Zawieszki windowsa

mkmk17 · 7 Sierpień 2007 20:18

powod: spowalnianie windowsa, wczoraj sie totalnie zawiesil, ze trzeba bylo poczekac na wyczerpanie baterii zanim cokolwiek ruszy.

zrobilam wiec skan komputera poprzez >ewido, znalazlo kilka zainfekowanych ciasteczek, downloader.small i trojan.obfuscated. wszystko usunelam. ponizej zrobilam i wkleilam loga z hijackthis. jestem w tych sprawach totalnym zoltodziobem, wiec poprosze o pomoc fachowcow:) dziekuje:) milej lektury 8)

Logfile of HijackThis v1.99.1 Scan saved at 20:56:10, on 2007-08-07 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\AOL\Active Virus Shield\avp.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe C:\Program Files\VoyagerTest\fts.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\hphmon06.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\AOL\Active Virus Shield\avp.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Common Files\AOL\1156538315\ee\AOLSoftware.exe C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\svchost.exe c:\program files\common files\aol\1156538315\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe c:\program files\common files\aol\1156538315\ee\aolsoftware.exe C:\Program Files\AOL 9.0\waol.exe C:\Program Files\AOL 9.0\shellmon.exe C:\Program Files\Common Files\AOL\aoltpspd.exe C:\Documents and Settings\MK&MK\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file) O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll O4 - HKLM…\Run: [ATIPTA] “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” O4 - HKLM…\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [Toshiba Hotkey Utility] “C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe” /lang en O4 - HKLM…\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM…\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM…\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM…\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM…\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM…\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon O4 - HKLM…\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe O4 - HKLM…\Run: [%FP%Friendly fts.exe] “C:\Program Files\VoyagerTest\fts.exe” O4 - HKLM…\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe” O4 - HKLM…\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [dgvmqorm] C:\WINDOWS\system32\vsdoaiqn.exe O4 - HKLM…\Run: [aol] “C:\Program Files\AOL\Active Virus Shield\avp.exe” O4 - HKLM…\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM…\Run: [HostManager] C:\Program Files\Common Files\AOL\1156538315\ee\AOLSoftware.exe O4 - HKLM…\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM…\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU…\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip…{BB78FF15-2083-474E-BE49-43700A2E6EDF}: NameServer = 205.188.146.145 O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing) O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

jessica · 7 Sierpień 2007 21:07

Te w/w wpisy sfiksuj w Hijacku:

>>Hijack>>scan(Do a system scan only)>>zaznacz je >> Fix checked.

>>Start >>> Uruchom >>> wybierz (lub wpisz) cmd >> zastosować te komendę (po niej wciśnij “ENTER”):

Potem daj nowy log z Hijacka.

Możesz dać jeszcze log z ComboFixa:

http://forum.dobreprogramy.pl/viewtopic.php?t=36654

(na dole tej strony z linku) -

Log wklej na http://wklej.org/, a w poście daj tylko link.

.

mkmk17 · 7 Sierpień 2007 21:56

1/ usunelam 2 wpisy w hijacku

2/ nie rozumiem >>> >>Start >>> Uruchom >>> wybierz (lub wpisz) cmd>> itd. uruchamiam cdm, wyskakuje okno a w nim sciezka c:\documents and settings\ i dalej nie wiem gdzie sie ruszyc;) i jak:P

3/ log z ComboFix >>> http://wklej.org/id/c1eb86e87b

4/ ponownie hijack:

Logfile of HijackThis v1.99.1 Scan saved at 22:54:14, on 2007-08-07 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\AOL\Active Virus Shield\avp.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe C:\Program Files\VoyagerTest\fts.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\hphmon06.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\AOL\Active Virus Shield\avp.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Common Files\AOL\1156538315\ee\AOLSoftware.exe C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\svchost.exe c:\program files\common files\aol\1156538315\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe c:\program files\common files\aol\1156538315\ee\aolsoftware.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\explorer.exe C:\Program Files\AOL 9.0\waol.exe C:\Program Files\AOL 9.0\shellmon.exe C:\Program Files\Common Files\AOL\aoltpspd.exe C:\Documents and Settings\MK&MK\Desktop\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll O4 - HKLM…\Run: [ATIPTA] “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” O4 - HKLM…\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [Toshiba Hotkey Utility] “C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe” /lang en O4 - HKLM…\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM…\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM…\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM…\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM…\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM…\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon O4 - HKLM…\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe O4 - HKLM…\Run: [%FP%Friendly fts.exe] “C:\Program Files\VoyagerTest\fts.exe” O4 - HKLM…\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe” O4 - HKLM…\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [aol] “C:\Program Files\AOL\Active Virus Shield\avp.exe” O4 - HKLM…\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM…\Run: [HostManager] C:\Program Files\Common Files\AOL\1156538315\ee\AOLSoftware.exe O4 - HKLM…\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM…\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU…\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip…{BB78FF15-2083-474E-BE49-43700A2E6EDF}: NameServer = 205.188.146.145 O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing) O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

5/ dziekuje za pomoc!

jessica · 8 Sierpień 2007 05:35

Nic więcej podejrzanego w tych logach nie widzę.

Tak więc pozostaje kwestia usunięcia tego “vsdoaiqn.exe”.

Ponieważ ja nie mam zdolności tłumaczenia, więc zrobimy inaczej.

Ściągnij OTMoveIt.

Do pola Paste List of Files/Folders to be Moved wklej poniższą ścieżkę:

Następnie wciśnij przycisk MoveIt!

Pojawi się komunikat, że jest potrzebny restart do usunięcia podanych plików/folderów- wciśnij Yes.

Po restarcie usuń ręcznie folder C:** _OTMoveIt** (Prawoklik >>> Usuń >>> Opróżnij Kosz).

Mam nadzieję, że sobie z tym poradzisz.

.

mkmk17 · 8 Sierpień 2007 10:44

uzylam OTMoveIt. po nacisnieciu move it plik powinien byc przeniesiony do okna po prawej stronie. tak tez sie stalo, tyle ze po calej sciezce byl wyswietlony napis >not found.< czyzby juz go nie bylo na kompie? dac juz sobie z tym spokoj?

z windowsa security alert> config free summit engine> blokowac? nie mam pojecia o co chosi:)

adam9870 · 8 Sierpień 2007 10:56

Bardzo prawdopodobne jest, że wskazanego pliku nie ma fizycznie na dysku, a jedynie istnieje po nim reszta w rejestrze.

Wklej komplet nowych logów (hijack+combo).

mkmk17 · 8 Sierpień 2007 13:05

prosze, tym razem jedno pod drugim.

Logfile of HijackThis v1.99.1 Scan saved at 13:59:41, on 2007-08-08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\AOL\Active Virus Shield\avp.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe C:\Program Files\VoyagerTest\fts.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\hphmon06.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\AOL\Active Virus Shield\avp.exe C:\Program Files\Common Files\AOL\1156538315\ee\AOLSoftware.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe c:\program files\common files\aol\1156538315\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe c:\program files\common files\aol\1156538315\ee\aolsoftware.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\MK&MK\Desktop\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll O4 - HKLM…\Run: [ATIPTA] “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” O4 - HKLM…\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [Toshiba Hotkey Utility] “C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe” /lang en O4 - HKLM…\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM…\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM…\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM…\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM…\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM…\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon O4 - HKLM…\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe O4 - HKLM…\Run: [%FP%Friendly fts.exe] “C:\Program Files\VoyagerTest\fts.exe” O4 - HKLM…\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe” O4 - HKLM…\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [aol] “C:\Program Files\AOL\Active Virus Shield\avp.exe” O4 - HKLM…\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM…\Run: [HostManager] C:\Program Files\Common Files\AOL\1156538315\ee\AOLSoftware.exe O4 - HKLM…\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM…\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU…\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing) O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

ComboFix 07-08-04.3 - “MK&MK” 2007-08-08 13:49:11.2 [GMT 1:00] - NTFS Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.True ((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 ))))))))))))))))))))))))))))))) 2007-08-07 22:26 51,200 --a------ C:\WINDOWS\nircmd.exe (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-08 13:53 37037088 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-08-08 13:48 891424 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-08-08 13:42 84572 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2007-08-08 13:42 496940 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2007-08-07 20:28 --------- d-------- C:\Program Files\Common Files\AOL 2007-08-05 18:32 --------- d-------- C:\Program Files\eMule 2007-07-20 16:38 --------- d-------- C:\Program Files\AOL 9.0 2007-07-12 23:46 --------- d-------- C:\Program Files\Picasa2 2007-06-17 16:05 --------- d-------- C:\Program Files\Google 2007-06-17 15:27 --------- d–h----- C:\Program Files\InstallShield Installation Information 2007-06-17 15:27 --------- d-------- C:\Program Files\FinePixViewer 2007-06-17 15:27 --------- d-------- C:\DOCUME~1\MK&MK\APPLIC~1\FUJIFILM 2007-05-16 16:12 86528 -----c— C:\WINDOWS\system32\dllcache\directdb.dll 2007-05-16 16:12 85504 --a–c— C:\WINDOWS\system32\dllcache\wabimp.dll 2007-05-16 16:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-16 16:12 683520 -----c— C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-05-16 16:12 510976 -----c— C:\WINDOWS\system32\dllcache\wab32.dll 2007-05-16 16:12 1314816 -----c— C:\WINDOWS\system32\dllcache\msoe.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2005-06-28 21:05] “SynTPLpr”=“C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [2004-10-08 22:44] “SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2004-10-08 22:43] “Toshiba Hotkey Utility”=“C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe” [2005-08-01 22:25] “NDSTray.exe”=“NDSTray.exe” [] “SmoothView”=“C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe” [2005-05-12 10:31] “PadTouch”=“C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe” [2004-11-17 10:56] “dla”=“C:\WINDOWS\system32\dla\tfswctrl.exe” [2005-05-31 05:33] “CFSServ.exe”=“CFSServ.exe” [] “DSLSTATEXE”=“C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe” [2003-06-28 17:10] “DSLAGENTEXE”=“C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe” [2003-08-19 14:47] “%FP%Friendly fts.exe”=“C:\Program Files\VoyagerTest\fts.exe” [2003-05-06 10:28] “HP Component Manager”=“C:\Program Files\HP\hpcoretech\hpcmpmgr.exe” [2004-05-12 15:18] “HPHmon06”=“C:\WINDOWS\system32\hphmon06.exe” [2004-06-07 05:42] “HPDJ Taskbar Utility”=“C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe” [2004-04-06 11:28] “QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2006-08-22 20:24] “aol”=“C:\Program Files\AOL\Active Virus Shield\avp.exe” [2006-05-30 13:13] “AOLDialer”=“C:\Program Files\Common Files\AOL\ACS\AOLDial.exe” [2007-01-10 12:06] “HostManager”=“C:\Program Files\Common Files\AOL\1156538315\ee\AOLSoftware.exe” [2006-11-17 14:21] “REGSHAVE”=“C:\Program Files\REGSHAVE\REGSHAVE.exe” [2002-02-04 22:32] “Picasa Media Detector”=“C:\Program Files\Picasa2\PicasaMediaDetector.exe” [2007-06-16 00:15] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “TOSCDSPD”=“C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe” [2005-04-11 11:26] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 13:00] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk backup=C:\WINDOWS\pss\AOL 9.0 Tray Icon.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk backup=C:\WINDOWS\pss\AOL Companion.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^MK&MK^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk] path=C:\Documents and Settings\MK&MK\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] C:\Program Files\Common Files\AOL\1156538315\ee\AOLHostManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] “C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06] C:\Program Files\HP{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER R1 sscdbhk5;sscdbhk5;C:\WINDOWS\system32\drivers\sscdbhk5.sys R1 ssrtln;ssrtln;C:\WINDOWS\system32\drivers\ssrtln.sys R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol;C:\WINDOWS\system32\DRIVERS\netdevio.sys R2 tfsnpool;tfsnpool;C:\WINDOWS\system32\dla\tfsnpool.sys R3 BoiHwsetup;Access 32bits INT15 routine;C:\WINDOWS\system32\drivers\BoiHwSetup.sys R3 CAMCAUD;Conexant AMC 3D Environmental Audio;C:\WINDOWS\system32\drivers\camc6aud.sys R3 CAMCHALA;CAMCHALA;C:\WINDOWS\system32\drivers\camc6hal.sys R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys R3 lanusb;GlobeSpan USB ADSL LAN Modem;C:\WINDOWS\system32\DRIVERS\glausb.sys R3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys R3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys R3 SynTP;Synaptics TouchPad Driver;C:\WINDOWS\system32\DRIVERS\SynTP.sys R3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys Contents of the ‘Scheduled Tasks’ folder 2006-01-29 17:48:47 C:\WINDOWS\Tasks\Registration reminder 2.job ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-08 13:53:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes … scanning hidden registry entries … [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\24\xe1\21] “DisplayName”="\x7008\x34b\x7008\x34b\1" “DeviceDesc”="\x7008\x34b\x7008\x34b\1" “ProviderName”="\xfed4\21\xee18\x7c90\xff44\21\b" “MFG”="\x558" “ReinstallString”=“C:\WINDOWS\System32\ReinstallBackups\xe114\21\x80\xc010\DriverFiles.INF” “DeviceInstanceIds”=str(7):“c:\toolscd\display driver\sbdrv\smbus\smbusati.inf” scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-08 13:57:37 C:\ComboFix2.txt … 2007-08-07 22:36 — E O F —

qrczak13 · 9 Sierpień 2007 20:18

Logi ok.

Czyszczenie rejestru - jv16 PowerTools 1.3.0.195 + opis.

Optymalizacja i odchudzanie Windows XP