Juhne12
(Taex)
9 Lipiec 2007 14:55
#1
Włączam kompa wszystko jest dobrze ale po chwili znikają mi wszystkie ikonki z pulpitu zostaje tylko tapeta. Muszę wejść w Menedżer zadań windows i w “nowe polecenie” wpisać explorer.exe pojawiają się ikonki ale tylko na chwilę potem znowu muszę wpisywać
Daję log z HijackThis
Logfile of HijackThis v1.99.1 Scan saved at 16:54:12, on 2007-07-09 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\xsxlrpeq.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\CiDial\CiDial.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Kompik\Moje dokumenty\Taex’a\HijackThis.exe C:\WINDOWS\system32\taskmgr.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [j3271937] rundll32 C:\WINDOWS\system32\j3271937.dll sook O4 - HKLM…\Run: [GPLv3] rundll32.exe “C:\WINDOWS\system32\wfdwrtji.dll”,realset O4 - HKCU…\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU…\Run: [µTorrent] “C:\Program Files\uTorrent\uTorrent.exe” O4 - HKCU…\Run: [RocketDock] “C:\Program Files\RocketDock\RocketDock.exe” O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O17 - HKLM\System\CCS\Services\Tcpip…{3B7174FF-2136-41B6-A371-3160842ADAEE}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip…{3B7174FF-2136-41B6-A371-3160842ADAEE}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ##Id_String1 .6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DomainService - - C:\WINDOWS\system32\xsxlrpeq.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MySql - Unknown owner - c:\usr/MYSQL/bin/mysqld.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Gutek
(Gutek)
9 Lipiec 2007 15:02
#2
Juhne12
(Taex)
9 Lipiec 2007 16:39
#3
Przeskanowałem tymi 3 programami i już jest lepiej teraz log z Combofix
“Kompik” - 2007-07-09 18:27:24 - ComboFix 07-07-09.3 - Dodatek Service Pack 2 (((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\awvtr.dll C:\WINDOWS\system32\khfedde.dll C:\WINDOWS\system32\aihxxsqm.exe C:\WINDOWS\system32\khfedde.dll C:\WINDOWS\system32\winmqx32.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\Kompik\DANEAP~1.\macromedia\Flash Player#SharedObjects\3USL4YCV\www.broadcaster.com C:\DOCUME~1\Kompik\DANEAP~1.\macromedia\Flash Player#SharedObjects\3USL4YCV\www.broadcaster.com \played_list.sol C:\DOCUME~1\Kompik\DANEAP~1.\macromedia\Flash Player#SharedObjects\3USL4YCV\www.broadcaster.com \video_queue.sol C:\DOCUME~1\Kompik\DANEAP~1.\macromedia\Flash Player\macromedia.com \support\flashplayer\sys#www.broadcaster.com C:\DOCUME~1\Kompik\DANEAP~1.\macromedia\Flash Player\macromedia.com \support\flashplayer\sys#www.broadcaster.com \settings.sol C:\Program Files\Common Files\Yazzle1162OinAdmin.exe C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe C:\Program Files\myglobalsearch C:\Program Files\myglobalsearch\bar\History\search C:\WINDOWS\system32\xpdx.sys C:\WINDOWS\system32\xsxlrpeq.exe ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_DOMAINSERVICE -------\DomainService -------\xpdx ((((((((((((((((((((((((( Files Created from 2007-06-09 to 2007-07-09 ))))))))))))))))))))))))))))))) 2007-07-09 18:03 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe 2007-07-09 17:13 2007-07-09 17:12 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-09 12:59 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-07-09 12:59 2007-07-09 12:59 2007-07-09 12:59 2007-07-09 12:59 2007-07-09 12:59 2007-07-09 12:59 2007-07-09 12:59 2007-07-09 12:58 2007-07-09 11:36 50,708 --a------ C:\WINDOWS\system32\stypafap.exe 2007-07-09 10:44 2007-07-09 10:44 2007-07-08 14:43 50,708 --a------ C:\WINDOWS\system32\qxxnxigj.exe 2007-07-08 13:34 2007-07-08 13:34 2007-07-08 13:16 2007-07-01 08:11 2007-06-28 22:41 2007-06-28 11:51 2007-06-28 11:50 2007-06-25 19:29 2007-06-23 11:23 2007-06-20 16:00 2007-06-17 11:33 2007-06-15 09:28 2007-06-15 09:27 2007-06-12 16:07 2007-06-09 16:55 2007-06-09 16:55 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-09 16:31:44 -------- d-----w C:\DOCUME~1\Kompik\DANEAP~1\uTorrent 2007-07-09 16:27:06 -------- d-----w C:\DOCUME~1\Kompik\DANEAP~1\DMCache 2007-07-08 16:45:20 -------- d-----w C:\Program Files\English Translator 3 2007-06-29 17:04:27 -------- d-----w C:\DOCUME~1\Kompik\DANEAP~1\Skype 2007-06-29 08:20:48 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-06-27 08:10:59 -------- d-----w C:\Program Files\a-squared Free 2007-06-23 14:13:58 -------- d-----w C:\Program Files\Neostrada TP 2007-06-20 14:16:24 -------- d-----w C:\Program Files\PC-Clean 2007-06-17 14:22:31 -------- d-----w C:\DOCUME~1\Kompik\DANEAP~1\Image Zone Express 2007-06-15 11:45:21 -------- d-----w C:\Program Files\Gadu-Gadu 2007-06-07 08:17:30 -------- d-----w C:\DOCUME~1\Kompik\DANEAP~1\IDM 2007-06-06 18:20:05 1,040,384 ----a-w C:\WINDOWS\system32\libeay32.dll 2007-06-06 18:17:20 196,608 ----a-w C:\WINDOWS\system32\ssleay32.dll 2007-06-04 17:06:08 -------- d-----w C:\Program Files\Rockstar Games 2007-06-02 12:54:36 223,128 ----a-w C:\WINDOWS\system32\drivers\dtscsi.sys 2007-06-01 12:40:18 -------- d-----w C:\Program Files\CiDial 2007-06-01 09:19:57 -------- d-----w C:\DOCUME~1\Kompik\DANEAP~1\Vso 2007-06-01 09:19:52 81,920 ----a-w C:\DOCUME~1\Kompik\DANEAP~1\ezpinst.exe 2007-06-01 09:19:51 47,360 ----a-w C:\DOCUME~1\Kompik\DANEAP~1\pcouffin.sys 2007-06-01 08:41:13 -------- d-----w C:\Program Files\Reallusion 2007-06-01 08:34:44 642,560 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-06-01 08:34:43 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd0557.sys 2007-05-30 15:18:55 -------- d-----w C:\Program Files\AskTBar 2007-05-30 13:05:51 557,741 ----a-w C:\WINDOWS\system32\RegistryCleanerSetup.exe 2007-05-29 16:08:59 -------- d-----w C:\DOCUME~1\Kompik\DANEAP~1\Launchy 2007-05-29 15:12:29 263,220 --sha-w C:\WINDOWS\system32\gebcy.dll.vir 2007-05-29 15:08:57 -------- d-----w C:\DOCUME~1\Kompik\DANEAP~1\Lavasoft 2007-05-29 15:05:52 -------- d-----w C:\Program Files\Lavasoft 2007-05-29 14:59:11 -------- d-----w C:\Program Files\uTorrent 2007-05-29 14:42:35 -------- d-----w C:\Program Files\Winamp 2007-05-29 06:36:14 -------- d-----w C:\Program Files\Bonjour 2007-05-29 06:14:47 -------- d-----w C:\Program Files\Common Files\Macrovision Shared 2007-05-28 12:33:06 -------- d-----w C:\Program Files\Odkurzacz 2007-05-26 13:48:27 -------- d-----w C:\Program Files\SubEdit-Player 2007-05-24 16:58:45 -------- d-----w C:\Program Files\Comodo 2007-05-24 14:21:58 -------- d-----w C:\Program Files\Thomson 2007-05-22 14:31:31 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-05-19 11:30:11 2,560 ----a-w C:\WINDOWS\wspInstall.dll 2007-05-18 15:32:57 -------- d-----w C:\Program Files\Common Files\Macromedia Shared 2007-05-16 15:18:58 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-16 13:14:47 -------- d-----w C:\Program Files\Common Files\MAGIX Shared 2007-05-12 11:24:13 -------- d-----w C:\Program Files\MAXON 2007-05-11 17:01:29 -------- d-----w C:\DOCUME~1\Kompik\DANEAP~1\Blueberry 2007-05-11 16:14:45 -------- d-----w C:\Program Files\SWiSHmax 2007-05-11 15:53:47 4,608 ----a-w C:\WINDOWS\system32\bbchlp.dll 2007-05-11 15:53:47 27,776 ----a-w C:\WINDOWS\system32\bbcap.dll 2007-05-11 15:53:47 2,944 ----a-w C:\WINDOWS\system32\drivers\bbcap.sys 2007-05-11 15:53:34 -------- d-----w C:\Program Files\Common Files\Blueberry Software 2007-05-11 15:53:34 -------- d-----w C:\Program Files\Blueberry Software 2007-05-11 14:29:11 -------- d-----w C:\DOCUME~1\Kompik\DANEAP~1\ExportTool 2007-05-10 17:14:08 -------- d-----w C:\Program Files\Deutsch Translator 2 2007-05-10 15:32:59 -------- d-----w C:\DOCUME~1\Kompik\DANEAP~1\Ahead 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-04-30 08:32:36 43,602 ----a-w C:\WINDOWS\system32\xvid-uninstall.exe 2007-04-25 14:23:30 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:14:32 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-04-11 17:04:05 14 ----a-w C:\WINDOWS\system32\systeminfo3.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{0055C089-8582-441B-A0BF-17B458C2A3A8}] 2007-02-19 16:53 79544 --a------ C:\Program Files\Internet Download Manager\IDMIECC.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2006-12-18 05:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{C451C08A-EC37-45DF-AAAD-18B51AB5E837}] 2007-02-21 16:57 757760 --a------ C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “IDMan”=“C:\Program Files\Internet Download Manager\IDMan.exe” [2007-04-23 14:47] “µTorrent”=“C:\Program Files\uTorrent\uTorrent.exe” [2007-02-15 22:17] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoInstrumentation”=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Launchy.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Launchy.lnk backup=C:\WINDOWS\pss\Launchy.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kompik^Menu Start^Programy^Autostart^Adobe Gamma.lnk] path=C:\Documents and Settings\Kompik\Menu Start\Programy\Autostart\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kompik^Menu Start^Programy^Autostart^WinMySQLadmin.lnk] path=C:\Documents and Settings\Kompik\Menu Start\Programy\Autostart\WinMySQLadmin.lnk backup=C:\WINDOWS\pss\WinMySQLadmin.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ] C:\PROGRA~1\WapSter\AQQ\AQQ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] “C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” /min [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare] “C:\Program Files\BearShare\BearShare.exe” /pause [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX] C:\WINDOWS\DivX.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget] C:\PROGRA~1\FlashGet\Flashget.exe /min [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall] “C:\Program Files\FreeCall.com \FreeCall\FreeCall.exe” -nosplash -minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] C:\Program Files\Ahead\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipmon] ipmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NliaClient] C:\Program Files\NLIA\Netpia.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup] rundll32.exe “C:\WINDOWS\system32\rsiqvrik.dll”,realset [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedX] C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinMem] C:\Program Files\WinCleaner Memory Optimizer\WinMemOpt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\µTorrent] “C:\Program Files\uTorrent\uTorrent.exe” Contents of the ‘Scheduled Tasks’ folder 2007-07-09 08:41:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-09 18:31:08 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … C:\WINDOWS\system32\cmd.exe [2852] 0x85C4E020 scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-09 18:32:47 - machine was rebooted C:\ComboFix-quarantined-files.txt … 2007-07-09 18:32 — E O F —
Gutek
(Gutek)
9 Lipiec 2007 17:18
#4
Pobierz The Avenger . Wypakuj => uruchom => zaznacz opcję Input script manually => kliknij w taką lupkę => w okienku, które się otworzy wklej:
kliknij klawisz Done => teraz kliknij na zielone światełko => powinna pojawić się pewna informacja i kliknij OK (teraz restart).
Czyszczenie rejestru:
RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177
możesz rejestr przelecieć albo
jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509
Skan AVG Anti-Spyware 7.5 po update