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\55_themeui.dll\Thumbs.db 2007-05-04 10:09:50 9,216 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\57_url.dll\Thumbs.db 2007-05-04 10:09:50 7,168 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\58_urlmon.dll\Thumbs.db 2007-05-04 10:09:51 8,192 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\59_webcheck.dll\Thumbs.db 2007-05-04 10:30:00 6,656 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\5_calc.exe\Thumbs.db 2007-05-04 10:09:51 8,704 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\60_wiaacmgr.exe\Thumbs.db 2007-05-04 12:09:52 29,184 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\61_wininet.dll\Thumbs.db 2007-05-04 10:09:52 7,168 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\63_winsrv.dll\Thumbs.db 2007-05-04 10:32:39 102,912 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\64_xpsp2res.dll\Thumbs.db 2007-05-04 10:31:29 18,432 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\65_zipfldr.dll\Thumbs.db 2007-05-04 10:09:52 6,656 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\66_logonui.exe\Thumbs.db 2007-05-04 10:09:52 9,216 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\67_iexplore.exe\Thumbs.db 2007-05-04 12:05:24 18,432 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\68_msimn.exe\Thumbs.db 2007-05-04 10:29:36 48,128 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\69_msoeres.dll\Thumbs.db 2007-05-04 10:30:02 9,728 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\6_cleanmgr.exe\Thumbs.db 2007-05-04 10:31:56 16,896 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\70_wmplayer.exe\Thumbs.db 2007-05-04 10:31:49 145,920 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\71_wmploc.dll\Thumbs.db 2007-05-04 10:09:29 5,120 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\7_cmd.exe\Thumbs.db 2007-05-04 10:30:06 9,216 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\8_cmdial32.dll\Thumbs.db 2007-05-04 10:09:29 5,120 -csha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\9_console.dll\Thumbs.db ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “InCD”=“C:\Program Files\Ahead\InCD\InCD.exe” [2004-04-06 19:36] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2003-12-13 02:50] “ISUSPM Startup”=“C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe” [2004-04-17 12:41] “ISUSScheduler”=“C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” [2004-04-13 06:07] “RemoteControl”=“C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” [2003-12-08 17:35] “SunJavaUpdateSched”=“C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe” [2004-06-03 23:05] “mouseElf”=“C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE” [2003-05-13 11:41] “CHotkey”=“mHotkey.exe” [2002-07-05 17:37 C:\WINDOWS\mHotkey.exe] “Pop3trap.exe”=“C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe” [] “pccguide.exe”=“C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe” [] “PCCClient.exe”=“C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe” [] “ASUS Probe”=“C:\Program Files\ASUS\Probe\AsusProb.exe” [2002-12-06 17:07] “AGRSMMSG”=“AGRSMMSG.exe” [2004-06-29 10:06 C:\WINDOWS\AGRSMMSG.exe] “CnxDslTaskBar”=“c:\program files\zte corporation\zxdsl852\CnxDslTb.exe” [2005-07-21 22:52] “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2005-07-21 08:33] “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [2005-07-21 08:33] “Onet.pl AutoUpdate”=“C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe” [] “aol”=“C:\Program Files\AOL\Active Virus Shield\avp.exe” [2006-05-30 13:13] “Picasa Media Detector”=“C:\Program Files\Picasa2\PicasaMediaDetector.exe” [2007-06-16 01:15] “Sony Ericsson PC Suite”=“C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” [2007-05-28 10:14] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 09:44] “VD”="" [] “Komunikator”=“C:\PROGRA~1\Tlen.pl\tlen.exe” [] “AMP Agent”=“C:\Program Files\Common Files\ARS Company\Agent\Agent.exe” [] “MailScanner”=“C:\Program Files\MKS_VIR_2006\Mks_mail.exe” [] “SUPERAntiSpyware”=“C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2007-08-11 22:03] “spyprodetector”=“C:\Program Files\Spyware Process Detector\spydetector.exe” [2007-06-15 20:50] “swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2007-08-13 19:35] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2006-10-26 17:10:00] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56] Microtek Scanner Finder.lnk - C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe [2004-12-18 21:59:16] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll SafeBoot registry key needs repairs. This machine cannot enter Safe Mode. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] @=“Driver Group” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] @=“Service” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] @=“Driver” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{4D36E967-E325-11CE-BFC1-08002BE10318}] @=“DiskDrive” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{4D36E96A-E325-11CE-BFC1-08002BE10318}] @=“Hdc” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{4D36E96B-E325-11CE-BFC1-08002BE10318}] @=“Keyboard” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{4D36E96F-E325-11CE-BFC1-08002BE10318}] @=“Mouse” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{4D36E97D-E325-11CE-BFC1-08002BE10318}] @=“System” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @=“Volume” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “Tmntsrv”=2 (0x2) “PCCPFW”=2 (0x2) R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys R2 eventloganalyzer;ManageEngine EventLog Analyzer 4.0;C:\AdventNet\ME\EventLog\bin\wrapper.exe -s C:\AdventNet\ME\EventLog\bin\…\server\default\conf\wrapper.conf R2 spydetector;spydetector;??\C:\Program Files\Spyware Process Detector\spydetector.sys R3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys R3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys R3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5b.sys R3 genmcmn;Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gmfiltr.sys S3 FETNDIS;Sterownik NT karty VIA PCI 10/100Mb Fast Ethernet;C:\WINDOWS\system32\DRIVERS\fetnd5.sys S3 NTSIM;NTSIM;??\C:\WINDOWS\System32\ntsim.sys S3 SABProcEnum;SABProcEnum;??\C:\PROGRA~1\MOZILL~1\SABProcEnum.sys ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-17 20:07:41 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-17 20:14:46 - machine was rebooted C:\ComboFix-quarantined-files.txt … 2007-08-17 20:14 — E O F —

Plis help

qrczak13 · 17 Sierpień 2007 19:00

Syfu nie widać. Combo usunął co miał.

Czyszczenie rejestru - jv16 PowerTools 1.3.0.195 + opis.

Optymalizacja i odchudzanie Windows XP + zbędniki w autostarcie.

Przywracanie skasowanego trybu awaryjnego