zeniTh utworzono 11 lipca 2007 utworzono 11 lipca 2007 siemka ostatnio coś mi zaczęło mulić kompa po pojawieniu się na kompie jakiegoś robaka .. znaczy się Panda go wykrywa i niby neutralizuje ale przy każdym uruchomieniu kompa znów się on pojawia ... włączanie kompa stało się troszkę wolniejsze i gry się scinają czasami aha i po uruchomieniu kompa po kilku minutach włącza mi się nagle IE i wyskakuje ERROR SAFE i pokazuje jakieś błędy, ściągnąłem tego error safe i usunąłem te błędy ale dalej wyskakuje ;/ tu daj logi i proszę o jak najszybsze sprawdzenie Logfile of HijackThis v1.99.1Scan saved at 00:48:03, on 2007-07-12Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exee:ProgramyPanda SoftwarePanda Antivirus 2007pavsrv51.exee:ProgramyPanda SoftwarePanda Antivirus 2007AVENGINE.EXEC:WINDOWSSystem32svchost.exeC:WINDOWSsystem32spoolsv.exeC:WINDOWSsystem32nvsvc32.exeC:WINDOWSsystem32HPZipm12.exee:ProgramyPanda SoftwarePanda Antivirus 2007PsImSvc.exeC:WINDOWSSystem32svchost.exeC:WINDOWSsystem32WgaTray.exeC:WINDOWSExplorer.EXEe:ProgramyPanda SoftwarePanda Antivirus 2007apvxdwin.exee:programypanda softwarepanda antivirus 2007WebProxy.exeC:Program FilesThomsonSpeedTouch USBDragdiag.exeC:PROGRA~1NEOSTR~1TaskbarIcon.exeC:Program FilesAnalog DevicesCoresmax4pnp.exeC:Program FilesAnalog DevicesSoundMAXSmax4.exeE:ProgramyrevoltecOEMDriver.exeE:Programylg_fwupdatefwupdate.exeC:PROGRA~1COMMON~1PCSuiteDATALA~1DATALA~1.EXEE:ProgramyNokiaNOKIAP~1TRAYAP~1.EXEE:ProgramyA4TechMouseAmoumain.exeC:Program FilesCommon FilesRealUpdate_OBrealsched.exeC:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exeC:WINDOWSsystem32RUNDLL32.EXEC:WINDOWSsystem32ctfmon.exeC:WINDOWSsystem32svchost.exeC:WINDOWSwtupdaterwcmdmgr.exeE:ProgramyDAEMON Toolsdaemon.exeC:PROGRA~1COMMON~1PCSuiteServicesSERVIC~1.EXEC:Program FilesCommon FilesTeleca SharedCapabilityManager.exeC:Program FilesCommon FilesTeleca SharedGeneric.exeC:Program FilesSony EricssonMobile2Mobile Phone Monitorepmworker.exeC:DOCUME~1zeniThUSTAWI~1Temp~e5.0001E:ProgramyGadu-Gadugg.exeC:Documents and SettingszeniThPulpitHijackThis.exee:ProgramyPanda SoftwarePanda Antivirus 2007psimreal.exee:ProgramyPanda SoftwarePanda Antivirus 2007avciman.exeR0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:PROGRA~1NEOSTR~1SEARCH~1.DLLO4 - HKLM..Run: [WooCnxMon] C:PROGRA~1NEOSTR~1CnxMon.exeO4 - HKLM..Run: [speedTouch USB Diagnostics] "C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /iconO4 - HKLM..Run: [WOOWATCH] C:PROGRA~1NEOSTR~1Watch.exeO4 - HKLM..Run: [WOOTASKBARICON] C:PROGRA~1NEOSTR~1TaskbarIcon.exeO4 - HKLM..Run: [soundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exeO4 - HKLM..Run: [soundMAX] "C:Program FilesAnalog DevicesSoundMAXSmax4.exe" /trayO4 - HKLM..Run: [nwiz] nwiz.exe /installO4 - HKLM..Run: [APVXDWIN] "e:ProgramyPanda SoftwarePanda Antivirus 2007APVXDWIN.EXE" /sO4 - HKLM..Run: [High Definition Audio Property Page Shortcut] HDAShCut.exeO4 - HKLM..Run: [KBDriver] E:ProgramyrevoltecOEMDriver.exeO4 - HKLM..Run: [LGODDFU] e:Programylg_fwupdatefwupdate.exeO4 - HKLM..Run: [DataLayer] C:PROGRA~1COMMON~1PCSuiteDATALA~1DATALA~1.EXEO4 - HKLM..Run: [PCSuiteTrayApplication] E:ProgramyNokiaNOKIAP~1TRAYAP~1.EXEO4 - HKLM..Run: [WheelMouse] e:ProgramyA4TechMouseAmoumain.exeO4 - HKLM..Run: [WinampAgent] e:ProgramyWinampwinampa.exeO4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osbootO4 - HKLM..Run: [sony Ericsson PC Suite] "C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" /startoptionsO4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartupO4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInitO4 - HKLM..Run: [.nvsvc] C:WINDOWSsystemsmss.exe /wO4 - HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exeO4 - HKLM..Run: [wcmdmgr] C:WINDOWSwtupdaterwcmdmgrl.exe -launchO4 - HKLM..Run: [icq.com] rundll32.exe "C:WINDOWSsystem32waxffkqu.dll",forkonceO4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exeO4 - HKCU..Run: [Gadu-Gadu] "E:ProgramyGadu-Gadugg.exe" /trayO4 - HKCU..Run: [DAEMON Tools] "E:ProgramyDAEMON Toolsdaemon.exe" -lang 1033O4 - HKCU..Run: [Error Safe] "C:Program FilesError Safe Freeers.exe" /minO4 - Global Startup: Adobe Reader Speed Launch.lnk = E:ProgramyAdobeAcrobat 7.0Readerreader_sl.exeO8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLLO17 - HKLMSystemCCSServicesTcpip..{5C36C1DC-8C44-4B30-A1EA-4215D81DEC10}: NameServer = 194.204.152.34 217.98.63.164O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:Program FilesCommon FilesMicrosoft SharedHelphxds.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLLO18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:PROGRA~1COMMON~1MICROS~1OFFICE12MSOXMLMF.DLLO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dllO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exeO23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - e:ProgramyPanda SoftwarePanda Antivirus 2007pavsrv51.exeO23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exeO23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - e:ProgramyPanda SoftwarePanda Antivirus 2007PsImSvc.exe
grzegorzmce komentarz 12 lipca 2007 komentarz 12 lipca 2007 http://dobreprogramy.pl/index.php?dz=2&id=1759&t=30 zainstaluj sobie to i przeskanuj kompa:D
CatchMe komentarz 12 lipca 2007 komentarz 12 lipca 2007 Proszę o przeniesienie tematu do działu Bezpieczeństwa. ---------------------------------------------------------- Prawdopodobnie mamy przyczynę. Masz infekcje Vundo + pojedyncze kwiatki. ---------------------------------------------------------- Zablokuj porty programami WWDC i Seconfig XP ---------------------------------------------------------- Zastosuj instrukcję usuwania z tego tematu: [shadow=red:4fa4c3eaeb]LINK[/shadow:4fa4c3eaeb] ---------------------------------------------------------- Użyj narzędzia: ATF Cleaner ---------------------------------------------------------- Twój zestaw do usunięcia: C:DOCUME~1zeniThUSTAWI~1Temp~e5.0001 O4 - HKLM..Run: [.nvsvc] C:WINDOWSsystemsmss.exe /w O4 - HKLM..Run: [icq.com] rundll32.exe "C:WINDOWSsystem32waxffkqu.dll",forkonce O4 - HKCU..Run: [Error Safe] "C:Program FilesError Safe Freeers.exe" /min Na razie nic nie ruszamy - zobaczymy czy coś pójdzie po zastosowaniu automatów. ---------------------------------------------------------- - Po zabiegach wklejasz logi z HijackThis i ComboFix.
zeniTh komentarz 12 lipca 2007 Autor komentarz 12 lipca 2007 HijackThis Logfile of HijackThis v1.99.1Scan saved at 13:02:11, on 2007-07-12Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exee:ProgramyPanda SoftwarePanda Antivirus 2007pavsrv51.exee:ProgramyPanda SoftwarePanda Antivirus 2007AVENGINE.EXEC:WINDOWSSystem32svchost.exeC:WINDOWSsystem32spoolsv.exeC:WINDOWSsystem32nvsvc32.exeC:WINDOWSsystem32HPZipm12.exee:ProgramyPanda SoftwarePanda Antivirus 2007PsImSvc.exeC:WINDOWSSystem32svchost.exeC:WINDOWSsystem32WgaTray.exeC:PROGRA~1NEOSTR~1CnxMon.exeC:Program FilesThomsonSpeedTouch USBDragdiag.exeC:PROGRA~1NEOSTR~1TaskbarIcon.exeC:Program FilesAnalog DevicesCoresmax4pnp.exeC:Program FilesAnalog DevicesSoundMAXSmax4.exeE:ProgramyPanda SoftwarePanda Antivirus 2007APVXDWIN.EXEE:ProgramyrevoltecOEMDriver.exeE:Programylg_fwupdatefwupdate.exeC:PROGRA~1COMMON~1PCSuiteDATALA~1DATALA~1.EXEE:ProgramyNokiaNOKIAP~1TRAYAP~1.EXEE:ProgramyA4TechMouseAmoumain.exeC:Program FilesCommon FilesRealUpdate_OBrealsched.exeC:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exeC:WINDOWSsystem32ctfmon.exeE:ProgramyGadu-Gadugg.exeE:ProgramyDAEMON Toolsdaemon.exeC:PROGRA~1COMMON~1PCSuiteServicesSERVIC~1.EXEe:programypanda softwarepanda antivirus 2007WebProxy.exeC:Program FilesCommon FilesTeleca SharedCapabilityManager.exeC:Program FilesCommon FilesTeleca SharedGeneric.exeC:Program FilesSony EricssonMobile2Mobile Phone Monitorepmworker.exeE:ProgramyMozilla Firefoxfirefox.exeC:WINDOWSexplorer.exeC:WINDOWSsystem32notepad.exeC:WINDOWSsystem32NOTEPAD.EXEC:Documents and SettingszeniThPulpitHijackThis.exeR0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:PROGRA~1NEOSTR~1SEARCH~1.DLLO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:ProgramyAdobeAcrobat 7.0ActiveXAcroIEHelper.dllO4 - HKLM..Run: [WooCnxMon] C:PROGRA~1NEOSTR~1CnxMon.exeO4 - HKLM..Run: [speedTouch USB Diagnostics] "C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /iconO4 - HKLM..Run: [WOOWATCH] C:PROGRA~1NEOSTR~1Watch.exeO4 - HKLM..Run: [WOOTASKBARICON] C:PROGRA~1NEOSTR~1TaskbarIcon.exeO4 - HKLM..Run: [soundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exeO4 - HKLM..Run: [soundMAX] "C:Program FilesAnalog DevicesSoundMAXSmax4.exe" /trayO4 - HKLM..Run: [nwiz] nwiz.exe /installO4 - HKLM..Run: [APVXDWIN] "e:ProgramyPanda SoftwarePanda Antivirus 2007APVXDWIN.EXE" /sO4 - HKLM..Run: [High Definition Audio Property Page Shortcut] HDAShCut.exeO4 - HKLM..Run: [KBDriver] E:ProgramyrevoltecOEMDriver.exeO4 - HKLM..Run: [LGODDFU] e:Programylg_fwupdatefwupdate.exeO4 - HKLM..Run: [DataLayer] C:PROGRA~1COMMON~1PCSuiteDATALA~1DATALA~1.EXEO4 - HKLM..Run: [PCSuiteTrayApplication] E:ProgramyNokiaNOKIAP~1TRAYAP~1.EXEO4 - HKLM..Run: [WheelMouse] e:ProgramyA4TechMouseAmoumain.exeO4 - HKLM..Run: [WinampAgent] e:ProgramyWinampwinampa.exeO4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osbootO4 - HKLM..Run: [sony Ericsson PC Suite] "C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" /startoptionsO4 - HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exeO4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exeO4 - HKCU..Run: [Gadu-Gadu] "E:ProgramyGadu-Gadugg.exe" /trayO4 - HKCU..Run: [DAEMON Tools] "E:ProgramyDAEMON Toolsdaemon.exe" -lang 1033O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:ProgramyAdobeAcrobat 7.0Readerreader_sl.exeO8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLLO17 - HKLMSystemCCSServicesTcpip..{5C36C1DC-8C44-4B30-A1EA-4215D81DEC10}: NameServer = 194.204.152.34 217.98.63.164O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:Program FilesCommon FilesMicrosoft SharedHelphxds.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLLO18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:PROGRA~1COMMON~1MICROS~1OFFICE12MSOXMLMF.DLLO20 - Winlogon Notify: avldr - C:WINDOWSSYSTEM32avldr.dllO20 - Winlogon Notify: nnnkkjk - nnnkkjk.dll (file missing)O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dllO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exeO23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - e:ProgramyPanda SoftwarePanda Antivirus 2007pavsrv51.exeO23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exeO23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - e:ProgramyPanda SoftwarePanda Antivirus 2007PsImSvc.exe ComboFix "zeniTh" - 2007-07-12 12:53:54 - ComboFix 07-07-12.3 - Dodatek Service Pack 2 ((((((((((((((((((((((((( Files Created from 2007-06-12 to 2007-07-12 )))))))))))))))))))))))))))))))2007-07-12 12:40 66,624 --a------ C:WINDOWSsystem32hosntgij.dll2007-07-12 01:35 66,624 --a------ C:WINDOWSsystem32ortrklhk.dll2007-07-12 01:32 66,112 --a------ C:WINDOWSsystem32mlfisvxo.exe2007-07-12 00:38 66,624 --a------ C:WINDOWSsystem32adammwbd.dll2007-07-11 23:20 66,624 --a------ C:WINDOWSsystem32pnohtsiq.dll2007-07-11 23:14 66,112 --a------ C:WINDOWSsystem32smweanpo.exe2007-07-11 18:04 66,112 --a------ C:WINDOWSsystem32nwnyjpxr.exe2007-07-11 14:12 66,112 --a------ C:WINDOWSsystem32kgscfqqc.exe2007-07-11 14:05 66,112 --a------ C:WINDOWSsystem32yoffnvaj.exe2007-07-10 19:33 11,776 --a------ C:WINDOWSsystem32driverswasfsd.sys2007-07-10 19:33 <DIR> d-------- C:Program FilesError Safe2007-07-10 19:32 128,576 --a------ C:WINDOWSsystem32pbjvvkuv.dll2007-07-10 14:23 6,144 --a------ C:WINDOWSsystem32driversersd.sys2007-07-10 14:22 <DIR> d-------- C:Program FilesCommon FilesErrorSafe2007-07-09 21:44 91,856 --a------ C:DOCUME~1zeniThDANEAP~1errorsafefreeinstall_pl[1].exe2007-07-09 21:20 128,576 --a------ C:WINDOWSsystem32dhwidomg.dll2007-07-09 10:45 128,576 --a------ C:WINDOWSsystem32vnwcagdu.dll2007-06-22 18:09 <DIR> d-------- C:WINDOWSwt2007-06-22 00:14 <DIR> d-------- C:DOCUME~1zeniThDANEAP~1IrfanView2007-06-19 14:07 <DIR> d-------- C:DOCUME~1zeniThWINDOWS2007-06-18 07:35 <DIR> d-------- C:DOCUME~1zeniThDANEAP~1Ahead2007-06-18 07:33 <DIR> d-------- C:Program FilesNero2007-06-18 07:33 <DIR> d-------- C:Program FilesCommon FilesAhead2007-06-18 07:11 86,016 --a------ C:WINDOWSsystem32OpenAL32.dll2007-06-18 07:11 262,144 --a------ C:WINDOWSsystem32wrap_oal.dll2007-06-18 07:10 5,632 --a------ C:WINDOWSsystem32driversEntech64.sys2007-06-18 07:10 3,972 --a------ C:WINDOWSsystem32driversPciBus.sys2007-06-18 07:10 21,664 --a------ C:WINDOWSsystem32driversEntech.sys2007-06-18 07:10 <DIR> d-------- C:WINDOWSsystem32Futuremark2007-06-12 19:12 51,200 --a------ C:WINDOWSnircmd.exe(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))2007-07-11 20:21:32 -------- d-----w C:Program FilesNeostrada TP2007-07-11 20:21:30 -------- d-----w C:Program FilesCommon FilesTeleca Shared2007-07-11 11:15:30 -------- d-----w C:Program FilesMessenger2007-07-01 15:22:40 68,334 ----a-w C:WINDOWSsystem32perfc015.dat2007-07-01 15:22:40 439,326 ----a-w C:WINDOWSsystem32perfh015.dat2007-06-19 20:08:48 163,644 ----a-w C:WINDOWSsystem32driverssecdrv.sys2007-06-18 05:18:35 -------- d-----w C:Program FilesAhead2007-06-18 05:09:50 -------- d--h--w C:Program FilesInstallShield Installation Information2007-06-10 20:24:28 -------- d-----w C:DOCUME~1zeniThDANEAP~1Skype2007-06-07 23:09:25 7,292 --sha-w C:WINDOWSsystem32driversfidbox.idx2007-06-07 23:09:25 2,592 --sha-w C:WINDOWSsystem32driversfidbox2.dat2007-06-07 23:09:25 2,360 --sha-w C:WINDOWSsystem32driversfidbox2.idx2007-06-07 23:09:25 152,352 --sha-w C:WINDOWSsystem32driversfidbox.dat2007-06-07 23:06:27 512 ----a-w C:ScanSectorLog.dat2007-06-07 23:04:29 4,212 ---h--w C:WINDOWSsystem32zllictbl.dat2007-06-07 15:15:35 -------- d-----w C:DOCUME~1zeniThDANEAP~1Teleca2007-06-07 15:13:37 -------- d-----w C:Program FilesSony Ericsson2007-06-04 12:57:00 664 ----a-w C:WINDOWSsystem32d3d9caps.dat2007-06-03 08:33:50 -------- d-----w C:DOCUME~1zeniThDANEAP~1Real2007-06-02 19:07:37 -------- d-----w C:Program FilesCommon Filesxing shared2007-06-02 19:07:36 -------- d-----w C:Program FilesCommon FilesReal2007-06-02 18:59:54 -------- d-----w C:DOCUME~1zeniThDANEAP~1Media Player Classic2007-06-02 18:59:29 -------- d-----w C:Program FilesMedia Player Classic2007-06-02 10:50:37 -------- d-----w C:Program FilesSkype2007-06-02 10:50:32 -------- d-----w C:Program FilesCommon FilesSkype2007-06-01 18:56:27 -------- d-----w C:Program FilesCreative2007-05-31 21:09:56 -------- d-----w C:Program FilesWinamp2007-05-30 18:26:04 -------- d-----w C:Program FilesMicrosoft CAPICOM 2.1.0.22007-05-30 16:34:10 2,071 ----a-w C:WINDOWSmozver.dat2007-05-30 12:29:43 -------- d-----w C:DOCUME~1zeniThDANEAP~1AdobeUM2007-05-30 12:13:52 -------- d-----w C:Program FilesMicrosoft Works2007-05-30 12:12:46 -------- d-----w C:Program FilesMicrosoft.NET2007-05-28 11:42:27 -------- d-----w C:Program FilesA4TECH2007-05-26 19:39:13 -------- d-----w C:Program FilesCommon FilesHP2007-05-26 19:36:25 -------- d-----w C:Program FilesCommon FilesHewlett-Packard2007-05-26 19:35:44 -------- d-----w C:Program FilesHP2007-05-26 19:31:08 -------- d-----w C:DOCUME~1zeniThDANEAP~1HP2007-05-24 19:55:32 -------- d-----w C:Program FilesMSXML 4.02007-05-24 18:09:45 -------- d-----w C:Program FilesCommon FilesPCSuite2007-05-24 18:09:44 -------- d-----w C:Program FilesCommon FilesNokia2007-05-17 22:05:02 -------- d-----w C:Program FilesWindows Media Connect 22007-05-16 15:18:58 683,520 ----a-w C:WINDOWSsystem32inetcomm.dll2007-05-14 21:32:06 60,273 ----a-w C:WINDOWSsystem32pthreadGC2.dll2007-05-14 21:32:06 10,752 ----a-w C:WINDOWSsystem32ff_vfw.dll2007-05-12 10:04:31 682,232 ----a-w C:WINDOWSsystem32driverssptd.sys2007-05-10 15:29:52 0 -c--a-w C:WINDOWSnsreg.dat2007-05-10 13:56:19 0 --sha-r C:MSDOS.SYS2007-05-10 13:56:19 0 --sha-r C:IO.SYS2007-05-10 13:56:19 0 ----a-w C:CONFIG.SYS2007-05-10 13:56:19 0 ----a-w C:AUTOEXEC.BAT2007-05-10 13:53:50 21,856 ----a-w C:WINDOWSsystem32emptyregdb.dat2007-04-25 14:23:30 144,896 ----a-w C:WINDOWSsystem32schannel.dll2007-04-18 16:14:32 2,854,400 ----a-w C:WINDOWSsystem32msi.dll2007-04-16 20:47:36 33,624 ----a-w C:WINDOWSsystem32wups.dll2007-04-16 20:45:54 1,710,936 ----a-w C:WINDOWSsystem32wuaueng.dll2007-04-16 20:45:48 549,720 ----a-w C:WINDOWSsystem32wuapi.dll2007-04-16 20:45:42 325,976 ----a-w C:WINDOWSsystem32wucltui.dll2007-04-16 20:45:36 203,096 ----a-w C:WINDOWSsystem32wuweb.dll2007-04-16 20:45:28 92,504 ----a-w C:WINDOWSsystem32cdm.dll2007-04-16 20:45:20 53,080 ----a-w C:WINDOWSsystem32wuauclt.exe2007-04-16 20:45:20 43,352 ----a-w C:WINDOWSsystem32wups2.dll2007-04-16 20:44:20 271,224 ----a-w C:WINDOWSsystem32mucltui.dll2007-04-16 20:44:18 208,248 ----a-w C:WINDOWSsystem32muweb.dll2004-10-01 14:00:16 40,960 ----a-w C:Program FilesUninstall_CDS.exe((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))*Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]2006-01-12 20:38 63128 --a------ E:ProgramyAdobeAcrobat 7.0ActiveXAcroIEHelper.dll[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]"WooCnxMon"="C:PROGRA~1NEOSTR~1CnxMon.exe" [2003-10-16 18:07]"SpeedTouch USB Diagnostics"="C:Program FilesThomsonSpeedTouch USBDragdiag.exe" [2004-01-26 11:38]"WOOWATCH"="C:PROGRA~1NEOSTR~1Watch.exe" [2003-10-16 18:07]"WOOTASKBARICON"="C:PROGRA~1NEOSTR~1TaskbarIcon.exe" [2003-10-16 18:07]"SoundMAXPnP"="C:Program FilesAnalog DevicesCoresmax4pnp.exe" [2006-07-20 07:04]"SoundMAX"="C:Program FilesAnalog DevicesSoundMAXSmax4.exe" [2006-07-13 08:12]"nwiz"="nwiz.exe" [2006-10-22 12:22 C:WINDOWSsystem32nwiz.exe]"APVXDWIN"="e:ProgramyPanda SoftwarePanda Antivirus 2007APVXDWIN.exe" [2006-09-13 08:59]"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 C:WINDOWSsystem32HdAShCut.exe]"KBDriver"="E:ProgramyrevoltecOEMDriver.exe" [2006-07-25 20:07]"LGODDFU"="e:Programylg_fwupdatefwupdate.exe" [2006-02-20 12:40]"DataLayer"="C:PROGRA~1COMMON~1PCSuiteDATALA~1DATALA~1.EXE" [2004-09-23 10:33]"PCSuiteTrayApplication"="E:ProgramyNokiaNOKIAP~1TRAYAP~1.EXE" [2004-09-15 15:36]"WheelMouse"="e:ProgramyA4TechMouseAmoumain.exe" [2006-02-17 11:14]"WinampAgent"="e:ProgramyWinampwinampa.exe" []"TkBellExe"="C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" [2007-06-02 21:07]"@"="" []"Sony Ericsson PC Suite"="C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" [2005-10-26 17:17]"NWEReboot"="" []"NeroFilterCheck"="C:Program FilesCommon FilesAheadLibNeroCheck.exe" [2006-01-12 16:40][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]"CTFMON.EXE"="C:WINDOWSsystem32ctfmon.exe" [2004-08-04 00:44]"Gadu-Gadu"="E:ProgramyGadu-Gadugg.exe" [2007-05-10 16:36]"DAEMON Tools"="E:ProgramyDAEMON Toolsdaemon.exe" [2007-04-04 00:29][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyavldr] avldr.dll --a------ 2005-09-27 12:13 45056 C:WINDOWSsystem32avldr.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifynnnkkjk] nnnkkjk.dll *Newly Created Service* - CATCHME**************************************************************************catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.netRootkit scan 2007-07-12 12:54:48Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ...scanning hidden autostart entries ...scanning hidden files ...scan completed successfullyhidden files: 0**************************************************************************Completion time: 2007-07-12 12:55:19C:ComboFix-quarantined-files.txt ... 2007-07-12 12:55C:ComboFix2.txt ... 2007-07-12 12:50C:ComboFix3.txt ... 2007-06-12 19:19 --- E O F --- silentrunners "Silent Runners.vbs", revision R50, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}"CTFMON.EXE" = "C:WINDOWSsystem32ctfmon.exe" [MS]"Gadu-Gadu" = ""E:ProgramyGadu-Gadugg.exe" /tray" ["Gadu-Gadu S.A."]"DAEMON Tools" = ""E:ProgramyDAEMON Toolsdaemon.exe" -lang 1033" ["DT Soft Ltd."]HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++}"WooCnxMon" = "C:PROGRA~1NEOSTR~1CnxMon.exe" [empty string]"SpeedTouch USB Diagnostics" = ""C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon" ["THOMSON Telecom Belgium"]"WOOWATCH" = "C:PROGRA~1NEOSTR~1Watch.exe" ["France Télécom R&D"]"WOOTASKBARICON" = "C:PROGRA~1NEOSTR~1TaskbarIcon.exe" ["France Télécom R&D"]"SoundMAXPnP" = "C:Program FilesAnalog DevicesCoresmax4pnp.exe" ["Analog Devices, Inc."]"SoundMAX" = ""C:Program FilesAnalog DevicesSoundMAXSmax4.exe" /tray" ["Analog Devices, Inc."]"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]"APVXDWIN" = ""e:ProgramyPanda SoftwarePanda Antivirus 2007APVXDWIN.EXE" /s" ["Panda Software International"]"High Definition Audio Property Page Shortcut" = "HDAShCut.exe" ["Windows ® Server 2003 DDK provider"]"KBDriver" = "E:ProgramyrevoltecOEMDriver.exe" [empty string]"LGODDFU" = "e:Programylg_fwupdatefwupdate.exe" [null data]"DataLayer" = "C:PROGRA~1COMMON~1PCSuiteDATALA~1DATALA~1.EXE" ["Nokia Mobile Phones Ltd."]"PCSuiteTrayApplication" = "E:ProgramyNokiaNOKIAP~1TRAYAP~1.EXE" [empty string]"WheelMouse" = "e:ProgramyA4TechMouseAmoumain.exe" ["A4Tech Co., Ltd."]"WinampAgent" = "e:ProgramyWinampwinampa.exe" [file not found]"TkBellExe" = ""C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot" ["RealNetworks, Inc."]"(Default)" = "(empty string)" [file not found]"Sony Ericsson PC Suite" = ""C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" /startoptions" ["Sony Ericsson Mobile Communications AB"]"NWEReboot" = "(empty string)" [file not found]"NeroFilterCheck" = "C:Program FilesCommon FilesAheadLibNeroCheck.exe" ["Nero AG"]HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" InProcServer32(Default) = "E:ProgramyAdobeAcrobat 7.0ActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"]HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" InProcServer32(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" InProcServer32(Default) = "C:WINDOWSSystem32hticons.dll" ["Hilgraeve, Inc."]"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" InProcServer32(Default) = "C:WINDOWSsystem32nvcpl.dll" ["NVIDIA Corporation"]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "e:ProgramyWinRARrarext.dll" [null data]"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" InProcServer32(Default) = "C:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = "C:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" InProcServer32(Default) = "C:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]"{65756541-C65C-11CD-0000-4B656E696100}" = "Panda Antivirus" -> {HKLM...CLSID} = "Panda Antivirus" InProcServer32(Default) = "e:ProgramyPanda SoftwarePanda Antivirus 2007ShellTit.DLL" ["Panda Software International"]"{40950107-FEA6-4d53-A65F-B2DCBA57DD58}" = "Nokia Phone Browser" -> {HKLM...CLSID} = "Nokia Phone Browser" InProcServer32(Default) = "E:ProgramyNokiaNokia PC Suite 6PhoneBrowser.dll" ["Nokia"]"{FBFE7864-D495-41f0-B7DC-4BB601CC295E}" = "Contact View" -> {HKLM...CLSID} = "Contact View" InProcServer32(Default) = "E:ProgramyNokiaNokia PC Suite 6ContactView.dll" ["Nokia"]"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}" = "Message View" -> {HKLM...CLSID} = "Message View" InProcServer32(Default) = "E:ProgramyNokiaNokia PC Suite 6MessageView.dll" ["Nokia"]"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" InProcServer32(Default) = "C:PROGRA~1MICROS~2Office12OLKFSTUB.DLL" [MS]"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" InProcServer32(Default) = "C:PROGRA~1MICROS~2Office12MLSHEXT.DLL" [MS]"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = "C:Program FilesMicrosoft OfficeOffice12msohevi.dll" [MS]"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" InProcServer32(Default) = "C:PROGRA~1COMMON~1MICROS~1OFFICE12msoshext.dll" [MS]"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" InProcServer32(Default) = "C:PROGRA~1COMMON~1MICROS~1OFFICE12msoshext.dll" [MS]"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" InProcServer32(Default) = "e:ProgramyRealRealPlayerrpshell.dll" ["RealNetworks, Inc."]"{A5110426-177D-4e08-AB3F-785F10B4439C}" = "Sony Ericsson File Manager" -> {HKLM...CLSID} = "Sony Ericsson File Manager" InProcServer32(Default) = "C:Program FilesSony EricssonMobile2File Managerfmgrgui.dll" ["Sony Ericsson Mobile Communications AB"]"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" InProcServer32(Default) = "C:WINDOWSsystem32nvcpl.dll" ["NVIDIA Corporation"]"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" InProcServer32(Default) = "C:Program FilesCommon FilesAheadLibNeroDigitalExt.dll" ["Nero AG"]"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" InProcServer32(Default) = "C:Program FilesCommon FilesAheadLibNeroDigitalExt.dll" ["Nero AG"]"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension" -> {HKLM...CLSID} = "UnlockerShellExtension" InProcServer32(Default) = "e:ProgramyUnlockerUnlockerCOM.dll" [null data]HKLMSoftwareMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" InProcServer32(Default) = "C:WINDOWSsystem32WPDShServiceObj.dll" [MS]HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify<<!>> avldrDLLName = "avldr.dll" ["Panda Software"]<<!>> nnnkkjkDLLName = "nnnkkjk.dll" [file not found]HKLMSoftwareClassesPROTOCOLSFilter<<!>> text/xmlCLSID = "{807563E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter" InProcServer32(Default) = "C:PROGRA~1COMMON~1MICROS~1OFFICE12MSOXMLMF.DLL" [MS]HKLMSoftwareClassesFoldershellexColumnHandlers{7D4D6379-F301-4311-BEBA-E26EB0561882}(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" InProcServer32(Default) = "C:Program FilesCommon FilesAheadLibNeroDigitalExt.dll" ["Nero AG"]{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" InProcServer32(Default) = "E:ProgramyAdobeAcrobat 7.0ActiveXPDFShell.dll" ["Adobe Systems, Inc."]HKLMSoftwareClasses*shellexContextMenuHandlersPanda Antivirus(Default) = "{65756541-C65C-11CD-0000-4B656E696100}" -> {HKLM...CLSID} = "Panda Antivirus" InProcServer32(Default) = "e:ProgramyPanda SoftwarePanda Antivirus 2007ShellTit.DLL" ["Panda Software International"]WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "e:ProgramyWinRARrarext.dll" [null data]HKLMSoftwareClassesDirectoryshellexContextMenuHandlersWinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "e:ProgramyWinRARrarext.dll" [null data]HKLMSoftwareClassesFoldershellexContextMenuHandlersPanda Antivirus(Default) = "{65756541-C65C-11CD-0000-4B656E696100}" -> {HKLM...CLSID} = "Panda Antivirus" InProcServer32(Default) = "e:ProgramyPanda SoftwarePanda Antivirus 2007ShellTit.DLL" ["Panda Software International"]UnlockerShellExtension(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" -> {HKLM...CLSID} = "UnlockerShellExtension" InProcServer32(Default) = "e:ProgramyUnlockerUnlockerCOM.dll" [null data]WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "e:ProgramyWinRARrarext.dll" [null data]HKLMSoftwareClassesAllFilesystemObjectsshellexContextMenuHandlersUnlockerShellExtension(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" -> {HKLM...CLSID} = "UnlockerShellExtension" InProcServer32(Default) = "e:ProgramyUnlockerUnlockerCOM.dll" [null data]Group Policies {GPedit.msc branch and setting}:-----------------------------------------------Note: detected settings may not have any effect.HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) hex:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Devices: Allow undock without having to log on}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellStateStartup items in "zeniTh" & "All Users" startup folders:--------------------------------------------------------C:Documents and SettingsAll UsersMenu StartProgramyAutostart"Adobe Reader Speed Launch" -> shortcut to: "E:ProgramyAdobeAcrobat 7.0Readerreader_sl.exe" ["Adobe Systems Incorporated"]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Etries {++}000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]Transport Service ProvidersHKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Enries {++}0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range:e:programypanda softwarepanda antivirus 2007pavlsp.dll ["Panda Software International"], 01 - 03, 24%SystemRoot%system32mswsock.dll [MS], 04 - 06, 09 - 23%SystemRoot%system32rsvpsp.dll [MS], 07 - 08Toolbars, Explorer Bars, Extensions:------------------------------------Explorer BarsHKLMSoftwareMicrosoftInternet ExplorerExplorer BarsHKLMSoftwareClassesCLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = "Volet Wanadoo"Implemented Categories{00021494-0000-0000-C000-000000000046} [horizontal bar]InProcServer32(Default) = "C:PROGRA~1NEOSTR~1audienceaudience.dll" [empty string]HKLMSoftwareClassesCLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = "ToolBand Class"Implemented Categories{00021494-0000-0000-C000-000000000046} [horizontal bar]InProcServer32(Default) = "C:PROGRA~1NEOSTR~1audienceaudience.dll" [empty string]HKLMSoftwareClassesCLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = "Volet Wanadoo"Implemented Categories{00021494-0000-0000-C000-000000000046} [horizontal bar]InProcServer32(Default) = "C:PROGRA~1NEOSTR~1audienceaudience.dll" [empty string]HKLMSoftwareClassesCLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = "&Poszukaj"Implemented Categories{00021493-0000-0000-C000-000000000046} [vertical bar]InProcServer32(Default) = "C:PROGRA~1MICROS~2Office12REFIEBAR.DLL" [MS]Extensions (Tools menu items, main toolbar menu buttons)HKLMSoftwareMicrosoftInternet ExplorerExtensions{92780B25-18CC-41C8-B9BE-3C9C571A8263}"ButtonText" = "Research"Miscellaneous IE Hijack Points------------------------------HKCUSoftwareMicrosoftInternet ExplorerURLSearchHooks<<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided) -> {HKLM...CLSID} = "Search Class" InProcServer32(Default) = "C:PROGRA~1NEOSTR~1SEARCH~1.DLL" [empty string]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------NVIDIA Display Driver Service, NVSvc, "C:WINDOWSsystem32nvsvc32.exe" ["NVIDIA Corporation"]Panda anti-virus service, PAVSRV, ""e:ProgramyPanda SoftwarePanda Antivirus 2007pavsrv51.exe"" ["Panda Software International"]Panda IManager Service, PSIMSVC, ""e:ProgramyPanda SoftwarePanda Antivirus 2007PsImSvc.exe"" ["Panda Software"]Pml Driver HPZ12, Pml Driver HPZ12, "C:WINDOWSsystem32HPZipm12.exe" ["HP"]Print Monitors:---------------HKLMSystemCurrentControlSetControlPrintMonitorsHP Standard TCP/IP PortDriver = "HpTcpMon.dll" ["Hewlett Packard"]----------<<!>>: Suspicious data at a malware launch point.<<H>>: Suspicious data at a browser hijack point.+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter.+ To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box.---------- (total run time: 45 seconds, including 3 seconds for message boxes) tak jakby coś poskutkowało ale jeszcze nie do końca
CatchMe komentarz 12 lipca 2007 komentarz 12 lipca 2007 Ściągnij OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe * Do pola Paste List of Files/Folders to be Moved wklej poniższe ścieżki: C:WINDOWSsystem32hosntgij.dll C:WINDOWSsystem32ortrklhk.dll C:WINDOWSsystem32mlfisvxo.exe C:WINDOWSsystem32adammwbd.dll C:WINDOWSsystem32pnohtsiq.dll C:WINDOWSsystem32smweanpo.exe C:WINDOWSsystem32nwnyjpxr.exe C:WINDOWSsystem32kgscfqqc.exe C:WINDOWSsystem32yoffnvaj.exe C:WINDOWSsystem32driverswasfsd.sys C:Program FilesError Safe C:WINDOWSsystem32pbjvvkuv.dll C:WINDOWSsystem32driversersd.sys C:Program FilesCommon FilesErrorSafe C:DOCUME~1zeniThDANEAP~1errorsafefreeinstall_pl[1].exe C:WINDOWSsystem32dhwidomg.dll C:WINDOWSsystem32vnwcagdu.dll * Następnie wciśnij przycisk MoveIt! * Wyskoczy komunikat, że jest potrzebny restart do usunięcia podanego pliku/folderu - wciśnij Yes. * Po restarcie usuń ręcznie folder C:_OTMoveIt (Prawoklik >>> Usuń >>> Opróżnij Kosz). * Wpis poniżej zacytowany w HijackThis zaznacz i kliknij na dole przycisk Fix checked.: O20 - Winlogon Notify: nnnkkjk - nnnkkjk.dll (file missing) - Następnie wklejasz nowe logi z HijackThis i ComboFix.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.