prosze o sprawdzenie loga.

**Posty:** 219 · przez **Vandar** 27 Mar 2007, 14:58

Witam. Ostatnio moj komputer zaczal sie mulic. Gry chodza wyraznie wolniej. Gdy walczam np. WoWa, loguje sie, wybieram postac, gra sie laduje i po zaladowaniu, jest strasznie zamulona, rwie sie przez jakas minute zanim zacznie normlanie chodzic, dodatkowo gdy przechodze przez jakeis miasto gdzie jest duzo innych graczy rwie sie nie milosiernie, dodam ze kiedys czegos takiego nie bylo, wszytko chodzilo normalnie. Gdy wychodze z gry, komputer rowniez muli z jakas minute albo czasem dluzej

i nie chodzi tu tlyko o WoWa bo z innymi grami jest tak samo.

Wklejam loga z HiJackThis:

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 14:45:27, on 2007-03-27 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Common Files\{D4860130-05BA-1045-0415-020502030030}\Update.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Tlen.pl\tlen.exe C:\Program Files\Ipwindows\ipwins.exe C:\Program Files\PLANET WL-8314\WLANMON.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\SLEE81.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Bond\Pulpit\HIJACK\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isaddon.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: (no name) - {A6984C00-C6EB-11D4-B4A4-080000180323} - C:\PROGRA~1\Rapidown\rapi310.dll O3 - Toolbar: 3DNA Toolbar - {2ECB7FB2-0333-416F-92FD-4904AD49252B} - C:\WINDOWS\system32\3DNATO~1.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [{D4860130-05BA-1045-0415-020502030030}] "C:\Program Files\Common Files\{D4860130-05BA-1045-0415-020502030030}\Update.exe" mc-110-12-0000272 O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\updReg.EXE O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [SAFESE7] "D:\Program Files\Steganos Safe 7 SE\SAFESE7.exe" -boot O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe O4 - Startup: Rapidown.lnk = C:\Program Files\Rapidown\rapidown.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WL-8314 Configuration Utility.lnk = ? O8 - Extra context menu item: Baixar com o Rapidown... - C:\Program Files\Rapidown\RapidownGet.htm O8 - Extra context menu item: Baixar tudo com o Rapidown... - C:\Program Files\Rapidown\RapidownGetAll.htm O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\Rapidown.exe (file missing) O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\Rapidown.exe (file missing) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://C:\foo.mht!http://johpoa.freehostia.com//fotki//targ.chm::/win32.exe O20 - Winlogon Notify: winrpf32 - C:\WINDOWS\SYSTEM32\winrpf32.dll O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - C:\WINDOWS\System32\gwquvw.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing) O23 - Service: Steganos Live Encryption Engine 8.1 [Service] (SLEE_81_SERVICE) - Unknown owner - C:\WINDOWS\System32\SLEE81.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

**Posty:** 8694 · przez **Red** 27 Mar 2007, 15:22

usun:

C:\Program Files\Ipwindows\ipwins.exe
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isaddon.dll (file missing)
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O4 - HKLM\..\Run: [{D4860130-05BA-1045-0415-020502030030}] "C:\Program Files\Common Files\{D4860130-05BA-1045-0415-020502030030}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O20 - Winlogon Notify: winrpf32 - C:\WINDOWS\SYSTEM32\winrpf32.dll
O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - C:\WINDOWS\System32\gwquvw.dll
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

to co pogrubione usuniesz recznie z dysku,wpisy zaznacz w hijacku i zafixuj...po usuwaniu daj log do kontroli raz jeszcze

**Posty:** 219 · przez **Vandar** 27 Mar 2007, 15:31

Niestety nie moge, usunac tych plikow, wyskakuje okienko i pisze Odmowa dostepu

Mam to sporbowac usunac w trybie awaryjnym czy moze jakims programem? A te logi to moge usunac juz teraz czy po usunieciu plikow??

**Posty:** 8694 · przez **Red** 27 Mar 2007, 15:35

usuwasz w trybie awaryjnym,wiadomo.....wszystko

**Posty:** 219 · przez **Vandar** 27 Mar 2007, 19:35

Red napisał(a):usun:

C:\Program Files\Ipwindows\ipwins.exe
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isaddon.dll (file missing)
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O4 - HKLM\..\Run: [{D4860130-05BA-1045-0415-020502030030}] "C:\Program Files\Common Files\{D4860130-05BA-1045-0415-020502030030}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O20 - Winlogon Notify: winrpf32 - C:\WINDOWS\SYSTEM32\winrpf32.dll
O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - C:\WINDOWS\System32\gwquvw.dll
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

to co pogrubione usuniesz recznie z dysku,wpisy zaznacz w hijacku i zafixuj...po usuwaniu daj log do kontroli raz jeszcze

C:\Program Files\Ipwindows\ipwins.exe - usunalem
C:\Program Files\webHancer\Programs\whagent.exe - usunalem
C:\WINDOWS\System32\gwquvw.dll - nie moge tegp usunac, dalej opkazuje odmowa dostepu
C:\WINDOWS\SYSTEM32\winrpf32.dll - tego mi nie znajduje w trybie awaryjnym

Wpisow jeszcze nie usuwalem, ale po usunieciu tego co udalo mi sie usunac, przestal dzialac mi internet, z niewiadomych powodow. na gg pokazuje ze cos jest nie tak z portem. Niestety nie wlaczylem przywracania systemu wiec teraz nie moge tego przywrocic

Czy da sie to jakos cofnac? lub co zrobic zeby znowu meic internet. (pisze teraz od kolegi)

**Posty:** 18165 · przez **wojtas** 27 Mar 2007, 20:13

pokaz nowe logi

**Posty:** 8694 · przez **Red** 27 Mar 2007, 20:25

Do przywrocenia internetu sciagnij i zastosuj:

http://www.tacktech.com/display.cfm?ttid=257

zadziała na bank....i dajesz raz jeszcze log do sprawdzenia.

**Posty:** 219 · przez **Vandar** 27 Mar 2007, 22:20

Witam ponownie

Red Ten twoj programik nie pomogl, ale neta juz sobie zrobilem

Przeinstalowalem all karte i program do neta bo mam radiowke i smiga

Aha i zamieszczam nowego loga, po sprawdzeniu wszytkiego

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 22:09:56, on 2007-03-27 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\PLANET WL-8314\WLANMON.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\SLEE81.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Tlen.pl\tlen.exe C:\Program Files\Winamp\winamp.exe C:\Documents and Settings\Bond\Pulpit\HIJACK\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: (no name) - {A6984C00-C6EB-11D4-B4A4-080000180323} - C:\PROGRA~1\Rapidown\rapi310.dll O3 - Toolbar: 3DNA Toolbar - {2ECB7FB2-0333-416F-92FD-4904AD49252B} - C:\WINDOWS\system32\3DNATO~1.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\updReg.EXE O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [SAFESE7] "D:\Program Files\Steganos Safe 7 SE\SAFESE7.exe" -boot O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe O4 - Startup: Rapidown.lnk = C:\Program Files\Rapidown\rapidown.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WL-8314 Configuration Utility.lnk = ? O8 - Extra context menu item: Baixar com o Rapidown... - C:\Program Files\Rapidown\RapidownGet.htm O8 - Extra context menu item: Baixar tudo com o Rapidown... - C:\Program Files\Rapidown\RapidownGetAll.htm O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\Rapidown.exe (file missing) O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\Rapidown.exe (file missing) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://C:\foo.mht!http://johpoa.freehostia.com//fotki//targ.chm::/win32.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing) O23 - Service: Steganos Live Encryption Engine 8.1 [Service] (SLEE_81_SERVICE) - Unknown owner - C:\WINDOWS\System32\SLEE81.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Ide jeszcze zobaczyc jak gry chodza

Dzieki zapomoc!

Aha i jeszcze chcialbym przerposci za kolesia o nicku Szczala ktory pisal tu jakies glupoty, to moj nie dorozwiniety kolega, kotremu wpadl do glowy taki genialny pomysl jak zobaczyl to forum gdy pisalem u niego posta

[ Dodano: Dzisiaj o 21:42 ]
Gry chodza lepiej

**Posty:** 18165 · przez **wojtas** 27 Mar 2007, 22:49

najpierw:

start>urchom> wpisz msconfig> zakladka uruchamianie> wylacz progsy ktore nie chcesz zeby startowaly z systemem

nastepnie:

Start -> uruchom -> services.msc -> zatrzymaj i wyłącz usługe Power Manager
Otwórz hijackthis -> open misc tools section -> delete a NT service -> wpisz PowerManager i ok

skasuj:

O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://C:\foo.mht!http://johpoa.freehostia.com//fotki//targ.chm::/win32.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

zobacz czy w

C:\WINDOWS

nie ma pliku svchost.exe
jesli bedzie to skasuj go do kosza

zastosuj:

http://wirusy.antivirenkit.pl/pl/szczepionki/Jeefo.html

potem nowy log z hj, silent runners i comboscan:

http://www.techsupportforum.com/sectools/Deckard/comboscan.exe

**Posty:** 219 · przez **Vandar** 28 Mar 2007, 00:49

HIJACKTHIS

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 23:53:25, on 2007-03-27 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\PLANET WL-8314\WLANMON.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\SLEE81.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Tlen.pl\tlen.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\WScript.exe C:\Documents and Settings\Bond\Pulpit\HIJACK\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F2 - REG:system.ini: Shell=explorer.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: (no name) - {A6984C00-C6EB-11D4-B4A4-080000180323} - C:\PROGRA~1\Rapidown\rapi310.dll O3 - Toolbar: 3DNA Toolbar - {2ECB7FB2-0333-416F-92FD-4904AD49252B} - C:\WINDOWS\system32\3DNATO~1.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\updReg.EXE O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WL-8314 Configuration Utility.lnk = ? O8 - Extra context menu item: Baixar com o Rapidown... - C:\Program Files\Rapidown\RapidownGet.htm O8 - Extra context menu item: Baixar tudo com o Rapidown... - C:\Program Files\Rapidown\RapidownGetAll.htm O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\Rapidown.exe (file missing) O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\Rapidown.exe (file missing) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Steganos Live Encryption Engine 8.1 [Service] (SLEE_81_SERVICE) - Unknown owner - C:\WINDOWS\System32\SLEE81.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Narazie logi tylko z tego. I mam ogromne pytanie, jak dlugo ten Silent Runners skanuje kompa?? Bo nie owiera sie jako zadna aplikacja, niby skanuje, ale skanuje juz ponad 40 minut, prawie godzine i wydaje mi sie ze skanuje dalej bo wykorzystanie proca wskakuje co kilkasekund na 100%. Jak dlugo to jeszcze potrwa??

[ Dodano: Dzisiaj o 0:00 ]
Ok zeskanowalo

SILENT RUNNERS

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"" ["Nero AG"] "Komunikator" = "C:\Program Files\Tlen.pl\tlen.exe" ["o2.pl Sp. z o.o."] HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++} "none" = "C:\Program Files\Video ActiveX Object\pmsngr.exe" [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "NeroFilterCheck" = "C:\WINDOWS\System32\NeroCheck.exe" ["Ahead Software Gmbh"] "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "PCSuiteTrayApplication" = "D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray" ["Nokia"] "DataLayer" = "C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" ["Nokia Mobile Phones Ltd."] "Zone Labs Client" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"] "RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"" ["Sun Microsystems, Inc."] "UpdReg" = "C:\WINDOWS\updReg.EXE" [file not found] "Anti Trojan Elite" = "C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO" [file not found] "avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data] "MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS] HKLM\Software\Microsoft\Active Setup\Installed Components\ {306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided) \StubPath = ""C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar Helper" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."] {A5366673-E8CA-11D3-9CD9-0090271D075B}\(Default) = (no title provided) -> {HKLM...CLSID} = "IeCatch2 Class" \InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\jccatch.dll" ["Amaze Soft"] {A6984C00-C6EB-11D4-B4A4-080000180323}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\PROGRA~1\Rapidown\rapi310.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {HKLM...CLSID} = "AlcoholShellEx" \InProcServer32\(Default) = "D:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"] "{40950107-FEA6-4d53-A65F-B2DCBA57DD58}" = "Nokia Phone Browser" -> {HKLM...CLSID} = "Nokia Phone Browser" \InProcServer32\(Default) = "D:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"] "{FBFE7864-D495-41f0-B7DC-4BB601CC295E}" = "Contact View" -> {HKLM...CLSID} = "Contact View" \InProcServer32\(Default) = "D:\Program Files\Nokia\Nokia PC Suite 6\ContactView.dll" ["Nokia"] "{C0C4375A-5B72-4efe-929D-3B848C3A1E91}" = "Message View" -> {HKLM...CLSID} = "Message View" \InProcServer32\(Default) = "D:\Program Files\Nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\Documents and Settings\Bond\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\WINDOWS\IrfanView_Wallpaper.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssmypics.scr" [MS] Startup items in "Bond" & "All Users" startup folders: ------------------------------------------------------ C:\Documents and Settings\All Users\Menu Start\Programy\Autostart "Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" [null data] "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS] "WL-8314 Configuration Utility" -> shortcut to: "C:\Program Files\PLANET WL-8314\WLANMON.exe" ["PLANET Technology Corp."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 28 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{2ECB7FB2-0333-416F-92FD-4904AD49252B}" = "3DNA Toolbar" -> {HKLM...CLSID} = "3DNA Toolbar" \InProcServer32\(Default) = "C:\WINDOWS\system32\3DNATO~1.DLL" [empty string] "{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet Bar" -> {HKLM...CLSID} = "FlashGet Bar" \InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\fgiebar.dll" ["Amaze Soft"] "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.5.0_11" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_11" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll" ["Sun Microsystems, Inc."] {57E91B47-F40A-11D1-B792-444553540011}\ "ButtonText" = "Rapidown" "MenuText" = "Rapidown" "Exec" = "C:\Program Files\Rapidown\Rapidown.exe" [file not found] {D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\ "ButtonText" = "FlashGet" "MenuText" = "&FlashGet" "Exec" = "C:\PROGRA~1\FlashGet\flashget.exe" ["Amaze Soft"] Miscellaneous IE Hijack Points ------------------------------ HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ <<H>> "TuneUp" = "file://C|/Documents and Settings/All Users/Dane aplikacji/TuneUp Software/Common/base.css" [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."] avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data] avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data] avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"] avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"] BlueSoleil Hid Service, BlueSoleil Hid Service, "C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe" [null data] Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS] Steganos Live Encryption Engine 8.1 [Service], SLEE_81_SERVICE, "C:\WINDOWS\System32\SLEE81.exe" [null data] TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS] ---------- <<!>>: Suspicious data at a malware launch point. <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 390 seconds. ---------- (total run time: 3845 seconds)

[ Dodano: Dzisiaj o 0:12 ]
COMBOSCAN

ComboScan:

Kod: Zaznacz wszystko: ComboScan v20070306.20 run by Bond on 2007-03-28 at 00:57:35 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created ComboScan Restore Point. -- Last 5 Restore Point(s) -- 5: 2007-03-27 22:57:55 UTC - RP5 - ComboScan Restore Point 4: 2007-03-27 20:01:13 UTC - RP4 - Instalacja niepodpisanego sterownika 3: 2007-03-27 19:57:19 UTC - RP3 - Installed PLANET WL-8314 2: 2007-03-27 19:57:01 UTC - RP2 - Removed PLANET WL-8314 1: 2007-03-27 13:56:56 UTC - RP1 - Punkt kontrolny systemu Performed disk cleanup. -- HijackThis (run as Bond.exe) ------------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 00:59:19, on 2007-03-28 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\PLANET WL-8314\WLANMON.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\SLEE81.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Documents and Settings\Bond\Pulpit\COMBOSCAN\comboscan.exe C:\DOCUME~1\Bond\Pulpit\HIJACK\Bond.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F2 - REG:system.ini: Shell=explorer.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: (no name) - {A6984C00-C6EB-11D4-B4A4-080000180323} - C:\PROGRA~1\Rapidown\rapi310.dll O3 - Toolbar: 3DNA Toolbar - {2ECB7FB2-0333-416F-92FD-4904AD49252B} - C:\WINDOWS\system32\3DNATO~1.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\updReg.EXE O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WL-8314 Configuration Utility.lnk = ? O8 - Extra context menu item: Baixar com o Rapidown... - C:\Program Files\Rapidown\RapidownGet.htm O8 - Extra context menu item: Baixar tudo com o Rapidown... - C:\Program Files\Rapidown\RapidownGetAll.htm O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\Rapidown.exe (file missing) O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\Rapidown.exe (file missing) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Steganos Live Encryption Engine 8.1 [Service] (SLEE_81_SERVICE) - Unknown owner - C:\WINDOWS\System32\SLEE81.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- HijackThis Fixed Entries (C:\DOCUME~1\Bond\Pulpit\HIJACK\backups\) ---------- backup-20070327-163645-610 O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe backup-20070327-210220-193 O4 - HKLM\..\Run: [{D4860130-05BA-1045-0415-020502030030}] "C:\Program Files\Common Files\{D4860130-05BA-1045-0415-020502030030}\Update.exe" mc-110-12-0000272 backup-20070327-210220-348 O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing) backup-20070327-210220-413 O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isaddon.dll (file missing) backup-20070327-210220-462 O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - C:\WINDOWS\System32\gwquvw.dll backup-20070327-210220-496 O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file) backup-20070327-210220-588 O20 - Winlogon Notify: winrpf32 - winrpf32.dll (file missing) backup-20070327-230730-718 O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://C:\foo.mht!http://johpoa.freehostia.com//fotki//targ.chm::/win32.exe -- File Associations ----------------------------------------------------------- .bat - batfile - "%1" %* .chm - chm.file - "C:\WINDOWS\hh.exe" %1 .cmd - cmdfile - "%1" %* .com - comfile - "%1" %* .exe - exefile - "%1" %* .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1 .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1 .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1 [COLOR=red].js - JSFile - unable to read value[/COLOR] .lnk - lnkfile - {00021401-0000-0000-C000-000000000046} .pif - piffile - "%1" %* .reg - regfile - regedit.exe "%1" .scr - scrfile - "%1" /S .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1 .vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 0R a347bus - C:\WINDOWS\system32\drivers\a347bus.sys 0R a347scsi - C:\WINDOWS\system32\drivers\a347scsi.sys 1R Aavmker4 (avast! Asynchronous Virus Monitor) - C:\WINDOWS\system32\drivers\aavmker4.sys 3R ALCXWDM (Service for Avance AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS 1R AmdK7 (Sterownik procesora AMD K7) - C:\WINDOWS\system32\drivers\amdk7.sys 2R aswMon2 (avast! Standard Shield Support) - C:\WINDOWS\system32\drivers\aswmon2.sys 3R aswRdr - C:\WINDOWS\system32\drivers\aswRdr.sys 1R aswTdi (avast! Network Shield Support) - C:\WINDOWS\system32\drivers\aswTdi.sys 3S ATE_PROCMON - C:\Program Files\Anti Trojan Elite\ATEPMon.sys (not found) 3R ati2mtag - C:\WINDOWS\system32\drivers\ati2mtag.sys 1S ATITool (ATITool Overclocking Utility) - C:\WINDOWS\system32\drivers\ATITool.sys 3S AvFlt (Antivirus Filter Driver) - C:\WINDOWS\System32\drivers\av5flt.sys (not found) 3S bdfdll - C:\Program Files\Softwin\BitDefender9\bdfdll.sys (not found) 3S BDFsDrv - C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys (not found) 2S BDRsDrv - C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys (not found) 3R BlueletAudio (Bluetooth Audio Service) - C:\WINDOWS\system32\drivers\blueletaudio.sys 3S BRIDGE (Mostek MAC) - C:\WINDOWS\system32\drivers\bridge.sys 3S BridgeMP (Miniport mostka MAC) - C:\WINDOWS\system32\drivers\bridge.sys 3R BT (Bluetooth PAN Network Adapter) - C:\WINDOWS\system32\drivers\BtNetDrv.sys 3S Btcsrusb (Bluetooth USB For Bluetooth Service) - C:\WINDOWS\system32\drivers\btcusb.sys 3R BTHidEnum (Bluetooth HID Enumerator) - C:\WINDOWS\system32\drivers\vbtenum.sys 0R BTHidMgr (Bluetooth HID Manager Service) - C:\WINDOWS\system32\drivers\BTHidMgr.sys 3S BTNetFilter (Bluetooth Network Filter) - C:\WINDOWS\system32\drivers\BTNetFilter.sys 3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\system32\drivers\ccdecode.sys 2S FILESpy - C:\Program Files\Softwin\BitDefender9\filespy.sys (not found) 3S GVCplDrv - C:\WINDOWS\system32\drivers\GVCplDrv.sys 3S HidUsb (Sterownik Microsoft klasy HID) - C:\WINDOWS\system32\drivers\hidusb.sys 4S InCDFs (InCD File System) - C:\WINDOWS\System32\drivers\InCDFs.sys (not found) 1S InCDPass - C:\WINDOWS\System32\drivers\InCDPass.sys (not found) 1S InCDRm (InCD Reader) - C:\WINDOWS\System32\drivers\InCDRm.sys (not found) 1R kbdhid (Sterownik klawiatury HID) - C:\WINDOWS\system32\drivers\kbdhid.sys 3R mouhid (Sterownik myszy HID) - C:\WINDOWS\system32\drivers\mouhid.sys 3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\system32\drivers\mstee.sys 3R ms_mpu401 (Sterownik portu MIDI UART Microsoft MPU-401) - C:\WINDOWS\system32\drivers\msmpu401.sys 3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers\nabtsfec.sys 3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\system32\drivers\ndisip.sys 2R NwlnkIpx (Protokół transportowy zgodny z NWLink IPX/SPX/NetBIOS) - C:\WINDOWS\system32\drivers\nwlnkipx.sys 2R NwlnkNb (System NetBIOS NWLink) - C:\WINDOWS\system32\drivers\nwlnknb.sys 2R NwlnkSpx (Protokół NWLink SPX/SPXII) - C:\WINDOWS\system32\drivers\nwlnkspx.sys 2R PavProc (Panda Process Protection Driver) - C:\WINDOWS\system32\drivers\PavProc.sys 0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys 3S Rasirda (WAN Miniport (IrDA)) - C:\WINDOWS\system32\drivers\rasirda.sys 2S REGSpy - C:\Program Files\Softwin\BitDefender9\regspy.sys (not found) 3R ROOTMODEM (Microsoft Legacy Modem Driver) - C:\WINDOWS\system32\drivers\rootmdm.sys 3R rtl8139 (Sterownik NT karty Realtek RTL8139(A/B/C)-based PCI Fast Ethernet) - C:\WINDOWS\system32\drivers\RTL8139.sys 0R sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - C:\WINDOWS\system32\drivers\sfdrv01.sys 0R sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - C:\WINDOWS\system32\drivers\sfhlp02.sys 0R sfsync03 (StarForce Protection Synchronization Driver (version 3.x)) - C:\WINDOWS\system32\drivers\sfsync03.sys 1R ShldDrv (Panda File Shield Driver) - C:\WINDOWS\system32\drivers\ShldDrv.sys 2R SLEE_81_DRIVER (Steganos Live Encryption Engine 8.1 [Driver]) - C:\WINDOWS\system32\drivers\slee81.sys 3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\slip.sys 3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\streamip.sys 3R VComm (Virtual Serial port driver) - C:\WINDOWS\system32\drivers\VComm.sys 3R VcommMgr (Bluetooth VComm Manager Service) - C:\WINDOWS\system32\drivers\VcommMgr.sys 3R VHidMinidrv (Bluetooth HID Device Service) - C:\WINDOWS\system32\drivers\VHIDMini.sys 0R viaagp (Filtr magistrali AGP VIA) - C:\WINDOWS\system32\drivers\VIAAGP.SYS 3S VIAIRDA (Sterownik urządzenia podczerwieni VIA) - C:\WINDOWS\system32\drivers\viairda.sys 1R vsdatant - C:\WINDOWS\system32\vsdatant.sys 3R W8335XP (PLANET WL-8314) - C:\WINDOWS\system32\drivers\MRV8335XP.sys 3S WS2IFSL (Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0) - C:\WINDOWS\system32\drivers\ws2ifsl.sys 3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\system32\drivers\wstcodec.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- 3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe 2R aswUpdSv (avast! iAVS4 Control Service) - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" 2R Ati HotKey Poller - C:\WINDOWS\System32\Ati2evxx.exe 2S ATI Smart - C:\WINDOWS\system32\ati2sgag.exe 2R avast! Antivirus - "C:\Program Files\Alwil Software\Avast4\ashServ.exe" 3R avast! Mail Scanner - "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service 3R avast! Web Scanner - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service 2R BlueSoleil Hid Service - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe 3S IDriverT (InstallDriver Table Manager) - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 4S PavPrSrv (Panda Process Protection Service) - "C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe" 3S SCardDrv (Pomocnik karty inteligentnej) - C:\WINDOWS\System32\SCardSvr.exe 2R SLEE_81_SERVICE (Steganos Live Encryption Engine 8.1 [Service]) - C:\WINDOWS\System32\SLEE81.exe 2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\System32\wdfmgr.exe 2R uploadmgr (Menedżer przekazywania) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R vsmon (TrueVector Internet Monitor) - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service -- Files created between 2007-02-28 and 2007-03-28 ----------------------------- 2007-03-27 21:57:20 0 d-------- C:\Program Files\PLANET WL-8314<PLANET~1> 2007-03-27 21:57:19 253696 --a------ C:\WINDOWS\System32\drivers\MRV8335XP.sys<MRV833~1.SYS> 2007-03-27 20:40:18 0 d-------- C:\ERDNT 2007-03-27 16:22:55 0 d-------- C:\Program Files\BearShare<BEARSH~1> 2007-03-12 22:08:04 0 d-------- C:\Program Files\OpenSource Flash Video Splitter<OPENSO~1> 2007-03-12 22:08:01 0 d-------- C:\Program Files\RealMedia<REALME~1> 2007-03-12 22:07:53 0 d-------- C:\Program Files\Haali 2007-03-11 19:08:02 0 d-------- C:\Tlen_pliki<TLEN_P~1> -- Find3M Report --------------------------------------------------------------- 2007-03-28 00:55:54 0 d-------- C:\Documents and Settings\Bond\Dane aplikacji\Tlen.pl 2007-03-27 22:02:26 436322 --a------ C:\WINDOWS\System32\perfh015.dat 2007-03-27 22:02:26 67298 --a------ C:\WINDOWS\System32\perfc015.dat 2007-03-27 21:57:19 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1> 2007-03-27 16:26:02 0 d-------- C:\Program Files\Common Files\{D4860130-05BA-1045-0415-020502030030}<{D4860~1> 2007-03-26 16:50:17 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1> 2007-03-26 16:50:05 0 d-------- C:\Documents and Settings\Bond\Dane aplikacji\Skype 2007-03-24 23:32:26 0 d-------- C:\Program Files\FlashGet 2007-03-16 14:52:26 0 d-------- C:\Program Files\Skype 2007-03-07 14:52:46 0 d-------- C:\Program Files\mIRC 2007-03-05 13:08:03 0 d-------- C:\Program Files\Java 2007-02-26 19:37:31 0 d-------- C:\Program Files\ReflexiveArcade<REFLEX~1> 2007-02-20 17:59:47 0 d-------- C:\Program Files\WowReader<WOWREA~1> 2007-02-20 17:51:51 0 d-------- C:\Program Files\Gadu-Gadu<GADU-G~1> 2007-02-17 19:07:00 0 d-------- C:\Documents and Settings\Bond\Dane aplikacji\Apple Computer<APPLEC~1> 2007-02-17 19:03:09 0 d-------- C:\Program Files\QuickTime<QUICKT~1> 2007-02-14 22:55:15 0 d-------- C:\Program Files\Rapidown 2007-02-14 22:29:08 0 d-------- C:\Program Files\KeyLogger<KEYLOG~1> 2007-02-12 20:25:20 32179 ---hs---- C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe<YAZZLE~3.EXE> 2007-02-11 16:39:44 0 d-------- C:\Program Files\Winamp 2007-02-02 02:57:47 0 d-------- C:\Documents and Settings\Bond\Dane aplikacji\Ventrilo 2007-02-02 02:56:37 0 d-------- C:\Program Files\Ventrilo 2007-02-02 02:56:17 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1> 2007-01-29 17:46:17 0 d-------- C:\Program Files\Common Files\{D4860130-05BB-1045-0415-020502030030}<{D4860~2> 2007-01-29 14:30:56 0 d-------- C:\Documents and Settings\Bond\Dane aplikacji\Adobe 2007-01-28 10:33:06 0 d-------- C:\Program Files\Video ActiveX Object<VIDEOA~1> 2007-01-11 18:19:56 20992 --a------ C:\WINDOWS\System32\gwquvw.dll 2007-01-11 13:24:27 0 --a------ C:\WINDOWS\nsreg.dat 2007-01-05 11:40:15 43520 --a------ C:\WINDOWS\System32\CmdLineExt03.dll<CMDLIN~2.DLL> 2006-12-28 21:49:49 32177 ---hs---- C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe<YAZZLE~2.EXE> 2006-12-28 19:57:45 28 --a------ C:\WINDOWS\System32\getfile.dat -- Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\"" "Komunikator"="C:\\Program Files\\Tlen.pl\\tlen.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AutorunsDisabled] "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NeroFilterCheck"="C:\\WINDOWS\\System32\\NeroCheck.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "PCSuiteTrayApplication"="D:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -onlytray" "DataLayer"="C:\\Program Files\\Common Files\\PCSuite\\DataLayer\\DataLayer.exe" "Zone Labs Client"="C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe" "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\"" "UpdReg"="C:\\WINDOWS\\updReg.EXE" "Anti Trojan Elite"="C:\\Program Files\\Anti Trojan Elite\\TJEnder.exe :NO" "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\AutorunsDisabled] "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"="Narrator.exe" "SAFESE7"="\"D:\\Program Files\\Steganos Safe 7 SE\\safese7.exe\" -firstboot" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce] "RunNarrator"="Narrator.exe" "SAFESE7"="\"D:\\Program Files\\Steganos Safe 7 SE\\safese7.exe\" -firstboot" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bond^Menu Start^Programy^Autostart^Rapidown.lnk] "path"="C:\\Documents and Settings\\Bond\\Menu Start\\Programy\\Autostart\\Rapidown.lnk" "backup"="C:\\WINDOWS\\pss\\Rapidown.lnkStartup" "location"="Startup" "command"="C:\\Program Files\\Rapidown\\rapidown.exe rapstart.startup" "item"="Rapidown" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AllerCalc] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AllerCalc" "hkey"="HKCU" "command"="\"C:\\Program Files\\AllerCalc\\AllerCalc.exe\" /i" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVPDWIN] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="pandasft" "hkey"="HKLM" "command"="\"C:\\Program Files\\Panda Software\\Panda Demo\\pandasft.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAFESE7] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SAFESE7" "hkey"="HKCU" "command"="\"D:\\Program Files\\Steganos Safe 7 SE\\SAFESE7.exe\" -boot" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Alerter"=dword:00000003 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{8d8c2387-7f80-4022-9be6-43630a969558}"="carbinyl" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "none"="C:\\Program Files\\Video ActiveX Object\\pmsngr.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run\AutorunsDisabled] "isamini.exe"="C:\\Program Files\\Video ActiveX Object\\isamonitor.exe" "isamonitor.exe"="C:\\Program Files\\Video ActiveX Object\\isamonitor.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe8f1c82-6a3c-11da-9e74-806d6172696f}] Shell\AutoRun\command G:\autorun.exe -- End of ComboScan: finished at 2007-03-28 at 00:59:49 ------------------------

[ Dodano: Dzisiaj o 0:14 ]
Loga z Supplementary nie moge teraz wkleic poniewaz pokazuje ze wiadomosc jest za dluga

**Posty:** 8694 · przez **Red** 28 Mar 2007, 08:11

otwierasz notatnik windowsa i wklejasz w nim to co ponizej:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"none"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run\AutorunsDisabled]
"isamini.exe"=-
"isamonitor.exe"=-

góry>>Plik >> Zapisz jako, zapisz jako typ: wszystkie pliki, nazwa pliku: Fix.reg
Klikasz dwa razy na powstały plik i potwierdzasz.

sciagasz:
http://www.bleepingcomputer.com/files/killbox.php

Odpalasz Killboxa zaznacz opcję Delete on Reboot następnie w polu Full Path of File to Delete wklej ścieżkę :
C:\Windows\System32\gwquvw.dll
i nacisnij x
Program będzie pytał o restart (oczywiście zgadzasz się)

po restarcie daj jeszcze raz log z comboscan

**Posty:** 2 · przez **Joan** 28 Mar 2007, 09:24

Hmm to ja dopiszę może coś w temacie, przepraszam że się wtrącam

Red napisał(a):piszesz za przeproszeniem "bzdety",jednym słowem >>brak kultury.

No nie do końca jednak...

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{8d8c2387-7f80-4022-9be6-43630a969558}"="carbinyl"

jest jeszcze ten kluczyk, standard od infekcji Smitfraud, do ubicia. Automat sobie z tym poradzi bez problemu, tak będzie łatwiej po prostu.

Ponadto opis problemu może wskazywać na problemy z hardem, ze względu na to:

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\AutorunsDisabled]
"KernelFaultCheck"

Poprosiłabym o plik minidumpa.

Pozdrawiam

Autor postu otrzymał pochwałę

**Posty:** 8694 · przez **Red** 28 Mar 2007, 09:52

Temat edytowałem i wracamy do zabawy (czyszczenia)

**Posty:** 1134 · przez **MISTEJK** 28 Mar 2007, 10:22

Należy użyć simitfraudfix z opcji 2 :evil:

a nie ręcznie usuwać.

Autor postu otrzymał pochwałę

**Posty:** 2849 · przez **BZIKU** 28 Mar 2007, 10:26

Joan-jesteś nowy,więc przeczytaj to:

http://www.forum.programosy.pl/tekst-w-podpisach-vt68009.html

i usuń link z podpisu....

**Posty:** 219 · przez **Vandar** 28 Mar 2007, 10:26

COMBOSCAN

Kod: Zaznacz wszystko: ComboScan v20070306.20 run by Bond on 2007-03-28 at 10:15:19 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Bond.exe) ------------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 10:15:29, on 2007-03-28 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\spoolsv.exe D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\PLANET WL-8314\WLANMON.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\SLEE81.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Documents and Settings\Bond\Pulpit\COMBOSCAN\comboscan.exe C:\DOCUME~1\Bond\Pulpit\HIJACK\Bond.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F2 - REG:system.ini: Shell=explorer.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: (no name) - {A6984C00-C6EB-11D4-B4A4-080000180323} - C:\PROGRA~1\Rapidown\rapi310.dll O3 - Toolbar: 3DNA Toolbar - {2ECB7FB2-0333-416F-92FD-4904AD49252B} - C:\WINDOWS\system32\3DNATO~1.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\updReg.EXE O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WL-8314 Configuration Utility.lnk = ? O8 - Extra context menu item: Baixar com o Rapidown... - C:\Program Files\Rapidown\RapidownGet.htm O8 - Extra context menu item: Baixar tudo com o Rapidown... - C:\Program Files\Rapidown\RapidownGetAll.htm O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\Rapidown.exe (file missing) O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\Rapidown.exe (file missing) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Steganos Live Encryption Engine 8.1 [Service] (SLEE_81_SERVICE) - Unknown owner - C:\WINDOWS\System32\SLEE81.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- Files created between 2007-02-28 and 2007-03-28 ----------------------------- 2007-03-28 10:09:37 0 d-------- C:\!KillBox 2007-03-27 21:57:20 0 d-------- C:\Program Files\PLANET WL-8314<PLANET~1> 2007-03-27 21:57:19 253696 --a------ C:\WINDOWS\System32\drivers\MRV8335XP.sys<MRV833~1.SYS> 2007-03-27 20:40:18 0 d-------- C:\ERDNT 2007-03-27 16:22:55 0 d-------- C:\Program Files\BearShare<BEARSH~1> 2007-03-12 22:08:04 0 d-------- C:\Program Files\OpenSource Flash Video Splitter<OPENSO~1> 2007-03-12 22:08:01 0 d-------- C:\Program Files\RealMedia<REALME~1> 2007-03-12 22:07:53 0 d-------- C:\Program Files\Haali 2007-03-11 19:08:02 0 d-------- C:\Tlen_pliki<TLEN_P~1> -- Find3M Report --------------------------------------------------------------- 2007-03-28 00:55:54 0 d-------- C:\Documents and Settings\Bond\Dane aplikacji\Tlen.pl 2007-03-27 22:02:26 436322 --a------ C:\WINDOWS\System32\perfh015.dat 2007-03-27 22:02:26 67298 --a------ C:\WINDOWS\System32\perfc015.dat 2007-03-27 21:57:19 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1> 2007-03-27 16:26:02 0 d-------- C:\Program Files\Common Files\{D4860130-05BA-1045-0415-020502030030}<{D4860~1> 2007-03-26 16:50:17 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1> 2007-03-26 16:50:05 0 d-------- C:\Documents and Settings\Bond\Dane aplikacji\Skype 2007-03-24 23:32:26 0 d-------- C:\Program Files\FlashGet 2007-03-16 14:52:26 0 d-------- C:\Program Files\Skype 2007-03-07 14:52:46 0 d-------- C:\Program Files\mIRC 2007-03-05 13:08:03 0 d-------- C:\Program Files\Java 2007-02-26 19:37:31 0 d-------- C:\Program Files\ReflexiveArcade<REFLEX~1> 2007-02-20 17:59:47 0 d-------- C:\Program Files\WowReader<WOWREA~1> 2007-02-20 17:51:51 0 d-------- C:\Program Files\Gadu-Gadu<GADU-G~1> 2007-02-17 19:07:00 0 d-------- C:\Documents and Settings\Bond\Dane aplikacji\Apple Computer<APPLEC~1> 2007-02-17 19:03:09 0 d-------- C:\Program Files\QuickTime<QUICKT~1> 2007-02-14 22:55:15 0 d-------- C:\Program Files\Rapidown 2007-02-14 22:29:08 0 d-------- C:\Program Files\KeyLogger<KEYLOG~1> 2007-02-12 20:25:20 32179 ---hs---- C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe<YAZZLE~3.EXE> 2007-02-11 16:39:44 0 d-------- C:\Program Files\Winamp 2007-02-02 02:57:47 0 d-------- C:\Documents and Settings\Bond\Dane aplikacji\Ventrilo 2007-02-02 02:56:37 0 d-------- C:\Program Files\Ventrilo 2007-02-02 02:56:17 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1> 2007-01-29 17:46:17 0 d-------- C:\Program Files\Common Files\{D4860130-05BB-1045-0415-020502030030}<{D4860~2> 2007-01-29 14:30:56 0 d-------- C:\Documents and Settings\Bond\Dane aplikacji\Adobe 2007-01-28 10:33:06 0 d-------- C:\Program Files\Video ActiveX Object<VIDEOA~1> 2007-01-11 13:24:27 0 --a------ C:\WINDOWS\nsreg.dat 2007-01-05 11:40:15 43520 --a------ C:\WINDOWS\System32\CmdLineExt03.dll<CMDLIN~2.DLL> 2006-12-28 21:49:49 32177 ---hs---- C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe<YAZZLE~2.EXE> 2006-12-28 19:57:45 28 --a------ C:\WINDOWS\System32\getfile.dat -- Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\"" "Komunikator"="C:\\Program Files\\Tlen.pl\\tlen.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AutorunsDisabled] "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NeroFilterCheck"="C:\\WINDOWS\\System32\\NeroCheck.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "PCSuiteTrayApplication"="D:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -onlytray" "DataLayer"="C:\\Program Files\\Common Files\\PCSuite\\DataLayer\\DataLayer.exe" "Zone Labs Client"="C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe" "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\"" "UpdReg"="C:\\WINDOWS\\updReg.EXE" "Anti Trojan Elite"="C:\\Program Files\\Anti Trojan Elite\\TJEnder.exe :NO" "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\AutorunsDisabled] "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"="Narrator.exe" "SAFESE7"="\"D:\\Program Files\\Steganos Safe 7 SE\\safese7.exe\" -firstboot" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce] "RunNarrator"="Narrator.exe" "SAFESE7"="\"D:\\Program Files\\Steganos Safe 7 SE\\safese7.exe\" -firstboot" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bond^Menu Start^Programy^Autostart^Rapidown.lnk] "path"="C:\\Documents and Settings\\Bond\\Menu Start\\Programy\\Autostart\\Rapidown.lnk" "backup"="C:\\WINDOWS\\pss\\Rapidown.lnkStartup" "location"="Startup" "command"="C:\\Program Files\\Rapidown\\rapidown.exe rapstart.startup" "item"="Rapidown" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AllerCalc] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AllerCalc" "hkey"="HKCU" "command"="\"C:\\Program Files\\AllerCalc\\AllerCalc.exe\" /i" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVPDWIN] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="pandasft" "hkey"="HKLM" "command"="\"C:\\Program Files\\Panda Software\\Panda Demo\\pandasft.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAFESE7] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SAFESE7" "hkey"="HKCU" "command"="\"D:\\Program Files\\Steganos Safe 7 SE\\SAFESE7.exe\" -boot" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Alerter"=dword:00000003 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{8d8c2387-7f80-4022-9be6-43630a969558}"="carbinyl" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 -- End of ComboScan: finished at 2007-03-28 at 10:15:48 ------------------------

Aha i jeszcze jedna sprawa, moglibyscie sie dogadac co mam usunac i jak?

Bo widze ze kazdy tutaj ma swoja wersje, i troche sie boje usuwac, bo ktos sie moze pomylic przy logach

**Posty:** 8694 · przez **Red** 28 Mar 2007, 10:35

pozostało ci jeszcze wejscie do rejestru w trybie awaryjnym i usuniecie tego klucza:

start>uruchom>wpisz >>regedit>>ok

smignij tą sciezką kolejno

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

i usun z prawokliku:
"{8d8c2387-7f80-4022-9be6-43630a969558}"="carbinyl"

prosze o sprawdzenie loga.

Prosze o sprawdzenie loga.

Kto jest na forum