michak utworzono 3 lipca 2008 utworzono 3 lipca 2008 Witam. Jakiś czas temu nałapałem jakiegoś szpiegowskiego !@#$ , ale ściągnąłem anty-spywar'a i wszystko usunąłem. Problem tkwi w tym, że podczas przeglądania folderów na C, otwierania niektórych stron w IE wyskakuje mi system error, którego treść brzmi mniej więcej tak: Niebezpieczne trojany wykryte w twoim systemie. Zagrożone są pliki systemowe. To może spowodować usunięcie plików w C:\WINDOWS. Pobierz chroniące oprogramowanie teraz. (mogłem się pomylić podczas tłumaczenia) A pod tym dwa buttony: Tak po wciśnięciu ściąga się IE Security (albo coś podobnego) i Nie po wciśnięciu otwiera się jakaś strona z skanerem. I teraz pytanie: czy da się jakoś to okienko wyłączać? Już mnie to bardzo wkurza ;/ otwieranie folderu to otwieranie nowej zakładki w FF i czasami mi się z 20 zakładek otwiera
Lucas4034 komentarz 3 lipca 2008 komentarz 3 lipca 2008 mozesz zrobic screena dla tego komunikatu. Bo mam wrazenie ze to kolejny wir. Pobierz avire przeskanuj kompa, potem wyczysc rejest. Ewentualnie zabawa w logi bedzie.
michak komentarz 3 lipca 2008 Autor komentarz 3 lipca 2008 Proszę bardzo: http://img79.imageshack.us/my.php?image=systemerroriw5.png
Lucas4034 komentarz 3 lipca 2008 komentarz 3 lipca 2008 No to nie jest na 100% komunikat windowsa. Generuje go jakis wir. Masz jakiegos dobrego( polecam Avirę ) antywira na kompie? Przeskanuj system , najlepiej w trybie awaryjnym. Jak nie znajdzie nic to bedziemy walczyc
michak komentarz 4 lipca 2008 Autor komentarz 4 lipca 2008 AntiVir znalazł jednego śmiecia, ale nic nie pomogło. Logi z HijackThis: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:15:32, on 2008-07-04Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\AntiVir PersonalEdition Classic\sched.exeC:\WINDOWS\ATKKBService.exeC:\Program Files\Bonjour\mDNSResponder.exec:\usr\MYSQL\bin\mysqld.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\Program Files\Spyware Doctor\pctsAuxs.exeC:\Program Files\Spyware Doctor\pctsSvc.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Winamp\winampa.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\AntiVir PersonalEdition Classic\avgnt.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Java\jre1.6.0_06\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\MagicDisc\MagicDisc.exeC:\WINDOWS\explorer.exeC:\Program Files\Spyware Doctor\pctsTray.exeC:\WINDOWS\system32\CF9734.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Gadu-Gadu\gg.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO2 - BHO: Spybot-S&D IE Protection - {B1892F58-1116-4DEC-92AA-577872EC3D3D} - C:\WINDOWS\system32\xmlwin.dllO2 - BHO: Gamburg provider - {F832BACA-4BD5-4eee-B420-4A85F0794030} - tinox1.dll (file missing)O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automountO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htmO9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htmO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO21 - SSODL: zip - {0cace411-0c09-405c-956e-2bd0a5de8449} - C:\WINDOWS\Installer\{0cace411-0c09-405c-956e-2bd0a5de8449}\zip.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exeO23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: InterBase 7.5 Guardian gds_db (IBG_gds_db) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exeO23 - Service: InterBase 7.5 Server gds_db (IBS_gds_db) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exeO23 - Service: MySql - Unknown owner - c:\usr/MYSQL/bin/mysqld.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeO24 - Desktop Component 1: (no name) - C:\tescior.html--End of file - 8687 bytes
CatchMe komentarz 4 lipca 2008 komentarz 4 lipca 2008 Do usunięcia wpisy poniższe w HijackThis a pogrubiony plik ręcznie z dysku: O2 - BHO: Gamburg provider - {F832BACA-4BD5-4eee-B420-4A85F0794030} - tinox1.dll (file missing)O21 - SSODL: zip - {0cace411-0c09-405c-956e-2bd0a5de8449} - C:\WINDOWS\Installer\[b]{0cace411-0c09-405c-956e-2bd0a5de8449}[/b]\zip.dll Znasz? Jeżeli nie to usuń. O24 - Desktop Component 1: (no name) - C:\tescior.html Gdzie log z ComboFix?
michak komentarz 5 lipca 2008 Autor komentarz 5 lipca 2008 W tym folderze żadnych plików nie widzę, ale kiedy usuwam cały folder wywala błąd, że nie da się usunąć jakiegoś pliku, bo jest używany. Znasz? Jeżeli nie to usuń. To moje Gdzie log z ComboFix? Z nim mam problem, kiedy uruchamiam windows się pyta czym ma uruchomić plik pv.cfexe i pokazuje mi się okno ze SpywareDoctor'a, że wykrył trojana.
snip91 komentarz 5 lipca 2008 komentarz 5 lipca 2008 Kaspersky tez tak robi. Wyłącz Antyvira i rób loga.
Sean komentarz 6 lipca 2008 komentarz 6 lipca 2008 DSS? :coto: DSS ---> Deckard's System Scanner Do pobrania http://www.techsupportforum.com/sectools/Deckard/dss.exe pozdrawiam
michak komentarz 8 lipca 2008 Autor komentarz 8 lipca 2008 Deckard's System Scanner v20071014.68Run by Michał on 2008-07-07 08:57:08Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 2 Restore Point(s) --2: 2008-07-07 06:57:18 UTC - RP80 - Deckard's System Scanner Restore Point1: 2008-07-05 07:25:36 UTC - RP79 - Punkt kontrolny systemuBacked up registry hives.Performed disk cleanup.System Drive C: has 2.42 GiB (less than 15%) free.-- HijackThis (run as Michał.exe) ----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 09:00:05, on 2008-07-07Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\AntiVir PersonalEdition Classic\sched.exeC:\WINDOWS\ATKKBService.exeC:\Program Files\Bonjour\mDNSResponder.exec:\usr\MYSQL\bin\mysqld.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\Program Files\Spyware Doctor\pctsAuxs.exeC:\Program Files\Spyware Doctor\pctsSvc.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\ASUS\GamerOSD\GamerOSD.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Winamp\winampa.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\AntiVir PersonalEdition Classic\avgnt.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Java\jre1.6.0_06\bin\jusched.exeC:\Program Files\Spyware Doctor\pctsTray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Gadu-Gadu\gg.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\MagicDisc\MagicDisc.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Documents and Settings\Michał\Pulpit\dss.exeC:\PROGRA~1\TRENDM~1\HIJACK~1\Michał.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO2 - BHO: Spybot-S&D IE Protection - {B1892F58-1116-4DEC-92AA-577872EC3D3D} - C:\WINDOWS\system32\xmlwin.dllO3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automountO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htmO9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htmO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO21 - SSODL: zip - {0cace411-0c09-405c-956e-2bd0a5de8449} - C:\WINDOWS\Installer\{0cace411-0c09-405c-956e-2bd0a5de8449}\zip.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exeO23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: InterBase 7.5 Guardian gds_db (IBG_gds_db) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exeO23 - Service: InterBase 7.5 Server gds_db (IBS_gds_db) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exeO23 - Service: MySql - Unknown owner - c:\usr/MYSQL/bin/mysqld.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeO24 - Desktop Component 1: (no name) - C:\tescior.html--End of file - 8623 bytes-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------backup-20080705-091756-606 O21 - SSODL: zip - {0cace411-0c09-405c-956e-2bd0a5de8449} - C:\WINDOWS\Installer\{0cace411-0c09-405c-956e-2bd0a5de8449}\zip.dllbackup-20080705-091756-689 O2 - BHO: Gamburg provider - {F832BACA-4BD5-4eee-B420-4A85F0794030} - tinox1.dll (file missing)-- File Associations -----------------------------------------------------------.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------R1 asusgsb (ASUS Virtual Video Capture Device Driver) - c:\windows\system32\drivers\asusgsb32.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Virtual Video Capture Device Driver>R1 asuskbnt (Enhanced Display Driver Helper Service) - c:\windows\system32\drivers\atkkbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Help driver For Keyboard Service.>R1 EIO - c:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>R3 ALCXSENS (Service for WDM 3D Audio Driver) - c:\windows\system32\drivers\alcxsens.sys <Not Verified; Sensaura Ltd; >R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>R3 Video3D (ASUS Video3D Service) - c:\windows\system32\drivers\video3d32.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Video3D driver>-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; Scheduler>R2 ATKKeyboardService (ATK Keyboard Service) - c:\windows\atkkbservice.exe <Not Verified; ASUSTeK COMPUTER INC.; ASUS Keyboard Service>R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>R2 MySql - c:\usr/mysql/bin/mysqld.exeR2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>S2 IBG_gds_db (InterBase 7.5 Guardian gds_db) - c:\program files\borland\interbase\bin\ibguard.exe -i "c:\program files\borland\interbase" -p gds_db <Not Verified; Borland Software Corporation; InterBase Server>S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>S3 IBS_gds_db (InterBase 7.5 Server gds_db) - c:\program files\borland\interbase\bin\ibserver.exe -i "c:\program files\borland\interbase" -p gds_db <Not Verified; Borland Software Corporation; InterBase Server>-- Device Manager: Disabled ----------------------------------------------------Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}Description: Kontroler magistrali zarządzania systememDevice ID: PCI\VEN_10DE&DEV_00E4&SUBSYS_813F1043&REV_A1\3&267A616A&0&09Manufacturer: Name: Kontroler magistrali zarządzania systememPNP Device ID: PCI\VEN_10DE&DEV_00E4&SUBSYS_813F1043&REV_A1\3&267A616A&0&09Service: Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}Description: Inne urządzenia typu mostek PCIDevice ID: PCI\VEN_10DE&DEV_00DF&SUBSYS_80A71043&REV_A2\3&267A616A&0&28Manufacturer: Name: Inne urządzenia typu mostek PCIPNP Device ID: PCI\VEN_10DE&DEV_00DF&SUBSYS_80A71043&REV_A2\3&267A616A&0&28Service: Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}Description: Kontroler EthernetDevice ID: PCI\VEN_10EC&DEV_8185&SUBSYS_818510EC&REV_20\4&22775069&0&5070Manufacturer: Name: Kontroler EthernetPNP Device ID: PCI\VEN_10EC&DEV_8185&SUBSYS_818510EC&REV_20\4&22775069&0&5070Service: Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}Description: Hamachi Network InterfaceDevice ID: ROOT\NET\0000Manufacturer: LogMeIn, Inc.Name: Hamachi Network InterfacePNP Device ID: ROOT\NET\0000Service: hamachi-- Scheduled Tasks -------------------------------------------------------------2008-05-02 07:22:13 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job-- Files created between 2008-06-07 and 2008-07-07 -----------------------------2008-07-05 16:39:13 0 d-------- C:\WINDOWS\speech2008-07-05 16:38:54 0 d-------- C:\Program Files\ivo2008-07-04 17:23:31 0 d-------- C:\Program Files\WinPcap2008-07-04 17:09:35 68096 --a------ C:\WINDOWS\zip.exe2008-07-04 17:09:35 49152 --a------ C:\WINDOWS\VFind.exe2008-07-04 17:09:35 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>2008-07-04 17:09:35 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>2008-07-04 17:09:35 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>2008-07-04 17:09:35 98816 --a------ C:\WINDOWS\sed.exe2008-07-04 17:09:35 80412 --a------ C:\WINDOWS\grep.exe2008-07-04 17:09:35 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >2008-07-04 17:03:48 0 d-------- C:\Program Files\Trend Micro2008-07-03 14:23:22 96896 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>2008-07-03 14:23:21 0 d-------- C:\Program Files\MagicDisc2008-07-03 14:15:14 0 d-------- C:\Program Files\Alcohol Soft2008-07-03 14:11:55 715248 --a------ C:\WINDOWS\system32\drivers\sptd.sys2008-07-01 15:18:30 0 d-------- C:\Program Files\Spyware Doctor2008-07-01 13:05:56 408576 --a------ C:\WINDOWS\system32\Smab.dll2008-07-01 13:05:56 719872 --a------ C:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>2008-07-01 13:05:56 318976 --a------ C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>2008-07-01 13:05:55 70656 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>2008-07-01 13:05:55 70656 --a------ C:\WINDOWS\system32\i420vfw.dll <Not Verified; www.helixcommunity.org; Helix I420 YUV Codec>2008-07-01 13:05:55 27648 --a------ C:\WINDOWS\system32\AVSredirect.dll2008-07-01 13:05:55 66560 --a------ C:\WINDOWS\MOTA113.exe2008-07-01 13:05:54 217073 --a------ C:\WINDOWS\meta4.exe2008-07-01 13:05:54 0 d-------- C:\Program Files\AviSynth 2.52008-07-01 13:05:42 27648 ---hs---- C:\WINDOWS\system32\Smab0.dll2008-07-01 13:05:42 31232 -r-hs---- C:\WINDOWS\system32\msfDX.dll <Not Verified; Hans Mayerl; msfDX.dll>2008-07-01 13:05:41 163328 -r-hs---- C:\WINDOWS\system32\flvDX.dll <Not Verified; Gabest; FLV Splitter>2008-07-01 13:05:34 0 d-------- C:\Program Files\eRightSoft2008-07-01 12:35:21 0 d-------- C:\Program Files\WinAVIVideoConverter2008-07-01 12:28:19 26624 --a------ C:\WINDOWS\system32\xmlwin.dll2008-07-01 12:28:12 26624 --a------ C:\WINDOWS\system32\domview.dll2008-07-01 12:28:03 26624 --a------ C:\WINDOWS\system32\oggview.dll2008-06-30 14:06:29 0 d-------- C:\Program Files\Easiestutils2008-06-30 13:57:47 0 d-------- C:\videooutput2008-06-30 13:57:45 383238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll2008-06-30 13:37:31 0 d-------- C:\Program Files\Fresh Catalog Trial Version2008-06-28 16:49:45 974909 --a------ C:\WINDOWS\system32\python23.dll <Not Verified; Python Software Foundation; Python>2008-06-28 16:49:45 0 d-------- C:\Python232008-06-28 14:15:48 0 d-------- C:\Program Files\Octoshape Streaming Services2008-06-27 13:37:22 0 d-------- C:\Program Files\VentSrv2008-06-26 21:08:16 0 d-------- C:\Program Files\Ventrilo2008-06-24 11:55:46 0 d-------- C:\usr2008-06-24 07:23:05 0 d-------- C:\Program Files\AbsoluteFTP2008-06-19 18:59:47 0 d-------- C:\WINDOWS\system32\Adobe2008-06-19 15:40:51 0 d-------- C:\WINDOWS\system32\drivers\UMDF2008-06-19 15:37:11 0 d-------- C:\Program Files\Windows Media Connect 22008-06-19 11:39:30 129024 --a------ C:\WINDOWS\system32\AVERM.dll2008-06-19 11:39:30 28672 --a------ C:\WINDOWS\system32\AVEQT.dll2008-06-19 11:39:27 0 d-------- C:\Program Files\Ultra MPEG-4 Converter2008-06-18 21:28:45 0 d-------- C:\Program Files\ATP2008-06-14 10:46:19 0 d-------- C:\Program Files\IconXP2008-06-13 14:16:37 233472 --a------ C:\WINDOWS\system32\Ilda32.dll <Not Verified; Creative Development LTD; >2008-06-13 14:16:36 0 d-------- C:\Program Files\Evrsoft2008-06-07 16:38:20 0 d-------- C:\Program Files\mIRC-- Find3M Report ---------------------------------------------------------------2008-07-07 09:00:07 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\MegauploadToolbar2008-07-03 09:12:37 0 d-------- C:\Program Files\Common Files\Adobe2008-07-02 10:52:00 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\Ventrilo2008-07-02 09:55:31 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\Download Manager2008-07-01 16:38:04 0 d--h----- C:\Program Files\InstallShield Installation Information2008-07-01 15:19:51 451220 --a------ C:\WINDOWS\system32\perfh015.dat2008-07-01 15:19:51 75486 --a------ C:\WINDOWS\system32\perfc015.dat2008-07-01 15:18:30 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\PC Tools2008-07-01 13:25:48 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\Adobe2008-06-27 13:37:05 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard2008-06-24 07:23:24 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\VanDyke2008-06-23 21:28:57 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\FileZilla2008-06-18 14:25:21 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\Mozilla2008-06-12 21:56:22 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\TVU Networks2008-06-07 22:25:01 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\Help2008-06-07 16:44:41 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\mIRC2008-06-05 20:31:59 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\CodeGear2008-06-05 20:27:50 0 d-------- C:\Program Files\CodeGear2008-06-05 20:24:26 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\Azureus2008-06-05 07:26:53 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\Tlen.pl2008-06-04 15:02:24 0 d-------- C:\Program Files\Common Files2008-06-04 07:10:50 335 --a------ C:\WINDOWS\nsreg.dat2008-06-04 07:10:39 8661 --a------ C:\WINDOWS\mozver.dat2008-06-01 09:13:10 53299 --a------ C:\WINDOWS\system32\pthreadVC.dll2008-05-28 16:03:13 0 d-------- C:\Program Files\SUPERAntiSpyware2008-05-21 20:40:13 0 d-------- C:\Program Files\Tlen.pl2008-05-20 19:47:33 4 --a------ C:\Program Files\is.dat2008-05-20 19:46:22 16384 --a------ C:\Program Files\uik.dat2008-05-19 14:38:56 0 d-------- C:\Program Files\Indy 9 for Delphi 62008-05-19 14:22:53 0 d-------- C:\Program Files\Common Files\Borland Shared2008-05-18 21:53:04 0 d-------- C:\Program Files\JetAudio2008-05-17 16:52:14 0 d-------- C:\Program Files\NetBeans 6.12008-05-17 11:59:06 0 d-------- C:\Program Files\glassfish-v2ur22008-05-17 09:32:01 0 d-------- C:\Program Files\Java2008-05-16 17:39:18 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\Sun2008-05-16 17:27:46 0 d-------- C:\Program Files\Common Files\Java2008-05-16 13:50:42 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\gtk-2.02008-05-16 08:56:41 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\COWON2008-05-09 14:45:52 0 d-------- C:\Program Files\Borland2008-05-08 21:05:38 0 d-------- C:\Program Files\Windows NT2008-05-08 21:05:32 0 d-------- C:\Program Files\Movie Maker2008-05-08 21:04:44 0 d-------- C:\Program Files\Messenger2008-05-08 21:03:21 0 d-------- C:\Program Files\LClock2008-05-08 18:38:36 251152 -rahs---- C:\ntldr2008-04-23 02:00:00 196857 --a------ C:\WINDOWS\system32\pg_restore.dll <Not Verified; MicroOLAP Technologies Ltd., Direct Access Components Developers Group, http://microolap.com; Dump and Restore DLLs for PostgresDAC>2008-04-23 02:00:00 314325 --a------ C:\WINDOWS\system32\pg_dump.dll <Not Verified; MicroOLAP Technologies Ltd., Direct Access Components Developers Group, http://microolap.com; Dump and Restore DLLs for PostgresDAC>2008-04-23 02:00:00 186822 --a------ C:\WINDOWS\system32\libpq.dll <Not Verified;; PostgreSQL>2008-04-23 02:00:00 51016 --a------ C:\WINDOWS\system32\libintl-2.dll2008-04-23 02:00:00 916849 --a------ C:\WINDOWS\system32\libiconv-2.dll2008-04-23 02:00:00 524288 --a------ C:\WINDOWS\system32\krb5_32.dll <Not Verified; Massachusetts Institute of Technology.; krb5_32.dll>2008-04-23 02:00:00 24576 --a------ C:\WINDOWS\system32\comerr32.dll <Not Verified; Massachusetts Institute of Technology.; comerr32.dll>2008-04-14 23:16:20 1804 --a------ C:\WINDOWS\system32\dcache.bin-- Registry Dump ---------------------------------------------------------------*Note* empty entries & legit default entries are not shown[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B1892F58-1116-4DEC-92AA-577872EC3D3D}]2008-07-01 12:28 26624 --a------ C:\WINDOWS\system32\xmlwin.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 07:26]"nwiz"="nwiz.exe" [2007-04-19 07:26 C:\WINDOWS\system32\nwiz.exe]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 07:26]"GamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-02-14 10:42]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16]"SoundMan"="SOUNDMAN.EXE" [2004-01-09 03:54 C:\WINDOWS\SOUNDMAN.EXE]"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49]"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12]"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 11:35]"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-04 21:02]"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28]"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54]"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 09:23]C:\Documents and Settings\Micha\Menu Start\Programy\Autostart\Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-07-03 14:23:21]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]"DisableRegistryTools"=0 (0x0)[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]Source= C:\tescior.htmlFriendlyName= [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-28 16:03 77824][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]"zip"= {0cace411-0c09-405c-956e-2bd0a5de8449} - C:\WINDOWS\Installer\{0cace411-0c09-405c-956e-2bd0a5de8449}\zip.dll [2008-03-16 21:54 23242][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"-- End of Deckard's System Scanner: finished at 2008-07-07 09:00:57 ------------ UP^^ <_<
Sean komentarz 8 lipca 2008 komentarz 8 lipca 2008 Zrób punkt przywracania systemu w trybie awaryjnym usuń plik C:\WINDOWS\system32\xmlwin.dll A te wpisy Fix O2 - BHO: Spybot-S&D IE Protection - {B1892F58-1116-4DEC-92AA-577872EC3D3D} - C:\WINDOWS\system32\xmlwin.dllO21 - SSODL: zip - {0cace411-0c09-405c-956e-2bd0a5de8449} - C:\WINDOWS\Installer\{0cace411-0c09-405c-956e-2bd0a5de8449}\zip.dll Następnie podaj nowe logi z hijackthis ... wyłącz antywirusa i podaj te logi z combofix
michak komentarz 8 lipca 2008 Autor komentarz 8 lipca 2008 W trybie awaryjnym windy czy jak? Bo normalnie się nie da usunąć.
Sean komentarz 8 lipca 2008 komentarz 8 lipca 2008 Wiem że się nie da wejdz w tryb awaryjny i postaraj się wywalić plik
michak komentarz 8 lipca 2008 Autor komentarz 8 lipca 2008 Dzięki Ci WIELKIE! Nareszcie pozbyłem się tego !@#$ Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:13:18, on 2008-07-08Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AntiVir PersonalEdition Classic\avguard.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\ASUS\GamerOSD\GamerOSD.exeC:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exeC:\Program Files\AntiVir PersonalEdition Classic\sched.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\ATKKBService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\AntiVir PersonalEdition Classic\avgnt.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exec:\usr\MYSQL\bin\mysqld.exeC:\Program Files\Java\jre1.6.0_06\bin\jusched.exeC:\Program Files\Spyware Doctor\pctsTray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Gadu-Gadu\gg.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\MagicDisc\MagicDisc.exeC:\WINDOWS\system32\PnkBstrA.exeC:\Program Files\Spyware Doctor\pctsAuxs.exeC:\Program Files\Spyware Doctor\pctsSvc.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automountO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htmO9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htmO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO21 - SSODL: zip - {0cace411-0c09-405c-956e-2bd0a5de8449} - C:\WINDOWS\Installer\{0cace411-0c09-405c-956e-2bd0a5de8449}\zip.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exeO23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: InterBase 7.5 Guardian gds_db (IBG_gds_db) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exeO23 - Service: InterBase 7.5 Server gds_db (IBS_gds_db) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exeO23 - Service: MySql - Unknown owner - c:\usr/MYSQL/bin/mysqld.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeO24 - Desktop Component 1: (no name) - C:\tescior.html--End of file - 8637 bytes ComboFix'a nie mogę otworzyć bo winda się pyta czym otworzyć plik pv.cfexe
Sean komentarz 8 lipca 2008 komentarz 8 lipca 2008 nie ma sprawy sam sobie także coś udowodniłem dla pewności przeskanuj jeszcze komputer antywirusem ... Wywal jeszcze w TA ten plik: C:\WINDOWS\Installer\{0cace411-0c09-405c-956e-2bd0a5de8449}\zip.dll a potem fix dla wpisu O21 - SSODL: zip - {0cace411-0c09-405c-956e-2bd0a5de8449} - C:\WINDOWS\Installer\{0cace411-0c09-405c-956e-2bd0a5de8449}\zip.dll Pierwszy raz coś takiego widzę <_< ale ogolnie czysto
michak komentarz 8 lipca 2008 Autor komentarz 8 lipca 2008 Ok, a z tym ComboFixem to jest normalne, że wyłącza się podaczas skanowania expolrer i traci się połączenie z internetem?
snip91 komentarz 8 lipca 2008 komentarz 8 lipca 2008 O21 - SSODL: zip - {0cace411-0c09-405c-956e-2bd0a5de8449} - C:\WINDOWS\Installer\{0cace411-0c09-405c-956e-2bd0a5de8449}\zip.dll FIX O24 - Desktop Component 1: (no name) - C:\tescior.html O tym w googlach nic nie znalazłem, więc nie wiem co zrobić. O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background A to zbędne pliki. Można FIX'ować, ale nie trzeba. C:\Program Files\Megaupload Toolbar Można wywalić.
michak komentarz 8 lipca 2008 Autor komentarz 8 lipca 2008 Wywal jeszcze w TA ten plik:KOD C:\WINDOWS\Installer\{0cace411-0c09-405c-956e-2bd0a5de8449}\zip.dll Nie mam tego pliku. KODO24 - Desktop Component 1: (no name) - C:\tescior.html O tym w googlach nic nie znalazłem, więc nie wiem co zrobić. Już wcześniej pisałem, to moje
Sean komentarz 8 lipca 2008 komentarz 8 lipca 2008 włącz opcję pokazuj pliki ukryte i zobacz czy widać dziada a jak nie to go olej go google też o nim nic nie słyszało ... po prostu zrób ogólnego skana dysków antywirem i powiedz czy coś tam jeszcze siedziało ... pozdrawiam
snip91 komentarz 8 lipca 2008 komentarz 8 lipca 2008 google też o nim nic nie słyszało Mi się wydaje, że słyszało, bo moje google coś znalazły C:\WINDOWS\Installer Usuń katalog
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.