Skocz do zawartości


tablety.pl
Zdjęcie
- - - - -

Wyskakujące reklamy !




  • Zamknięty Temat jest zamknięty
6 odpowiedzi w tym temacie

#1 Cyryliusz

Cyryliusz

    First Rank

  • Użytkownicy
  • 3 postów

Napisano 10 03 2007 - 20:13

Więc proszę o pomoc nie dosyć że mi przeszkadzają w grze to jeszcze mi PC'ta obciążają oto mój log proszę powiedzcie co mam usunąć, a reklamy wyskakują w programie IE.

Logfile of HijackThis v1.99.1
Scan saved at 09:50:42, on 2007-03-09
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\program files\powerstrip\pstrip.exe
C:\WINDOWS\System32\winn\winn.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
D:\Steam\Steam.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
E:\Program Files\FlashGet\flashget.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Documents and Settings\XXX\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eu.microsoft.com/poland/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - d:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\BitDownload\TorrentManager.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [zzzHPSETUP] F:\Setup.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [Spik] C:\Program Files\Spik\Spik.exe -autostart
O4 - HKLM\..\Run: [winn] C:\WINDOWS\System32\winn\winn.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [face camp proc poke] C:\Documents and Settings\All Users\Dane aplikacji\Skip Meal Face Camp\closeinternet.exe
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [SpeedX] C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe
O4 - HKCU\..\Run: [32camp] C:\DOCUME~1\XXX\DANEAP~1\GREATD~1\setupheart.exe
O4 - HKCU\..\Run: [Steam] "D:\Steam\Steam.exe" -silent
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all links using BitComet - res://d:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://d:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://d:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll
O20 - Winlogon Notify: winmmt32 - winmmt32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe

#2 krzysieq

krzysieq

    Expert Rank

  • Użytkownicy +
  • 3710 postów
  • Płeć:Mężczyzna
  • Lokalizacja:Szczecin

Napisano 10 03 2007 - 20:18

Tak, mamy:

O4 - HKLM\..\Run: [winn]C:\WINDOWS\System32\winn\winn.exe
O4 - HKLM\..\Run: [face camp proc poke] C:\Documents and Settings\All Users\Dane aplikacji\Skip Meal Face Camp\closeinternet.exe
O4 - HKCU\..\Run: [32camp] C:\DOCUME~1\XXX\DANEAP~1\GREATD~1\setupheart.exe

O20 - Winlogon Notify: winmmt32 - winmmt32.dll (file missing)

Zanim zaczniemy usuwanie daj logi z:
- Silent Runners
- ComboScan

#3 Cyryliusz

Cyryliusz

    First Rank

  • Użytkownicy
  • 3 postów

Napisano 10 03 2007 - 20:55

ComboScan v20070306.20 run by XXX on 2007-03-10 at 20:50:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created ComboScan Restore Point.


-- Last 5 Restore Point(s) --
11: 2007-03-10 19:51:00 UTC - RP69 - ComboScan Restore Point
10: 2007-03-06 10:03:28 UTC - RP68 - Removed Otaku Mascot
9: 2007-03-05 15:34:16 UTC - RP67 - Configured Otaku Mascot
8: 2007-03-05 12:06:32 UTC - RP66 - Installed Otaku Mascot
7: 2007-03-01 22:17:24 UTC - RP65 - Installed GTA San Andreas


-- First Restore Point --
1: 2007-02-20 22:16:48 UTC - RP59 - Usunięte Call of Duty® 2


Performed disk cleanup.


-- HijackThis (run as XXX.exe) -------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 20:51:18, on 2007-03-10
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\program files\powerstrip\pstrip.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\Program Files\Tlen.pl\tlen.exe
D:\Steam\steam.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\XXX\Pulpit\comboscan.exe
C:\DOCUME~1\XXX\Pulpit\LOST_1~3\XXX.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eu.microsoft.com/poland/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - d:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\BitDownload\TorrentManager.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [zzzHPSETUP] F:\Setup.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [SpeedX] C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [32camp] C:\DOCUME~1\XXX\DANEAP~1\GREATD~1\setupheart.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all links using BitComet - res://d:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://d:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://d:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe


-- HijackThis Fixed Entries (C:\DOCUME~1\XXX\Pulpit\LOST_1~3\backups\) ---------

backup-20070309-175832-301 O20 - Winlogon Notify: winmmt32 - winmmt32.dll (file missing)
backup-20070309-175832-311 O4 - HKLM\..\Run: [face camp proc poke] C:\Documents and Settings\All Users\Dane aplikacji\Skip Meal Face Camp\closeinternet.exe
backup-20070309-175832-456 O4 - HKLM\..\Run: [winn] C:\WINDOWS\System32\winn\winn.exe
backup-20070309-175832-486 O4 - HKCU\..\Run: [32camp] C:\DOCUME~1\XXX\DANEAP~1\GREATD~1\setupheart.exe

-- File Associations -----------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

1R AFS2K - C:\WINDOWS\system32\drivers\AFS2K.SYS
3R ALCXWDM (Service for Realtek AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2R AMON - C:\WINDOWS\system32\drivers\amon.sys
3R ati2mtag - C:\WINDOWS\system32\drivers\ati2mtag.sys
3S Bridge (Mostek MAC) - C:\WINDOWS\system32\drivers\bridge.sys
3R BridgeMP (Miniport mostka MAC) - C:\WINDOWS\system32\drivers\bridge.sys
0S ElbyVCD - C:\WINDOWS\System32\DRIVERS\ElbyVCD.sys (not found)
3S hamachi (Hamachi Network Interface) - C:\WINDOWS\system32\drivers\hamachi.sys
3S HidUsb (Sterownik Microsoft klasy HID) - C:\WINDOWS\system32\drivers\hidusb.sys
1R Klif - C:\WINDOWS\system32\drivers\klif.sys
0R Klpf - C:\WINDOWS\system32\drivers\Klpf.sys
0R Klpid - C:\WINDOWS\system32\drivers\Klpid.sys
3S mouhid (Sterownik myszy HID) - C:\WINDOWS\system32\drivers\mouhid.sys
3R pfc (Padus ASPI Shell) - C:\WINDOWS\system32\drivers\pfc.sys
2R PStrip - C:\WINDOWS\system32\drivers\pstrip.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\PxHelp20.sys
3R rtl8139 (Sterownik NT karty Realtek RTL8139(A/B/C)-based PCI Fast Ethernet) - C:\WINDOWS\system32\drivers\RTL8139.sys
0R sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - C:\WINDOWS\system32\drivers\sfdrv01.sys
0R sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - C:\WINDOWS\system32\drivers\sfhlp02.sys
0R sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - C:\WINDOWS\system32\drivers\sfsync02.sys
0R sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - C:\WINDOWS\system32\drivers\sfvfs02.sys
0R sptd - C:\WINDOWS\system32\drivers\sptd.sys
3S usbprint (Klasa PRINTER USB Microsoft) - C:\WINDOWS\system32\drivers\usbprint.sys
3S usbscan (Sterownik skanera USB) - C:\WINDOWS\system32\drivers\usbscan.sys
3S USBSTOR (Sterownik magazynu masowego USB) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
3R WS2IFSL (Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0) - C:\WINDOWS\system32\drivers\ws2ifsl.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

2R Ati HotKey Poller - C:\WINDOWS\System32\Ati2evxx.exe
2S ATI Smart - C:\WINDOWS\system32\ati2sgag.exe
3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
2R NOD32krn (NOD32 Kernel Service) - "C:\Program Files\Eset\nod32krn.exe"
3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
3S SCardDrv (Pomocnik karty inteligentnej) - C:\WINDOWS\System32\SCardSvr.exe
2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\System32\wdfmgr.exe
2R uploadmgr (Menedżer przekazywania) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R UserAccess7 (SecuROM User Access Service (V7)) - C:\WINDOWS\System32\UAService7.exe


-- Scheduled Tasks -------------------------------------------------------------

2007-03-05 13:03:36 260 --ah----- C:\WINDOWS\Tasks\A84DA776911E2286.job<A84DA7~1.JOB>


-- Files created between 2007-02-10 and 2007-03-10 -----------------------------

2007-03-09 09:57:33 0 d-------- C:\!KillBox
2007-03-07 20:33:10 0 d-------- C:\Program Files\Endemit Studio<ENDEMI~1>
2007-03-05 13:06:32 0 d-------- C:\Program Files\Accursed Toys<ACCURS~1>
2007-03-05 13:01:31 0 d-------- C:\Program Files\great data<GREATD~1>
2007-03-05 12:54:25 0 d-------- C:\My Downloads<MYDOWN~1>
2007-03-05 12:53:42 0 d-------- C:\Program Files\BitDownload<BITDOW~1>
2007-03-03 19:29:17 0 d-------- C:\Program Files\Deluxe Ski Jump 3<DELUXE~1>
2007-02-23 07:44:51 0 d-------- C:\Program Files\Neon
2007-02-21 20:05:18 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment<BLIZZA~1>
2007-02-19 20:08:51 0 d-------- C:\Program Files\Zylom Games<ZYLOMG~1>
2007-02-17 20:44:12 0 d-------- C:\WINDOWS\WoWscape Server Browser<WOWSCA~1>
2007-02-15 23:02:43 0 d-------- C:\Program Files\HLTooLz
2007-02-15 23:02:37 249856 -----n--- C:\WINDOWS\Setup1.exe
2007-02-15 23:02:36 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-02-15 17:18:51 0 d-------- C:\Program Files\Cellmons


-- Find3M Report ---------------------------------------------------------------

2007-03-10 19:50:34 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-03-10 17:40:07 0 d-------- C:\Program Files\Winamp
2007-03-10 16:40:08 0 d-------- C:\Program Files\PowerStrip<POWERS~1>
2007-03-10 15:16:38 0 d-------- C:\Documents and Settings\XXX\Dane aplikacji\Tlen.pl
2007-03-10 13:29:25 0 d-------- C:\Documents and Settings\XXX\Dane aplikacji\MSN6
2007-03-08 23:03:44 0 d-------- C:\Program Files\Common Files\{0088678C-069C-1045-0516-030212130030}<{00886~2>
2007-03-08 23:03:42 0 d-------- C:\Program Files\Common Files\{0088678C-069B-1045-0516-030212130030}<{00886~1>
2007-03-08 21:19:54 0 d-------- C:\Program Files\eMule
2007-03-08 15:48:37 0 d-------- C:\Program Files\DOSBox-0.65
2007-03-06 11:03:38 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-05 16:27:34 0 d-------- C:\Program Files\Multi_Media<MULTI_~1>
2007-03-05 13:03:36 0 d-------- C:\Documents and Settings\XXX\Dane aplikacji\great data<GREATD~1>
2007-03-05 12:54:23 0 d-------- C:\Documents and Settings\XXX\Dane aplikacji\BitDownload<BITDOW~1>
2007-03-01 23:37:01 98304 --a------ C:\WINDOWS\System32\CmdLineExt.dll<CMDLIN~1.DLL>
2007-02-20 19:04:26 0 d-------- C:\Documents and Settings\XXX\Dane aplikacji\Skype
2007-02-19 17:35:12 0 d-------- C:\Program Files\Google
2007-02-15 15:35:33 0 d-------- C:\Documents and Settings\XXX\Dane aplikacji\OpenOffice.org2<OPENOF~1.ORG>
2007-02-05 17:04:37 0 d-------- C:\Program Files\Project64 1.6<PROJEC~1.6>
2007-02-05 17:02:56 0 d---s---- C:\Documents and Settings\XXX\Dane aplikacji\Microsoft<MICROS~1>
2007-02-01 11:14:01 0 d-------- C:\Program Files\Yahoo!
2007-01-30 20:12:38 0 d-------- C:\Program Files\D-Fend
2007-01-28 16:07:51 0 d-------- C:\Documents and Settings\XXX\Dane aplikacji\Qtracker
2007-01-28 14:20:49 0 d-------- C:\Program Files\directx
2007-01-25 22:57:50 256 --a------ C:\sccfg.sys
2007-01-24 19:58:26 0 d-------- C:\Program Files\Qtracker
2007-01-24 14:54:23 0 --a------ C:\wmisdt.exe
2007-01-24 14:54:23 0 --a------ C:\mvyok.exe
2007-01-24 14:54:23 0 --a------ C:\mnpw.exe
2007-01-24 14:54:23 0 --a------ C:\jhlkf.exe
2007-01-24 14:54:23 0 --a------ C:\ckib.exe
2007-01-24 14:54:22 0 --a------ C:\qinniycc.exe
2007-01-24 14:54:22 0 --a------ C:\bkktkp.exe
2007-01-24 14:54:22 0 --a------ C:\aslnb.exe
2007-01-24 13:40:27 0 d-------- C:\Program Files\InetGet2
2007-01-24 12:34:07 0 d-------- C:\Program Files\Common Files\{3088678C-069B-1045-0516-030212130030}<{30886~1>
2007-01-24 10:55:32 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-01-23 13:53:10 0 d-------- C:\Documents and Settings\XXX\Dane aplikacji\Hamachi
2007-01-22 22:37:33 0 d-------- C:\Program Files\BloodRayne2 Demo<BLOODR~1>
2007-01-22 22:32:17 0 d-------- C:\Program Files\No-IP
2007-01-22 22:08:51 0 d--hs---- C:\Documents and Settings\XXX\Dane aplikacji\winn
2007-01-22 21:53:57 0 d-------- C:\Program Files\Hamachi
2007-01-20 00:17:17 47 --a------ C:\WINDOWS\System32\imon1.dat
2007-01-18 19:36:39 0 d-------- C:\Program Files\Game Cam v1.4<GAMECA~1.4>
2007-01-18 13:32:09 2008 --a------ C:\WINDOWS\unins001.dat
2007-01-17 23:10:58 2516 --ahs---- C:\WINDOWS\System32\KGyGaAvL.sys
2007-01-17 23:07:58 8 -r-hs---- C:\WINDOWS\System32172015858.sys<017201~1.SYS>
2007-01-17 23:06:08 0 d-------- C:\Program Files\Corel
2007-01-17 22:35:47 0 d-------- C:\Documents and Settings\XXX\Dane aplikacji\Spik
2007-01-17 21:57:41 0 d-------- C:\Program Files\CCleaner
2007-01-16 16:32:08 349454 --a------ C:\WINDOWS\System32\perfh015.dat
2007-01-16 16:32:08 46756 --a------ C:\WINDOWS\System32\perfc015.dat
2007-01-16 16:24:11 0 d-------- C:\Program Files\Elaborate Bytes<ELABOR~1>
2007-01-15 15:57:22 0 d-------- C:\Program Files\Common Files\Kaspersky Lab<KASPER~1>
2007-01-15 15:57:17 0 d-------- C:\Program Files\Kaspersky Lab<KASPER~1>
2007-01-14 12:54:13 0 d-------- C:\Program Files\MyPortal
2007-01-14 11:14:04 0 d-------- C:\Documents and Settings\XXX\Dane aplikacji\Sun
2007-01-14 11:12:41 3050 --a------ C:\WINDOWS\mozver.dat
2007-01-14 11:12:18 0 d-------- C:\Program Files\Java
2007-01-14 11:04:20 0 d-------- C:\Program Files\Common Files\Java
2007-01-12 19:36:23 0 d-------- C:\Program Files\OpenOffice.org 2.0.2<OPENOF~1.2>
2007-01-11 22:34:23 0 d-------- C:\Documents and Settings\XXX\Dane aplikacji\Google
2007-01-11 17:37:18 0 d-------- C:\Program Files\ffdshow
2007-01-10 19:46:45 0 d-------- C:\Program Files\microsoft frontpage<MICROS~1>
2007-01-10 17:42:10 619 --a------ C:\WINDOWS\eReg.dat
2006-12-21 09:04:12 0 --a------ C:\WINDOWS\System32\CMMGR32.EXE
2006-12-21 08:49:51 2560 --a------ C:\WINDOWS\System32\BitCometRes.dll<BITCOM~1.DLL>
2006-12-20 21:27:38 126976 --a------ C:\WINDOWS\System32\UAService7.exe<UASERV~1.EXE>
2006-12-20 19:38:27 0 --a------ C:\WINDOWS\nsreg.dat
2006-12-20 19:37:19 713 --a------ C:\WINDOWS\unins000.dat
2006-12-20 19:28:37 274432 --a------ C:\WINDOWS\System32\imon.dll
2006-12-20 19:09:41 0 -rahs---- C:\MSDOS.SYS
2006-12-20 19:09:41 0 -rahs---- C:\IO.SYS
2006-12-20 19:09:41 0 --a------ C:\CONFIG.SYS
2006-12-20 19:09:41 0 --a------ C:\AUTOEXEC.BAT
2006-12-20 19:06:47 21856 --a------ C:\WINDOWS\System32\emptyregdb.dat<EMPTYR~1.DAT>
2006-12-20 19:00:26 62 --ahs---- C:\Documents and Settings\XXX\Dane aplikacji\desktop.ini
2006-12-10 13:21:32 348160 --a------ C:\WINDOWS\System32\msvcr71.dll
2006-12-10 13:21:32 499712 --a------ C:\WINDOWS\System32\msvcp71.dll
2006-12-10 13:21:32 5120 --a------ C:\WINDOWS\System32\ff_vfw.dll


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Komunikator"="C:\\Program Files\\Tlen.pl\\tlen.exe"
"SpeedX"="C:\\PROGRA~1\\MyPortal\\Speed-X\\SpeedX.exe"
"Steam"="\"d:\\steam\\steam.exe\" -silent"
"32camp"="C:\\DOCUME~1\\XXX\\DANEAP~1\\GREATD~1\\setupheart.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"zzzHPSETUP"="F:\\Setup.exe"
"Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"PowerStrip"="c:\\program files\\powerstrip\\pstrip.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"googletalk"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe /autostart"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"pmsngr.exe"="C:\\Program Files\\Video ActiveX Object\\pmsngr.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=dword:00000001

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService REG_MULTI_SZ DnsCache\
rpcss REG_MULTI_SZ RpcSs\
imgsvc REG_MULTI_SZ StiSvc\
termsvcs REG_MULTI_SZ TermService\



-- Hosts -----------------------------------------------------------------------

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

60 more entries in hosts file.


-- End of ComboScan: finished at 2007-03-10 at 20:51:49 ------------------------

To ComboScan ale Silent runners nie działa poniewaz wyskakuje okienko z błędem i jest napisane, że "Dostęp do Hosta skryptów systemu Windows jest wyłączony na tym komputerze, Skontaktuj się z administratorem, aby uzyskać szczegółowe informacje." Ja jestem Administratorem.

#4 krzysieq

krzysieq

    Expert Rank

  • Użytkownicy +
  • 3710 postów
  • Płeć:Mężczyzna
  • Lokalizacja:Szczecin

Napisano 10 03 2007 - 21:06

Usuwanie:

1. Ściągaj Gmera

2. W Gmerze:

- w zakładce CMD >>> CMD wklej:

gmer -killall
gmer -del file C:\WINDOWS\System32\winn
gmer -del file C:\Documents and Settings\All Users\Dane aplikacji\Skip Meal Face Camp
gmer -del file C:\DOCUME~1\XXX\DANEAP~1\GREATD~1
gmer -del file C:\Program Files\Common Files\{0088678C-069C-1045-0516-030212130030}
gmer -del file C:\Program Files\Common Files\{0088678C-069B-1045-0516-030212130030}
gmer -del file C:\WINDOWS\Tasks\A84DA776911E2286.job
gmer -del file C:\sccfg.sys
gmer -del file C:\wmisdt.exe
gmer -del file C:\mvyok.exe
gmer -del file C:\mnpw.exe
gmer -del file C:\jhlkf.exe
gmer -del file C:\ckib.exe
gmer -del file C:\qinniycc.exe
gmer -del file C:\bkktkp.exe
gmer -del file C:\aslnb.exe
gmer -del file C:\Program Files\Common Files\{3088678C-069B-1045-0516-030212130030}
gmer -del file C:\Documents and Settings\XXX\Dane aplikacji\winn
gmer -del file C:\Program Files\InetGet2
gmer -del file C:\Program Files\Multi_Media
gmer -del file C:\Program Files\BitDownload
gmer -del file C:\Documents and Settings\XXX\Dane aplikacji\BitDownload
gmer -del file C:\Program Files\great data
gmer -del file C:\Program Files\Video ActiveX Object
gmer -reboot

i kliknij na Uruchom z prawej strony.

Stosujesz SmitfraudFix (po ktorego uzyciu prosze pokazac loga z C:\rapport.txt)


Po akcji nowe logi z Hijacka i Comboscana + raport.

EDIT: OK poprawilem, thx :-)

#5 Gość_picasso_*

Gość_picasso_*
  • Goście

Napisano 11 03 2007 - 06:37

Nie usuwać:

O4 - HKLM\..\Run: [PowerStrip]c:\program files\powerstrip\pstrip.exe


No niekoniecznie do usuwania:

http://www.download....235/PowerStrip/

gmer -del file C:\sccfg.sys


To od Folder Lock.

gmer -del file C:\WINDOWS\System32\172015858.sys

.

To plik od softu DivX:

2007-01-17 23:10:58 2516 --ahs---- C:\WINDOWS\System32\KGyGaAvL.sys
2007-01-17 23:07:58 8 -r-hs---- C:\WINDOWS\System32172015858.sys<017201~1.SYS>


gmer -del file C:\WINDOWS\System32\imon1.dat

.

To plik od NOD32:

http://www.wildersse...ad.php?p=917694

Niektóre narzędzia to chyba się źle czują że go kasują..... Chyba że zachodzi inna kwestia. Ale TU w logu jest NOD32.


Natomiast dodać na usuwanie:

Ten szkodliwy folder:

2007-01-24 13:40:27 0 d-------- C:\Program Files\InetGet2


oraz te toolbary:

R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\BitDownload\TorrentManager.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll

.

Powstały dokładnie w tym samym czasie co spyware Lop:

2007-03-05 16:27:34 0 d-------- C:\Program Files\Multi_Media<MULTI_~1>
2007-03-05 13:03:36 0 d-------- C:\Documents and Settings\XXX\Dane aplikacji\great data<GREATD~1>
2007-03-05 12:54:23 0 d-------- C:\Documents and Settings\XXX\Dane aplikacji\BitDownload<BITDOW~1>


BitDownload wygląda na sławnego "BitGrabbera" będącego nośnikiem tej infekcji. Zaś ten drugi "Multi" mógł zostać samoczynnie dociągnięty. Kiedyś miałam wątpliwości czy "Multi" jest naprawdę szkodliwy ale ktoś też miał infekcję Lop, ten toolbar montował i jak sam twierdził "pożałowałem bo gówniany".





.

#6 Cyryliusz

Cyryliusz

    First Rank

  • Użytkownicy
  • 3 postów

Napisano 14 03 2007 - 12:51

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\MalwareWiped\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Moja bieľĄca strona gˆ˘wna"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End







Logfile of HijackThis v1.99.1
Scan saved at 12:49:10, on 2007-03-14
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\WINDOWS\System32\svcchosst.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\Documents and Settings\XXX\Pulpit\Lost_1cd(id89650)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - d:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [zzzHPSETUP] F:\Setup.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [msvccc66] svcchosst.exe
O4 - HKLM\..\RunServices: [msvccc66] svcchosst.exe
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [SpeedX] C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{44FAF958-151A-4F26-A548-85E4110BCC58}: NameServer = 194.204.152.34 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe








ComboScan v20070306.20 run by XXX on 2007-03-14 at 12:50:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as XXX.exe) -------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 12:50:01, on 2007-03-14
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\WINDOWS\System32\svcchosst.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\Documents and Settings\XXX\Pulpit\comboscan.exe
C:\DOCUME~1\XXX\Pulpit\LOST_1~3\XXX.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - d:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [zzzHPSETUP] F:\Setup.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [msvccc66] svcchosst.exe
O4 - HKLM\..\RunServices: [msvccc66] svcchosst.exe
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [SpeedX] C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{44FAF958-151A-4F26-A548-85E4110BCC58}: NameServer = 194.204.152.34 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe


-- Files created between 2007-02-14 and 2007-03-14 -----------------------------

2007-03-14 12:47:45 2918 --a------ C:\WINDOWS\System32\tmp.reg
2007-03-14 12:47:28 79360 --a------ C:\WINDOWS\System32\swxcacls.exe
2007-03-14 12:47:28 288417 --a------ C:\WINDOWS\System32\SrchSTS.exe
2007-03-14 12:47:28 51200 --a------ C:\WINDOWS\System32\dumphive.exe
2007-03-14 12:47:27 40960 --a------ C:\WINDOWS\System32\swsc.exe
2007-03-14 12:47:27 135168 --a------ C:\WINDOWS\System32\swreg.exe
2007-03-14 12:47:27 53248 --a------ C:\WINDOWS\System32\Process.exe
2007-03-14 12:42:03 80 --a------ C:\WINDOWS\gmer_uninstall.cmd<GMER_U~1.CMD>
2007-03-14 08:36:18 66610 --a------ C:\WINDOWS\System32\dload.exe
2007-03-12 19:24:58 49152 --a------ C:\WINDOWS\System32\WooDial2000.dll<WOODIA~1.DLL>
2007-03-12 19:24:58 5632 --a------ C:\WINDOWS\System32\SMMSETUP.DLL
2007-03-12 19:24:58 48128 --a------ C:\WINDOWS\System32\SMMSCRPT.DLL
2007-03-12 19:24:16 127497 --a------ C:\WINDOWS\System32\drivers\adiusbaw.sys
2007-03-12 19:24:15 127456 --a------ C:\WINDOWS\System32\ipdetect.exe
2007-03-12 19:24:15 155648 --a------ C:\WINDOWS\System32\adadix32.dll
2007-03-12 19:24:13 135168 --a------ C:\WINDOWS\System32\unaddrv.exe
2007-03-12 19:24:13 46167 --a------ C:\WINDOWS\System32\drivers\adildr.sys
2007-03-12 19:24:13 126976 --a------ C:\WINDOWS\System32\coclassfast.dll<COCLAS~1.DLL>
2007-03-12 19:24:13 4981 --a------ C:\WINDOWS\System32\adadix2k.dll
2007-03-12 19:24:13 46892 --a------ C:\WINDOWS\System32\adadix16.dll
2007-03-12 19:24:12 143360 --a------ C:\WINDOWS\autoclk.exe
2007-03-12 19:24:09 0 d-------- C:\Program Files\SAGEM
2007-03-12 19:23:50 9728 --a------ C:\WINDOWS\System32\rnaph.dll
2007-03-12 19:23:41 0 d-------- C:\Program Files\Wanadoo
2007-03-11 10:31:53 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-03-09 09:57:33 0 d-------- C:\!KillBox
2007-03-07 20:33:10 0 d-------- C:\Program Files\Endemit Studio<ENDEMI~1>
2007-03-05 13:06:32 0 d-------- C:\Program Files\Accursed Toys<ACCURS~1>
2007-03-05 12:54:25 0 d-------- C:\My Downloads<MYDOWN~1>
2007-03-05 12:53:42 0 d-a------ C:\Program Files\BitDownload<BITDOW~1>
2007-03-03 19:29:17 0 d-------- C:\Program Files\Deluxe Ski Jump 3<DELUXE~1>
2007-02-23 07:44:51 0 d-------- C:\Program Files\Neon
2007-02-21 20:05:18 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment<BLIZZA~1>
2007-02-19 20:08:51 0 d-------- C:\Program Files\Zylom Games<ZYLOMG~1>
2007-02-17 20:44:12 0 d-------- C:\WINDOWS\WoWscape Server Browser<WOWSCA~1>
2007-02-15 23:02:43 0 d-------- C:\Program Files\HLTooLz
2007-02-15 23:02:37 249856 -----n--- C:\WINDOWS\Setup1.exe
2007-02-15 23:02:36 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-02-15 17:18:51 0 d-------- C:\Program Files\Cellmons


-- Find3M Report ---------------------------------------------------------------

2007-03-14 10:28:37 0 d-------- C:\Program Files\Winamp
2007-03-14 10:06:51 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-03-12 19:24:11 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-10 16:40:08 0 d-------- C:\Program Files\PowerStrip<POWERS~1>
2007-03-10 15:16:38 0 d-------- C:\Documents and Settings\XXX\Dane aplikacji\Tlen.pl
2007-03-10 13:29:25 0 d-------- C:\Documents and Settings\XXX\Dane aplikacji\MSN6
2007-03-08 23:03:44 0 d-a------ C:\Program Files\Common Files\{0088678C-069C-1045-0516-030212130030}<{00886~2>
2007-03-08 23:03:42 0 d-a------ C:\Program Files\Common Files\{0088678C-069B-1045-0516-030212130030}<{00886~1>
2007-03-08 21:19:54 0 d-------- C:\Program Files\eMule
2007-03-08 15:48:37 0 d-------- C:\Program Files\DOSBox-0.65
2007-03-05 13:03:36 0 d-a------ C:\Documents and Settings\XXX\Dane aplikacji\great data<GREATD~1>
2007-03-05 12:54:23 0 d-a------ C:\Documents and Settings\XXX\Dane aplikacji\BitDownload<BITDOW~1>
2007-03-01 23:37:01 98304 --a------ C:\WINDOWS\System32\CmdLineExt.dll<CMDLIN~1.DLL>
2007-02-20 19:04:26 0 d-------- C:\Documents and Settings\XXX\Dane aplikacji\Skype
2007-02-19 17:35:12 0 d-------- C:\Program Files\Google
2007-02-15 15:35:33 0 d-------- C:\Documents and Settings\XXX\Dane aplikacji\OpenOffice.org2<OPENOF~1.ORG>
2007-02-05 17:04:37 0 d-------- C:\Program Files\Project64 1.6<PROJEC~1.6>
2007-02-05 17:02:56 0 d---s---- C:\Documents and Settings\XXX\Dane aplikacji\Microsoft<MICROS~1>
2007-02-01 11:14:01 0 d-------- C:\Program Files\Yahoo!
2007-01-30 20:12:38 0 d-------- C:\Program Files\D-Fend
2007-01-28 16:07:51 0 d-------- C:\Documents and Settings\XXX\Dane aplikacji\Qtracker
2007-01-28 14:20:49 0 d-------- C:\Program Files\directx
2007-01-24 19:58:26 0 d-------- C:\Program Files\Qtracker
2007-01-24 12:34:07 0 d-a------ C:\Program Files\Common Files\{3088678C-069B-1045-0516-030212130030}<{30886~1>
2007-01-24 10:55:32 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-01-23 13:53:10 0 d-------- C:\Documents and Settings\XXX\Dane aplikacji\Hamachi
2007-01-22 22:37:33 0 d-------- C:\Program Files\BloodRayne2 Demo<BLOODR~1>
2007-01-22 22:32:17 0 d-------- C:\Program Files\No-IP
2007-01-22 22:08:51 0 d-a------ C:\Documents and Settings\XXX\Dane aplikacji\winn
2007-01-22 21:53:57 0 d-------- C:\Program Files\Hamachi
2007-01-20 00:17:17 47 --a------ C:\WINDOWS\System32\imon1.dat
2007-01-18 19:36:39 0 d-------- C:\Program Files\Game Cam v1.4<GAMECA~1.4>
2007-01-18 13:32:09 2008 --a------ C:\WINDOWS\unins001.dat
2007-01-17 23:10:58 2516 --ahs---- C:\WINDOWS\System32\KGyGaAvL.sys
2007-01-17 23:07:58 8 -r-hs---- C:\WINDOWS\System32172015858.sys<017201~1.SYS>
2007-01-17 23:06:08 0 d-------- C:\Program Files\Corel
2007-01-17 22:35:47 0 d-------- C:\Documents and Settings\XXX\Dane aplikacji\Spik
2007-01-17 21:57:41 0 d-------- C:\Program Files\CCleaner
2007-01-16 16:32:08 349454 --a------ C:\WINDOWS\System32\perfh015.dat
2007-01-16 16:32:08 46756 --a------ C:\WINDOWS\System32\perfc015.dat
2007-01-16 16:24:11 0 d-------- C:\Program Files\Elaborate Bytes<ELABOR~1>
2007-01-15 15:57:22 0 d-------- C:\Program Files\Common Files\Kaspersky Lab<KASPER~1>
2007-01-15 15:57:17 0 d-------- C:\Program Files\Kaspersky Lab<KASPER~1>
2007-01-14 12:54:13 0 d-------- C:\Program Files\MyPortal
2007-01-14 11:14:04 0 d-------- C:\Documents and Settings\XXX\Dane aplikacji\Sun
2007-01-14 11:12:41 3050 --a------ C:\WINDOWS\mozver.dat
2007-01-14 11:12:18 0 d-------- C:\Program Files\Java
2007-01-14 11:04:20 0 d-------- C:\Program Files\Common Files\Java
2007-01-10 17:42:10 619 --a------ C:\WINDOWS\eReg.dat
2006-12-21 09:04:12 0 --a------ C:\WINDOWS\System32\CMMGR32.EXE
2006-12-21 08:49:51 2560 --a------ C:\WINDOWS\System32\BitCometRes.dll<BITCOM~1.DLL>
2006-12-20 21:27:38 126976 --a------ C:\WINDOWS\System32\UAService7.exe<UASERV~1.EXE>
2006-12-20 19:38:27 0 --a------ C:\WINDOWS\nsreg.dat
2006-12-20 19:37:19 713 --a------ C:\WINDOWS\unins000.dat
2006-12-20 19:28:37 274432 --a------ C:\WINDOWS\System32\imon.dll
2006-12-20 19:09:41 0 -rahs---- C:\MSDOS.SYS
2006-12-20 19:09:41 0 -rahs---- C:\IO.SYS
2006-12-20 19:09:41 0 --a------ C:\CONFIG.SYS
2006-12-20 19:09:41 0 --a------ C:\AUTOEXEC.BAT
2006-12-20 19:06:47 21856 --a------ C:\WINDOWS\System32\emptyregdb.dat<EMPTYR~1.DAT>
2006-12-20 19:00:26 62 --ahs---- C:\Documents and Settings\XXX\Dane aplikacji\desktop.ini


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Komunikator"="C:\\Program Files\\Tlen.pl\\tlen.exe"
"SpeedX"="C:\\PROGRA~1\\MyPortal\\Speed-X\\SpeedX.exe"
"Steam"="\"d:\\steam\\steam.exe\" -silent"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"zzzHPSETUP"="F:\\Setup.exe"
"Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"googletalk"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe /autostart"
"WOOWATCH"="C:\\PROGRA~1\\Wanadoo\\Watch.exe"
"WOOTASKBARICON"="C:\\PROGRA~1\\Wanadoo\\TaskbarIcon.exe"
"msvccc66"="svcchosst.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"msvccc66"="svcchosst.exe"


[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"pmsngr.exe"="C:\\Program Files\\Video ActiveX Object\\pmsngr.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=dword:00000001

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService REG_MULTI_SZ DnsCache\
rpcss REG_MULTI_SZ RpcSs\
imgsvc REG_MULTI_SZ StiSvc\
termsvcs REG_MULTI_SZ TermService\



-- End of ComboScan: finished at 2007-03-14 at 12:50:23 ------------------------


To chyba wszystko...

#7 morda

morda

    Expert Rank

  • Użytkownicy +
  • 3820 postów
  • Płeć:Mężczyzna

Napisano 14 03 2007 - 14:06

C:\Program Files\MalwareWiped\ FOUND !

Chyba zastosowałeś SmitfraudFix z opcji "1", bo SmitfraudFix ma to na swojej liście i powinien samoczynnie usunąć. I najlepiej będzie jeśli go zastosujesz.
Opcję "2" - czyli USUWANIE - stosuje się poprzez wklepanie cyfry 2 i klik Enter.
Jest jeszcze to:

C:\WINDOWS\System32\svcchosst.exe
O4 - HKLM\..\Run: [msvccc66] svcchosst.exe
O4 - HKLM\..\RunServices: [msvccc66] svcchosst.exe

Pozostało nieusunięte:

2007-03-08 23:03:44 0 d-a------ C:\Program Files\Common Files\{0088678C-069C-1045-0516-030212130030}<{00886~2>
2007-03-08 23:03:42 0 d-a------ C:\Program Files\Common Files\{0088678C-069B-1045-0516-030212130030}<{00886~1>
2007-01-24 12:34:07 0 d-a------ C:\Program Files\Common Files\{3088678C-069B-1045-0516-030212130030}<{30886~1>

W GMERze>>CMD>>CMD -->wklej: (jeśli wcześniej zastosujesz SmitfraudFix, to nie musisz wklejać wiersza z Wiped)

gmer -del file C:\Program Files\MalwareWiped
gmer -del file C:\WINDOWS\System32\svcchosst.exe
gmer -del file C:\Program Files\Common Files\{0088678C-069C-1045-0516-030212130030}
gmer -del file C:\Program Files\Common Files\{0088678C-069B-1045-0516-030212130030}
gmer -del file C:\Program Files\Common Files\{3088678C-069B-1045-0516-030212130030}
gmer -reboot

Kliknij Uruchom z prawej strony. Komputer powinien się wyłączyć i włączyć.
Potem>>GMER>>CMD>>tym razem REGEDIT -->wklej:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"msvccc66"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"msvccc66"=-
Kliknąć na Uruchom.
Daj nowy log z Comboscana. I z Smitfraudfix.




Użytkownicy przeglądający ten temat: 0

0 użytkowników, 0 gości, 0 anonimowych