ZeroSpyware.com

system · 22 Sierpień 2007 17:04

Skanując kompa Spybotem wykrył mi przeadresowany host Zreospyware.com ale nie potrafi tego usunąć możecie cos poradzić w tej sprawie? Oto logi z kompa:

Logfile of HijackThis v1.99.1 Scan saved at 18:45:01, on 2007-08-22 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe C:\Program Files\AntiVir PersonalEdition Premium\avguard.exe C:\WINDOWS\ATK0100\HControl.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe C:\Program Files\a-squared\a2service.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AntiVir PersonalEdition Premium\sched.exe C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe C:\Program Files\AntiVir PersonalEdition Premium\avesvc.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AntiVir PersonalEdition Premium\avmailc.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Łukasz Feluks\Pulpit\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: &Netcraft Toolbar - {D554D8FC-B36D-4BB4-93DB-4A3394D505E3} - (no file) O4 - HKLM…\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM…\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM…\Run: [avgnt] “C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe” /min O4 - HKLM…\Run: [ZoneAlarm Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” O4 - HKLM…\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe O4 - HKLM…\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic Professional 6\delay.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Milo spam killer] C:\Program Files\BBProject\Milo spam killer\Milo.exe O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Broken Internet access because of LSP provider ‘avsda.dll’ missing O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms … b56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lukasz820415.spaces.live.com//Ph … nPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 2111365734 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI … b56649.cab O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} (iolo.ProductDetector) - http://www.iolo.com/app/ocx/UpgradeVerify.ocx O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared\a2service.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing) O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\avmailc.exe O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\sched.exe O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\avguard.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\avesvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Z gory dzieki

Gutek · 22 Sierpień 2007 18:36

usuń wpisy HJT

Daj log z ComboFix

Użyj programu HostsXpert i ustaw domyślne ustawienia plikowi hosts.

system · 22 Sierpień 2007 19:23

ComboFix 07-08-17.2 - “ťukasz Feluks” 2007-08-22 21:09:14.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.335 [GMT 2:00] * Created a new restore point ((((((((((((((((((((((((( Files Created from 2007-07-22 to 2007-08-22 ))))))))))))))))))))))))))))))) 2007-08-22 21:08 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-22 19:38 2007-08-19 22:03 2007-08-19 22:03 2007-08-19 22:03 2007-08-16 17:03 2007-08-07 21:12 4,521,756 --ah----- C:\WINDOWS\system32\spython.bin 2007-08-03 22:17 2007-08-03 21:24 4,388 --a------ C:\WINDOWS\smproflt.dll 2007-08-01 21:48 2007-08-01 18:43 37,768 -ra------ C:\WINDOWS\system32\drivers\wceusbsh.sys 2007-07-28 00:03 9,341 --a------ C:\WINDOWS\system32\drivers\filedisk.sys 2007-07-28 00:03 41,472 --a------ C:\WINDOWS\system32\iolobtdfg.exe 2007-07-28 00:03 25,264 --a------ C:\WINDOWS\system32\smrgdf.exe 2007-07-28 00:03 1,212,416 --a------ C:\WINDOWS\system32\Incinerator.dll 2007-07-26 18:53 12,288 --a------ C:\WINDOWS\system32\drivers\nhcDriver.sys 2007-07-26 18:53 2007-07-26 18:28 696,320 --a------ C:\WINDOWS\system32\libeay32.dll 2007-07-26 18:28 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll 2007-07-26 18:28 2007-07-26 18:16 2007-07-25 20:06 2007-07-22 13:34 2007-07-22 13:31 2007-07-22 13:31 2007-07-22 13:31 2007-07-22 10:02 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-22 19:27 655640 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2007-08-22 19:27 48328480 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-08-22 19:27 1659936 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-08-22 19:27 161912 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2007-08-22 16:31 --------- d-------- C:\Program Files\SpywareBlaster 2007-08-22 04:49 --------- d-------- C:\Program Files\AntiVir PersonalEdition Premium 2007-08-18 12:46 --------- d–h----- C:\Program Files\InstallShield Installation Information 2007-08-18 12:46 --------- d-------- C:\Program Files\ASUS 2007-08-18 12:44 --------- d-------- C:\Program Files\VDMSound 2007-08-17 21:20 --------- d-------- C:\Program Files\a-squared 2007-08-10 20:23 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys 2007-08-10 20:23 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-08-04 14:31 --------- d-------- C:\Program Files\Lavasoft 2007-08-04 00:24 --------- d-------- C:\Program Files\WinUAE 2007-08-04 00:06 --------- d-------- C:\Program Files\QuickTime Alternative 2007-08-04 00:04 --------- d-------- C:\Program Files\Dachshund Software 2007-08-03 22:17 --------- d-------- C:\Program Files\Skype 2007-08-01 19:05 --------- d-------- C:\Program Files\Xvid 2007-07-28 10:41 --------- d-------- C:\Program Files\AutoPatcher 2007-07-26 18:17 --------- d-------- C:\Program Files\iolo 2007-07-22 13:18 --------- d-------- C:\Program Files\Ahead 2007-07-19 08:58 3583488 --------- C:\WINDOWS\system32\dllcache\mshtml.dll 2007-07-18 21:03 --------- d-------- C:\Program Files\Yahoo! 2007-07-16 13:02 524288 --a------ C:\WINDOWS\opuc.dll 2007-07-13 12:36 --------- d-------- C:\Program Files\SereneScreen 2007-07-13 12:30 --------- d-------- C:\Program Files\Particle Fire 2 2007-07-13 01:32 765952 --------- C:\WINDOWS\system32\dllcache\vgx.dll 2007-07-09 17:57 --------- d-------- C:\Program Files\Common Files\Scanner 2007-07-09 00:37 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-07-08 20:16 --------- d-------- C:\Program Files\eMule 2007-06-28 18:54 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-06-28 18:52 765952 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-06-27 16:09 823808 --------- C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-27 16:09 671232 --------- C:\WINDOWS\system32\dllcache\mstime.dll 2007-06-27 16:09 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-06-27 16:09 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-06-27 16:09 477696 --------- C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-06-27 16:09 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-06-27 16:09 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll 2007-06-27 16:09 27648 --------- C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-06-27 16:09 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-06-27 16:09 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll 2007-06-27 16:09 193024 --------- C:\WINDOWS\system32\dllcache\msrating.dll 2007-06-27 16:09 1152000 --------- C:\WINDOWS\system32\dllcache\urlmon.dll 2007-06-27 16:09 105984 --------- C:\WINDOWS\system32\dllcache\url.dll 2007-06-27 16:09 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll 2007-06-27 16:08 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-06-27 16:08 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-06-27 16:08 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-06-27 16:08 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-06-27 16:08 132608 --------- C:\WINDOWS\system32\dllcache\extmgr.dll 2007-06-27 16:08 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll 2007-06-27 10:30 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe 2007-06-27 10:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-06-27 10:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-06-27 09:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll 2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-26 08:10 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll 2007-06-25 09:40 --------- d-------- C:\Program Files\Windows Live Toolbar 2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-19 15:32 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll 2007-06-15 22:33 65024 --a------ C:\WINDOWS\IFinst26.exe 2007-06-13 15:12 1034752 --a------ C:\WINDOWS\explorer.exe 2007-06-13 15:12 1034752 --------- C:\WINDOWS\system32\dllcache\explorer.exe 2007-06-03 19:49 7893603 --a------ C:\WINDOWS\Screen Saver.exe 2007-06-03 19:49 411052 --a------ C:\WINDOWS\Screen Saver.scr 2007-06-03 19:49 40960 --a------ C:\WINDOWS\Screen Saver.dll 2007-06-03 13:57 360576 --a------ C:\WINDOWS\system32\dllcache\TCPIP.SYS 2007-06-01 20:43 4608 --a------ C:\WINDOWS\system32\w95inf32.dll 2007-06-01 20:43 2272 --a------ C:\WINDOWS\system32\w95inf16.dll 2007-05-31 08:45 524288 --a------ C:\WINDOWS\system32\DivXsm.exe 2007-05-31 08:44 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2007-05-31 08:44 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2007-05-31 08:44 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2007-05-31 08:44 740442 --a------ C:\WINDOWS\system32\DivX.dll 2007-05-19 21:03:20 5 --sha-w C:\WINDOWS\system32\daffaaf8_s.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “HControl”=“C:\WINDOWS\ATK0100\HControl.exe” [2006-04-17 05:24] “RTHDCPL”=“RTHDCPL.EXE” [2006-04-17 03:34 C:\WINDOWS\RTHDCPL.exe] “Power_Gear”=“C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe” [2006-03-14 17:46] “avgnt”=“C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe” [2007-04-02 10:35] “ZoneAlarm Client”=“C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” [2007-03-09 01:02] “Ad-Watch”=“C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe” [2007-07-29 22:36] “ioloDelayModule”=“C:\Program Files\iolo\System Mechanic Professional 6\delay.exe” [2005-06-08 13:31] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 13:00] “Milo spam killer”=“C:\Program Files\BBProject\Milo spam killer\Milo.exe” [2006-09-28 10:14] [HKEY_USERS.default\software\microsoft\windows\currentversion\runonce] “FFTI”=C:\Documents and Settings\Łukasz Feluks\Dane aplikacji\Mozilla\Firefox\Profiles\90zkat11.default\extensions{B13721C7-F507-4982-B2E5-502A71474FED}\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “ForceClassicControlPanel”=1 (0x1) “NoSMConfigurePrograms”=1 (0x1) “NoChangeKeyboardNavigationIndicators”=0 (0x0) “NoRecentDocsMenu”=1 (0x1) “NoSharedDocuments”=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] “updateMgr”=c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] “NeroFilterCheck”=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe “ISUSScheduler”=“C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start “ISUSPM Startup”=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup R0 risdptsk;risdptsk;C:\WINDOWS\system32\DRIVERS\risdptsk.sys R1 avgio;avgio;??\C:\Program Files\AntiVir PersonalEdition Premium\avgio.sys R1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys R2 AntiVirMailService;AntiVir PersonalEdition Premium MailGuard;“C:\Program Files\AntiVir PersonalEdition Premium\avmailc.exe” R2 AVEService;AntiVir PersonalEdition Premium MailGuard helper service;“C:\Program Files\AntiVir PersonalEdition Premium\avesvc.exe” R3 ASNDIS5;ASNDIS5 Protocol Driver;??\C:\WINDOWS\system32\ASNDIS5.SYS R3 avgntflt;avgntflt;??\C:\Program Files\AntiVir PersonalEdition Premium\avgntflt.sys R3 ZD1211BU(ASUS);ASUS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ASUS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys S3 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS Contents of the ‘Scheduled Tasks’ folder 2007-08-19 20:03:18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-22 21:10:33 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-22 21:11:28 — E O F —

Gutek · 22 Sierpień 2007 19:47

Użyj Pocket Killbox. Zaznaczasz opcję Delete on Reboot i w polu Full Path of File to Delete wklejasz ścieżkę

C:\WINDOWS\system32\spython.bin

C:\WINDOWS\smproflt.dll

i naciskasz X czerwony. Program poprosi o reset kompa … czyli resetujesz.

Pobierz program SDFix

system · 23 Sierpień 2007 15:42

Ok pozbyłem sie tego czegoś Dziękuję Tobie bardzo za Pomoc

Gutek · 23 Sierpień 2007 15:57

daj log

system · 23 Sierpień 2007 16:20

SDFix: Version 1.99 Run by ťukasz Feluks on 2007-08-22 at 19:39 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\Documents and Settings\ťukasz Feluks\Pulpit\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting… Normal Mode: Checking Files: No Trojan Files Found Removing Temp Files… ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" “%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" “C:\Program Files\MSN Messenger\msnmsgr.exe”=“C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1” “C:\Program Files\MSN Messenger\livecall.exe”=“C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)” “C:\Program Files\LimeWire\LimeWire.exe”=“C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire” “C:\Program Files\BitTorrent_DNA\dna.exe”=“C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:DNA” “C:\Program Files\BitTorrent\bittorrent.exe”=“C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent” “C:\Program Files\Tlen.pl\tlen.exe”=“C:\Program Files\Tlen.pl\tlen.exe:*:Enabled:Komunikator Tlen.pl” “C:\Program Files\Ares\Ares.exe”=“C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows” “C:\Program Files\Spamihilator\dccproc.exe”=“C:\Program Files\Spamihilator\dccproc.exe:*:Enabled:dccproc” “C:\Program Files\Skype\Phone\Skype.exe”=“C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype” [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" “%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" “C:\Program Files\MSN Messenger\msnmsgr.exe”=“C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1” “C:\Program Files\MSN Messenger\livecall.exe”=“C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)” Remaining Files: --------------- Registry Backups: - C:\DOCUME~1\ťUKASZ~1\Pulpit\SDFix\backups\backupreg.zip Full Registry Backup: - C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE Files with Hidden Attributes: C:\Documents and Settings\ťukasz Feluks\Dane aplikacji\dach100.dll C:\WINDOWS\system32\daffaaf8_s.dll C:\Program Files\iolo\System Mechanic Professional 6\unins000.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\LocalService\NTUSER.DAT.tmp.LOG C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.tmp.LOG C:\Documents and Settings\NetworkService\NTUSER.DAT.tmp.LOG C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.tmp.LOG C:\Documents and Settings\ťukasz Feluks\NTUSER.DAT.tmp.LOG C:\Documents and Settings\ťukasz Feluks\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.tmp.LOG C:\WINDOWS\system32\config\SAM.tmp.LOG C:\WINDOWS\system32\config\SECURITY.tmp.LOG Finished

Gutek · 23 Sierpień 2007 16:36

No ok

system · 23 Sierpień 2007 18:28

Jeszcze raz dzięki za pomoc