Sanis utworzono 1 sierpnia 2007 utworzono 1 sierpnia 2007 Witam mam takie problem ponieważ jest u mnie w rejestrze coś podejrzanego... Daje tutaj screena: Shot at 2007-08-01 Powiedzcie co z tym zrobić I jeszcze wrazie czego rejestr z HijackThis Logfile of HijackThis v1.99.1Scan saved at 14:00:51, on 2007-08-01Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:WINDOWSsystem32spoolsv.exeC:WINDOWSexplorer.exeC:WINDOWSsystem32nvsvc32.exeC:Program FilesSpyware Terminatorsp_rsser.exeC:WINDOWSsystem32wscntfy.exeC:Program Filesxeroxwdfmgr-45180.exeC:Program FilesSpyware TerminatorSpywareTerminatorShield.exeC:Program FilesSAGEM WiFi managerWLANUTL.exeC:WINDOWSsystem32wuauclt.exeC:Program FilesMozilla Firefoxfirefox.exeC:WINDOWSsystem32svchost.exeC:Documents and SettingsWojtasPulpitHijackThis.exeR0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = ŁączaF2 - REG:system.ini: Shell=explorer.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dllO4 - HKLM..Run: [TrojanScanner] C:Program FilesTrojan RemoverTrjscan.exeO4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartupO4 - HKLM..Run: [spywareTerminator] "C:Program FilesSpyware TerminatorSpywareTerminatorShield.exe"O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ?O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exeO23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:Program FilesWinClamAVShieldsp_clamsrv.exeO23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:Program FilesSpyware Terminatorsp_rsser.exe
Sanis komentarz 1 sierpnia 2007 Autor komentarz 1 sierpnia 2007 A z tym jest wszystko ok? C:Program Filesxeroxwdfmgr-45180.exe Log z ComboFIx: ComboFix 07-07-30.2 - "Wojtas" 2007-08-01 15:02:55.1 [GMT 2:00] - NTFS Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.Prawda * Created a new restore point((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))C:WINDOWSsystem32server.exe((((((((((((((((((((((((( Files Created from 2007-07-01 to 2007-08-01 )))))))))))))))))))))))))))))))2007-08-01 15:02 51,200 --a------ C:WINDOWSnircmd.exe2007-08-01 13:27 <DIR> d-------- C:Program FilesCommon FilesWise Installation Wizard2007-08-01 12:31 <DIR> d-------- C:Program FilesXoftSpySE2007-07-31 20:37 <DIR> d-------- C:Program FilesTibia Auto2007-07-31 20:19 <DIR> d-------- C:Program FilesTibia2007-07-31 20:19 <DIR> d-------- C:DOCUME~1WojtasDANEAP~1Tibia2007-07-31 16:00 77,312 --a------ C:WINDOWSsystem32ztvunace26.dll2007-07-31 16:00 75,264 --a------ C:WINDOWSsystem32unacev2.dll2007-07-31 16:00 69,632 --a------ C:WINDOWSsystem32ztvcabinet.dll2007-07-31 16:00 162,304 --a------ C:WINDOWSsystem32ztvunrar36.dll2007-07-31 16:00 153,088 --a------ C:WINDOWSsystem32UNRAR3.dll2007-07-31 16:00 <DIR> d-------- C:Program FilesTrojan Remover2007-07-31 16:00 <DIR> d-------- C:DOCUME~1WojtasDANEAP~1Simply Super Software2007-07-31 16:00 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1Simply Super Software2007-07-31 15:54 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1Spybot - Search & Destroy2007-07-31 15:37 <DIR> d-------- C:Program FilesLavasoft2007-07-31 15:37 <DIR> d-------- C:DOCUME~1WojtasDANEAP~1Lavasoft2007-07-31 15:31 <DIR> d-------- C:Program FilesKaspersky Lab2007-07-31 15:29 <DIR> d-------- C:KAV2007-07-30 20:21 <DIR> d-------- C:Program FilesMTA San Andreas2007-07-27 10:53 <DIR> d-------- C:Program FilesRockstar Games2007-07-27 09:32 <DIR> d-------- C:WINDOWSSan Andreas Mod Installer2007-07-26 10:28 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1Windows Genuine Advantage2007-07-21 19:16 <DIR> d-------- C:WINDOWSspeech2007-07-21 19:16 <DIR> d-------- C:Program Filesivo2007-07-21 08:11 <DIR> d-------- C:Program FilesWebServ2007-07-18 15:38 <DIR> d-------- C:Program FilesAsprate2007-07-18 12:38 <DIR> d-------- C:Program FilesDragon Ball Legend2007-07-15 09:24 <DIR> d-------- C:WINDOWS.file_store_322007-07-15 09:18 <DIR> d-------- C:WINDOWS.jagex_cache_322007-07-11 12:45 98,304 --a------ C:WINDOWSsystem32CmdLineExt.dll2007-07-11 03:00 <DIR> d--h----- C:WINDOWS$hf_mig$2007-07-11 03:00 <DIR> d-------- C:WINDOWSsystem32PreInstall2007-07-10 20:42 <DIR> d-------- C:WINDOWSsystem32SoftwareDistribution2007-07-10 19:58 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1Symantec2007-07-10 19:57 <DIR> d-------- C:Program FilesCommon FilesSymantec Shared2007-07-10 09:53 <DIR> d-------- C:DOCUME~1WojtasDANEAP~1Help2007-07-09 23:57 <DIR> d-------- C:Program FilesMigajek Software2007-07-08 15:36 <DIR> d-------- C:DOCUME~1WojtasDANEAP~1flightgear.org2007-07-08 14:13 31,744 --a------ C:WINDOWSsystem32driversZDPSp50a64.sys2007-07-08 14:13 29,184 --a------ C:WINDOWSsystem32driversBRGSp50a64.sys2007-07-08 14:13 20,608 --a------ C:WINDOWSsystem32driversBRGSp50.sys2007-07-08 14:13 17,664 --a------ C:WINDOWSsystem32driversZDPSp50.sys2007-07-08 14:13 <DIR> d-------- C:Program FilesSAGEM WiFi manager2007-07-08 14:13 <DIR> d-------- C:Program FilesSAGEM2007-07-08 14:12 493,440 --a------ C:WINDOWSsystem32driversWlanBZ64.SYS2007-07-08 14:12 402,432 --a------ C:WINDOWSsystem32driversWlanBZXP.sys2007-07-04 23:14 <DIR> d-------- C:DOCUME~1WojtasDANEAP~1DivX2007-07-04 23:13 <DIR> d-------- C:Program FilesDivX2007-07-04 14:59 <DIR> d-------- C:WINDOWSCache2007-07-03 10:40 <DIR> d-------- C:DOCUME~1WojtasDANEAP~1AdobeUM2007-07-02 20:59 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1Yahoo! Companion2007-07-02 16:39 <DIR> d-------- C:DOCUME~1WojtasDANEAP~1gtk-2.02007-07-02 16:39 <DIR> d-------- C:DOCUME~1Wojtas.thumbnails2007-07-02 16:38 <DIR> d-------- C:Program FilesGIMP-2.02007-07-02 16:38 <DIR> d-------- C:DOCUME~1Wojtas.gimp-2.22007-07-02 16:11 <DIR> d-------- C:DOCUME~1Wojtas.gimp-2.32007-07-02 15:46 <DIR> d-------- C:Program FilesCCleaner(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))2007-08-01 11:10 --------- d-------- C:Program FileseMule2007-07-31 20:42 --------- d-------- C:Program FilesWinamp2007-07-27 10:53 --------- d--h----- C:Program FilesInstallShield Installation Information2007-07-15 09:17 1395 --a------ C:WINDOWSmozver.dat2007-07-12 08:35 67298 --a------ C:WINDOWSsystem32perfc015.dat2007-07-12 08:35 436322 --a------ C:WINDOWSsystem32perfh015.dat2007-07-11 23:59 --------- d-------- C:Program FilesMessenger2007-07-08 14:11 --------- d-------- C:Program FilesCommon FilesInstallShield2007-06-30 14:08 21840 --a----t- C:WINDOWSsystem32SIntfNT.dll2007-06-30 14:08 17212 --a----t- C:WINDOWSsystem32SIntf32.dll2007-06-30 14:08 12067 --a----t- C:WINDOWSsystem32SIntf16.dll2007-06-30 09:59 --------- d-------- C:Program Filesdirectx2007-06-27 18:14 271360 --a------ C:WINDOWSsystem32driversatksgt.sys2007-06-27 18:14 18048 --a------ C:WINDOWSsystem32driverslirsgt.sys2007-06-24 18:20 --------- d-------- C:DOCUME~1WojtasDANEAP~1InstallShield2007-06-24 18:08 --------- d-------- C:Program FilesPhotoFiltre2007-06-24 14:40 --------- d-------- C:DOCUME~1WojtasDANEAP~1TibiaTestserver2007-06-22 15:27 --------- d-------- C:Program FilesBitComet2007-06-21 16:46 --------- d-------- C:DOCUME~1WojtasDANEAP~1uTorrent2007-06-20 23:51 --------- d-------- C:DOCUME~1WojtasDANEAP~1.BitTornado2007-06-20 23:30 --------- d-------- C:Program FilesDFX2007-06-18 07:01 --------- d-------- C:DOCUME~1WojtasDANEAP~1HateML2007-06-12 12:31 --------- d-------- C:Program FilesAlwil Software2007-06-10 15:55 --------- d-------- C:Program FilesLavalys2007-06-10 14:34 --------- d-------- C:Program FilesCommon FilesSpeechEngines2007-06-10 14:34 --------- d-------- C:Program FilesCommon FilesODBC2007-06-10 13:25 --------- d-------- C:Program FilesCommon FilesTeleca Shared2007-06-10 13:25 --------- d-------- C:DOCUME~1WojtasDANEAP~1Teleca2007-06-10 13:24 --------- d-------- C:Program FilesSony Ericsson2007-06-10 13:23 6144 --a------ C:WINDOWSsystem32driversk750cm.sys2007-06-10 13:23 5744 --a------ C:WINDOWSsystem32driversk750wh.sys2007-06-10 13:14 0 --a------ C:WINDOWSnsreg.dat2007-06-10 13:12 --------- d-------- C:Program FilesWapSter2007-06-10 12:54 --------- d-------- C:Program FilesRealtek2007-06-10 12:54 --------- d-------- C:Program FilesAMD2007-06-10 12:47 --------- d-------- C:Program Filesmicrosoft frontpage2007-06-10 12:46 --------- d-------- C:Program FilesWindows Journal Viewer2007-06-10 12:46 --------- d-------- C:Program FilesHighMAT CD Writing Wizard2007-06-10 12:44 0 -rahs---- C:MSDOS.SYS2007-06-10 12:44 0 -rahs---- C:IO.SYS2007-06-10 12:44 0 --a------ C:CONFIG.SYS2007-06-10 12:44 0 --a------ C:AUTOEXEC.BAT2007-06-10 12:43 --------- d--h----- C:Program FilesWindowsUpdate2007-06-10 12:42 --------- d-------- C:Program FilesCommon FilesMSSoap2007-06-10 12:41 21856 --a------ C:WINDOWSsystem32emptyregdb.dat2007-06-10 12:41 --------- d-------- C:Program FilesMovie Maker2007-06-10 12:40 --------- d-------- C:Program FilesWindows NT2007-06-10 12:40 --------- d-------- C:Program FilesMSN Gaming Zone2007-05-16 17:18 683520 --a------ C:WINDOWSsystem32inetcomm.dll --------- C:Program FilesUsługi online((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))*Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]"TrojanScanner"="C:Program FilesTrojan RemoverTrjscan.exe" [2007-07-30 13:54]"SpywareTerminator"="C:Program FilesSpyware TerminatorSpywareTerminatorShield.exe" []C:Documents and SettingsAll UsersMenu StartProgramyAutostartProgram sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - C:Program FilesSAGEM WiFi managerWLANUTL.exe [2007-07-08 14:13:20][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorerRun]"SysCore32-ID45180"=C:Program Filesxeroxwdfmgr-45180.exeR0 gagp30kx;Filtr rodzajowy AGPv3.0 firmy Microsoft dla platform procesora K8;C:WINDOWSsystem32DRIVERSgagp30kx.sysR1 AmdK8;Sterownik procesora AMD;C:WINDOWSsystem32DRIVERSAmdK8.sysR2 atksgt;atksgt;C:WINDOWSsystem32DRIVERSatksgt.sysR2 lirsgt;lirsgt;C:WINDOWSsystem32DRIVERSlirsgt.sysR3 MTsensor;ATK0110 ACPI UTILITY;C:WINDOWSsystem32DRIVERSASACPI.sysR3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:WINDOWSsystem32DRIVERSWlanBZXP.sysR3 vulfnths;VIA USB Host Controller Lower Filter;C:WINDOWSsystem32Driversvulfnth.sysR3 vulfntrs;VIA USB Roothub Lower Filter;C:WINDOWSsystem32Driversvulfntr.sysR3 ZDPSp50;ZDPSp50 NDIS Protocol Driver;C:WINDOWSsystem32DriversZDPSp50.sysR4 sp_rsdrv2;Spyware Terminator Driver 2;??C:WINDOWSsystem32driverssp_rsdrv2.sysS3 FETNDIS;Sterownik NT karty VIA PCI 10/100Mb Fast Ethernet;C:WINDOWSsystem32DRIVERSfetnd5.sysS3 k750bus;Sony Ericsson 750 driver (WDM);C:WINDOWSsystem32DRIVERSk750bus.sysS3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter;C:WINDOWSsystem32DRIVERSk750mdfl.sysS3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers;C:WINDOWSsystem32DRIVERSk750mdm.sysS3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers;C:WINDOWSsystem32DRIVERSk750mgmt.sysS3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers;C:WINDOWSsystem32DRIVERSk750obex.sysS3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver;??C:WINDOWSsystem32ZDPNDIS5.SYS**************************************************************************catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2007-08-01 15:04:05Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ...scanning hidden registry entries ...[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerMenuOrderFavoitesA151c]"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..[HKEY_CURRENT_USERSoftwareMicrosoftWindowsShellNoRoamMUICache]"C:Documents and SettingsWojtasPulpitotsYurOts 0.3 (Versx103o 8.0)0Yurots 0.3 Versx103o 0.8.exe"="Yurots 0.3 Versxe3o 0.8""C:Documents and SettingsWojtasPulpitotsOtsYurots 0.3 Versx103o 0.8.exe"="Yurots 0.3 Versxe3o 0.8"scanning hidden files ...scan completed successfullyhidden files: 0**************************************************************************Completion time: 2007-08-01 15:04:54C:ComboFix-quarantined-files.txt ... 2007-08-01 15:04 --- E O F ---
CatchMe komentarz 1 sierpnia 2007 komentarz 1 sierpnia 2007 Proszę umieścić powyższy log na www.wklej.org
Sanis komentarz 1 sierpnia 2007 Autor komentarz 1 sierpnia 2007 Umieściłem i co teraz? o to kod: http://www.wklej.org/id/0ab9fbf5c2 //O to chodzilo //Przemek Dzięki Przemek za poprawkę Przede wszystkim mam problem z tym: C:Program Filesxeroxwdfmgr-45180.exe Ponieważ gdy włączam grę robią się jakieś dziwne procesy co chwilę w rejestrze... IEXPLORE.EXE pełno się takich robi a jak zakończe proces wdfmgr-45180.exe to już jest ok... [ Dodano: 2007-08-03, 15:20 ] I co nikt już nie odpisze?
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.