trojan:win32/vb

**Posty:** 202 · przez **fenek73** 27 Kwi 2008, 10:26

Witam, mam anty wirusa : Windows Defender

I co jakis czas wyskakuje mi komunikat :

Bralem " Usun wszystko " i " Ignoruj " ale nadal wyskakuje...

Co mam zrobic ?

**Posty:** 7838 · przez **Lukesh** 27 Kwi 2008, 10:32

Zastosuj sie do wskazowek z tematu: http://forum.programosy.pl/bad-generic-host-process-for-win32-services-vt79489.html
:arrow:

Zrob skan on-line www.ewido.com
:arrow:

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

zastosuj:
SDFix

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt

:arrow:

Pokaz log z ComboFix: http://www.programosy.pl/program,combofix.html
:arrow:

na sam koniec wstaw logi z HJ: http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html

Defender to jedynie ochrona przed programami szpiegujacymi - spyware. Zainwestuj w dobrego antywirusa i firewalla, np Eset Smart Security, badz NOD32 + Outpost Firewall Pro, czy tez z bezplatnych - Comodo, Jetico...

**Posty:** 202 · przez **fenek73** 27 Kwi 2008, 11:21

Co do skanu online [www.ewido.com]

Mam cos takiego, kliknelem oczywiscie zainstaluj ale czekam i nic

**Posty:** 7838 · przez **Lukesh** 27 Kwi 2008, 11:43

Zastosuj sie do tego: http://arcaonline.arcabit.com/instruction_pl.html - oczywiscie dla Ewido (http://www.ewido.net)

**Posty:** 202 · przez **fenek73** 27 Kwi 2008, 13:51

2h pobierania aktualizacji a na koniec blad :roll:

**Posty:** 8001 · przez **Okocza** 27 Kwi 2008, 13:56

tak jak powiedział Lukesh

combofix i sdfix daj.

**Posty:** 7838 · przez **Lukesh** 27 Kwi 2008, 13:57

Czemu uzywasz skanera arcamicroscan, skoro mowilem, zebys uzyl EWIDO ? Ze strony ArcaVir miales jedynie skorzystac z instrukcji ustawienia przegladarki by zadzialal skaner Ewido!

Do zaufanych witryn dodaj: http://www.ewido.net , wlacz ActiveX i wtedy probuj skanowac!

**Posty:** 202 · przez **fenek73** 27 Kwi 2008, 15:30

SDFix: Version 1.175
Run by fenek73 on 2008-04-27 at 15:05

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\autorun.inf - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 15:12:18
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:91,3c,14,f2,ec,90,1d,d4,e9,85,3c,20,7a,7b,52,ca,3b,28,9c,c1,4f,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,65,b6,79,fc,93,c0,ae,56,e5,d2,55,56,23,a5,e2,1d,1b,..
"khjeh"=hex:b3,32,07,c7,c6,74,ca,64,72,08,bf,9e,71,e6,29,1c,19,ee,5e,a3,4a,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c4,db,8f,34,80,14,fd,3a,e8,c8,30,07,9f,23,4d,60,11,50,c9,45,85,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:91,3c,14,f2,ec,90,1d,d4,e9,85,3c,20,7a,7b,52,ca,3b,28,9c,c1,4f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,65,b6,79,fc,93,c0,ae,56,e5,d2,55,56,23,a5,e2,1d,1b,..
"khjeh"=hex:b3,32,07,c7,c6,74,ca,64,72,08,bf,9e,71,e6,29,1c,19,ee,5e,a3,4a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c4,db,8f,34,80,14,fd,3a,e8,c8,30,07,9f,23,4d,60,11,50,c9,45,85,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"D:\\fenek73\\Steam\\steamapps\\fenek73\\counter-strike\\hl.exe"="D:\\fenek73\\Steam\\steamapps\\fenek73\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 14 Sep 2006 20,480 ..SHR --- "C:\Recycled\Recycled\ctfmon.exe"

Finished!

Z ComboFixa nie dalem rady... Bo z 20 minut ciagle bylo 1 of 9

**Posty:** 18165 · przez **wojtas** 27 Kwi 2008, 20:06

to daj z dss'a

**Posty:** 202 · przez **fenek73** 28 Kwi 2008, 13:24

aDeckard's System Scanner v20071014.68
Run by fenek73 on 2008-04-28 13:22:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-28 13:22:56
Platform: Windows XP Dodatek Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Personal Firewall\kpf4ss.exe
C:\Program Files\Personal Firewall\kpf4gui.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Programy\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://arcaonline.arcabit.com (HKCU)
O15 - Trusted Zone: http://www.ewido.net (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{0D2AD958-0F68-4DA2-90C8-AB0E614CA939}: NameServer = 10.0.1.2,10.0.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Personal Firewall\kpf4ss.exe

--
End of file - 4373 bytes

-- Files created between 2008-03-28 and 2008-04-28 -----------------------------

2008-04-27 19:41:38 0 d-------- C:\Program Files\Personal Firewall
2008-04-27 16:46:03 0 d-------- C:\Program Files\Teamspeak2_RC2
2008-04-27 15:02:36 0 d-------- C:\WINDOWS\ERUNT
2008-04-27 12:02:28 0 d-------- C:\Program Files\ArcaMicroScan
2008-04-26 18:51:41 0 d-------- C:\Program Files\Google
2008-04-26 18:51:19 0 d-------- C:\Program Files\Skype
2008-04-26 18:51:19 0 d-------- C:\Program Files\Common Files\Skype
2008-04-26 17:52:25 0 d-------- C:\Program Files\Alex Buturuga
2008-04-26 16:36:49 0 d-------- C:\Program Files\RegCleaner
2008-04-26 16:00:19 68096 --a------ C:\WINDOWS\zip.exe
2008-04-26 16:00:19 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-26 16:00:19 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-26 16:00:19 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-26 16:00:19 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-26 16:00:19 98816 --a------ C:\WINDOWS\sed.exe
2008-04-26 16:00:19 80412 --a------ C:\WINDOWS\grep.exe
2008-04-26 16:00:19 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-26 15:43:17 38912 -ra------ C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2008-04-26 15:43:15 544768 -ra------ C:\WINDOWS\system32\imagx5.dll <Not Verified; Pegasus Software, LLC; ImagXpress>
2008-04-26 15:43:15 569344 -ra------ C:\WINDOWS\system32\imagr5.dll <Not Verified; Pegasus Software,LLC; ImagXpress>
2008-04-26 15:43:12 0 d-------- C:\Program Files\Common Files\Ahead
2008-04-26 15:43:11 155648 -ra------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-04-26 15:43:07 0 d-------- C:\Program Files\Ahead
2008-04-26 14:57:01 245760 -----n--- C:\WINDOWS\system32\DECO_32.DLL <Not Verified; Iterated Systems, Inc.; >
2008-04-26 14:56:54 0 d-------- C:\Program Files\WSPWNOUP2006
2008-04-26 14:56:21 307200 --a------ C:\WINDOWS\IsUn0415.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-04-26 14:54:31 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-04-26 14:50:30 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-26 13:00:19 0 d-------- C:\WINDOWS\system32\pl-pl
2008-04-26 12:54:38 0 d-------- C:\WINDOWS\network diagnostic
2008-04-26 12:37:23 0 d-------- C:\Program Files\Gadu-Gadu
2008-04-26 12:15:15 0 d-------- C:\Program Files\XP Codec Pack
2008-04-26 12:13:57 0 d-------- C:\WINDOWS\RegisteredPackages
2008-04-26 12:12:08 0 d-------- C:\Program Files\Winamp
2008-04-26 12:10:20 1169 --a------ C:\WINDOWS\mozver.dat
2008-04-26 12:01:16 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-26 11:48:02 0 d-------- C:\Program Files\SiS7012
2008-04-26 11:47:07 0 d-------- C:\Program Files\sisagp
2008-04-26 11:40:48 0 d-------- C:\Program Files\MarPlayer
2008-04-26 11:39:08 0 d-------- C:\WINDOWS\system32\PreInstall
2008-04-26 11:39:05 0 d--h----- C:\WINDOWS\$hf_mig$
2008-04-26 11:38:51 520192 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-04-26 11:38:34 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-04-26 11:38:15 0 d-------- C:\Program Files\ATI Technologies
2008-04-26 11:38:11 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-26 11:23:18 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-26 11:22:58 0 d-------- C:\ATI
2008-04-26 11:05:34 0 d-------- C:\Program Files\Windows Defender
2008-04-26 10:42:49 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-04-25 22:58:28 0 d--hs---- C:\WINDOWS\Installer
2008-04-25 22:58:26 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-25 22:58:22 0 dr------- C:\Program Files
2008-04-25 22:58:22 0 d-------- C:\Program Files\Common Files
2008-04-25 22:58:22 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-25 22:57:30 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-04-25 22:57:30 0 d-------- C:\WINDOWS\system32\CatRoot
2008-04-25 22:56:56 0 d-------- C:\Documents and Settings
2008-04-25 22:56:55 0 d--hs---- C:\System Volume Information
2008-04-25 22:48:52 0 d-------- C:\WINDOWS
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\WinSxS
2008-04-25 22:48:52 0 dr------- C:\WINDOWS\Web
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\twain_32
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\system32
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\system32\wins
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\system32\wbem
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\system32\usmt
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\system32\spool
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\system32\ShellExt
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\system32\Setup
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\system32\ras
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\system32\oobe
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\system32\npp
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\system32\mui
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\system32\inetsrv
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\system32\IME
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\system32\icsxml
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\system32\ias
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\system32\export
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\system32\drivers
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-04-25 22:48:52 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\system32\dhcp
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\system32\config
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\system32\3076
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\system32\2052
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\system32\1054
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\system32\1045
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\system32\1042
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\system32\1041
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\system32\1037
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\system32\1033
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\system32\1031
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\system32\1028
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\system32\1025
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\system
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\security
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\Resources
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\repair
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\Provisioning
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\PeerNet
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\pchealth
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\mui
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\msapps
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\msagent
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\Media
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\java
2008-04-25 22:48:52 0 d--h----- C:\WINDOWS\inf
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\ime
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\Help
2008-04-25 22:48:52 0 dr--s---- C:\WINDOWS\Fonts
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\Driver Cache
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\Debug
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\Cursors
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\Connection Wizard
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\Config
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\AppPatch
2008-04-25 22:48:52 0 d-------- C:\WINDOWS\addins
2008-04-25 21:25:30 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-04-25 21:24:33 0 d-------- C:\WINDOWS\Prefetch
2008-04-25 21:24:21 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-04-25 21:19:18 0 d-------- C:\WINDOWS\system32\xircom
2008-04-25 21:19:18 0 d-------- C:\Program Files\microsoft frontpage
2008-04-25 21:19:01 0 -rahs---- C:\MSDOS.SYS
2008-04-25 21:19:01 0 -rahs---- C:\IO.SYS
2008-04-25 21:19:01 0 --a------ C:\CONFIG.SYS
2008-04-25 21:19:01 0 --a------ C:\AUTOEXEC.BAT
2008-04-25 21:17:07 0 dr------- C:\WINDOWS\Offline Web Pages
2008-04-25 21:17:07 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-04-25 21:16:49 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-25 21:16:43 0 d-------- C:\Program Files\Usługi online
2008-04-25 21:16:23 0 d-------- C:\WINDOWS\system32\DirectX
2008-04-25 21:15:45 0 d---s---- C:\WINDOWS\Tasks
2008-04-25 21:15:44 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-25 21:15:41 0 d-------- C:\WINDOWS\srchasst
2008-04-25 21:15:40 0 d-------- C:\WINDOWS\system32\Macromed
2008-04-25 21:15:32 0 d-------- C:\Program Files\Movie Maker
2008-04-25 21:15:24 0 d-------- C:\WINDOWS\system32\Restore
2008-04-25 21:15:03 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-25 21:14:38 0 d-------- C:\WINDOWS\Registration
2008-04-25 21:13:40 0 d-------- C:\Program Files\Messenger
2008-04-25 21:13:36 0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-25 21:13:06 0 d-------- C:\Program Files\Windows NT
2008-04-25 21:13:03 0 d-------- C:\WINDOWS\system32\MsDtc
2008-04-25 21:13:01 0 d-------- C:\WINDOWS\system32\Com

-- Find3M Report ---------------------------------------------------------------

2008-04-27 16:50:53 0 d-------- C:\Documents and Settings\fenek73\Dane aplikacji\teamspeak2
2008-04-27 11:05:05 0 d-------- C:\Documents and Settings\fenek73\Dane aplikacji\Google
2008-04-27 10:06:45 0 d-------- C:\Documents and Settings\fenek73\Dane aplikacji\Skype
2008-04-27 10:05:44 0 d-------- C:\Documents and Settings\fenek73\Dane aplikacji\skypePM
2008-04-26 17:46:04 0 d-------- C:\Documents and Settings\fenek73\Dane aplikacji\Winamp
2008-04-26 15:45:36 0 d-------- C:\Documents and Settings\fenek73\Dane aplikacji\Ahead
2008-04-26 14:50:19 0 d-------- C:\Documents and Settings\fenek73\Dane aplikacji\DAEMON Tools
2008-04-26 13:22:21 454178 --a------ C:\WINDOWS\system32\perfh015.dat
2008-04-26 13:22:21 76208 --a------ C:\WINDOWS\system32\perfc015.dat
2008-04-26 13:18:51 0 d-------- C:\Documents and Settings\fenek73\Dane aplikacji\Media Player Classic
2008-04-26 12:39:34 0 d-------- C:\Documents and Settings\fenek73\Dane aplikacji\Gadu-Gadu
2008-04-26 12:10:29 0 d-------- C:\Documents and Settings\fenek73\Dane aplikacji\Macromedia
2008-04-26 12:10:28 0 d-------- C:\Documents and Settings\fenek73\Dane aplikacji\Adobe
2008-04-26 12:01:09 0 d-------- C:\Documents and Settings\fenek73\Dane aplikacji\Mozilla
2008-04-26 11:52:35 0 d-------- C:\Documents and Settings\fenek73\Dane aplikacji\ATI
2008-04-25 22:57:49 62 --ahs---- C:\Documents and Settings\fenek73\Dane aplikacji\desktop.ini
2008-04-25 21:35:18 0 d-------- C:\Documents and Settings\fenek73\Dane aplikacji\Identities
2008-03-06 16:29:44 962560 --a------ C:\WINDOWS\system32\VSFilter.dll <Not Verified; Gabest; VSFilter>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

-- End of Deckard's System Scanner: finished at 2008-04-28 13:24:30 ------------

**Posty:** 18165 · przez **wojtas** 28 Kwi 2008, 16:49

Czysto, wykonaj:

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp

2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem

**Posty:** 202 · przez **fenek73** 28 Kwi 2008, 17:52

wojtas, zajrzyj tutaj http://forum.programosy.pl/-vp736337.html#736337

**Posty:** 18165 · przez **wojtas** 28 Kwi 2008, 18:02

temat uważam za zamkniety

masz jakis problem jeszcze?

Autor postu otrzymał pochwałę

**Posty:** 202 · przez **fenek73** 28 Kwi 2008, 18:23

Mozna zamknac, w sumie nie wyskakuje juz ten komunikat

Dzieki wojtas

trojan:win32/vb

Trojan:Win32/VB

Kto jest na forum