x-kom hosting

Windows XP wkurzające "system errory"

michak
utworzono
utworzono

Witam. Jakiś czas temu nałapałem jakiegoś szpiegowskiego !@#$ :angry: , ale ściągnąłem anty-spywar'a i wszystko usunąłem. Problem tkwi w tym, że podczas przeglądania folderów na C, otwierania niektórych stron w IE wyskakuje mi system error, którego treść brzmi mniej więcej tak: Niebezpieczne trojany wykryte w twoim systemie. Zagrożone są pliki systemowe. To może spowodować usunięcie plików w C:\WINDOWS. Pobierz chroniące oprogramowanie teraz. (mogłem się pomylić podczas tłumaczenia)

A pod tym dwa buttony: Tak po wciśnięciu ściąga się IE Security (albo coś podobnego) i Nie po wciśnięciu otwiera się jakaś strona z skanerem.

I teraz pytanie: czy da się jakoś to okienko wyłączać? Już mnie to bardzo wkurza ;/ otwieranie folderu to otwieranie nowej zakładki w FF i czasami mi się z 20 zakładek otwiera :angry:

Lucas4034
komentarz
komentarz

mozesz zrobic screena dla tego komunikatu. Bo mam wrazenie ze to kolejny wir. Pobierz avire przeskanuj kompa, potem wyczysc rejest. Ewentualnie zabawa w logi bedzie.

Lucas4034
komentarz
komentarz

No to nie jest na 100% komunikat windowsa. Generuje go jakis wir. Masz jakiegos dobrego( polecam Avirę :) ) antywira na kompie? Przeskanuj system , najlepiej w trybie awaryjnym. Jak nie znajdzie nic to bedziemy walczyc :)

michak
komentarz
komentarz

Mam AntiVira

CatchMe
komentarz
komentarz

Wklej logi z ComboFix i HijackThis.

michak
komentarz
komentarz

AntiVir znalazł jednego śmiecia, ale nic nie pomogło.

Logi z HijackThis:

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:15:32, on 2008-07-04Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\AntiVir PersonalEdition Classic\sched.exeC:\WINDOWS\ATKKBService.exeC:\Program Files\Bonjour\mDNSResponder.exec:\usr\MYSQL\bin\mysqld.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\Program Files\Spyware Doctor\pctsAuxs.exeC:\Program Files\Spyware Doctor\pctsSvc.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Winamp\winampa.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\AntiVir PersonalEdition Classic\avgnt.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Java\jre1.6.0_06\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\MagicDisc\MagicDisc.exeC:\WINDOWS\explorer.exeC:\Program Files\Spyware Doctor\pctsTray.exeC:\WINDOWS\system32\CF9734.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Gadu-Gadu\gg.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO2 - BHO: Spybot-S&D IE Protection - {B1892F58-1116-4DEC-92AA-577872EC3D3D} - C:\WINDOWS\system32\xmlwin.dllO2 - BHO: Gamburg provider - {F832BACA-4BD5-4eee-B420-4A85F0794030} - tinox1.dll (file missing)O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osbootO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automountO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htmO9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htmO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO21 - SSODL: zip - {0cace411-0c09-405c-956e-2bd0a5de8449} - C:\WINDOWS\Installer\{0cace411-0c09-405c-956e-2bd0a5de8449}\zip.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exeO23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: InterBase 7.5 Guardian gds_db (IBG_gds_db) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exeO23 - Service: InterBase 7.5 Server gds_db (IBS_gds_db) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exeO23 - Service: MySql - Unknown owner - c:\usr/MYSQL/bin/mysqld.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeO24 - Desktop Component 1: (no name) - C:\tescior.html--End of file - 8687 bytes
CatchMe
komentarz
komentarz

Do usunięcia wpisy poniższe w HijackThis a pogrubiony plik ręcznie z dysku:

O2 - BHO: Gamburg provider - {F832BACA-4BD5-4eee-B420-4A85F0794030} - tinox1.dll (file missing)O21 - SSODL: zip - {0cace411-0c09-405c-956e-2bd0a5de8449} - C:\WINDOWS\Installer\[b]{0cace411-0c09-405c-956e-2bd0a5de8449}[/b]\zip.dll

Znasz? Jeżeli nie to usuń.

O24 - Desktop Component 1: (no name) - C:\tescior.html

Gdzie log z ComboFix?

michak
komentarz
komentarz

W tym folderze żadnych plików nie widzę, ale kiedy usuwam cały folder wywala błąd, że nie da się usunąć jakiegoś pliku, bo jest używany.

Znasz? Jeżeli nie to usuń.

To moje :)

Gdzie log z ComboFix?

Z nim mam problem, kiedy uruchamiam windows się pyta czym ma uruchomić plik pv.cfexe i pokazuje mi się okno ze SpywareDoctor'a, że wykrył trojana.

snip91
komentarz
komentarz

Kaspersky tez tak robi. Wyłącz Antyvira i rób loga.

michak
komentarz
komentarz

Ale co mam zrobić z komunikatem windowsa?

CatchMe
komentarz
komentarz

To zrób log z DSS.

michak
komentarz
komentarz

DSS? :coto:

michak
komentarz
komentarz
Deckard's System Scanner v20071014.68Run by Michał on 2008-07-07 08:57:08Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 2 Restore Point(s) --2: 2008-07-07 06:57:18 UTC - RP80 - Deckard's System Scanner Restore Point1: 2008-07-05 07:25:36 UTC - RP79 - Punkt kontrolny systemuBacked up registry hives.Performed disk cleanup.System Drive C: has 2.42 GiB (less than 15%) free.-- HijackThis (run as Michał.exe) ----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 09:00:05, on 2008-07-07Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\AntiVir PersonalEdition Classic\sched.exeC:\WINDOWS\ATKKBService.exeC:\Program Files\Bonjour\mDNSResponder.exec:\usr\MYSQL\bin\mysqld.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\Program Files\Spyware Doctor\pctsAuxs.exeC:\Program Files\Spyware Doctor\pctsSvc.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\ASUS\GamerOSD\GamerOSD.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Winamp\winampa.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\AntiVir PersonalEdition Classic\avgnt.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Java\jre1.6.0_06\bin\jusched.exeC:\Program Files\Spyware Doctor\pctsTray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Gadu-Gadu\gg.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\MagicDisc\MagicDisc.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Documents and Settings\Michał\Pulpit\dss.exeC:\PROGRA~1\TRENDM~1\HIJACK~1\Michał.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO2 - BHO: Spybot-S&D IE Protection - {B1892F58-1116-4DEC-92AA-577872EC3D3D} - C:\WINDOWS\system32\xmlwin.dllO3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osbootO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automountO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htmO9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htmO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO21 - SSODL: zip - {0cace411-0c09-405c-956e-2bd0a5de8449} - C:\WINDOWS\Installer\{0cace411-0c09-405c-956e-2bd0a5de8449}\zip.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exeO23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: InterBase 7.5 Guardian gds_db (IBG_gds_db) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exeO23 - Service: InterBase 7.5 Server gds_db (IBS_gds_db) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exeO23 - Service: MySql - Unknown owner - c:\usr/MYSQL/bin/mysqld.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeO24 - Desktop Component 1: (no name) - C:\tescior.html--End of file - 8623 bytes-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------backup-20080705-091756-606 O21 - SSODL: zip - {0cace411-0c09-405c-956e-2bd0a5de8449} - C:\WINDOWS\Installer\{0cace411-0c09-405c-956e-2bd0a5de8449}\zip.dllbackup-20080705-091756-689 O2 - BHO: Gamburg provider - {F832BACA-4BD5-4eee-B420-4A85F0794030} - tinox1.dll (file missing)-- File Associations -----------------------------------------------------------.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------R1 asusgsb (ASUS Virtual Video Capture Device Driver) - c:\windows\system32\drivers\asusgsb32.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Virtual Video Capture Device Driver>R1 asuskbnt (Enhanced Display Driver Helper Service) - c:\windows\system32\drivers\atkkbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Help driver For Keyboard Service.>R1 EIO - c:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>R3 ALCXSENS (Service for WDM 3D Audio Driver) - c:\windows\system32\drivers\alcxsens.sys <Not Verified; Sensaura Ltd; >R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>R3 Video3D (ASUS Video3D Service) - c:\windows\system32\drivers\video3d32.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Video3D driver>-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; Scheduler>R2 ATKKeyboardService (ATK Keyboard Service) - c:\windows\atkkbservice.exe <Not Verified; ASUSTeK COMPUTER INC.; ASUS Keyboard Service>R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>R2 MySql - c:\usr/mysql/bin/mysqld.exeR2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>S2 IBG_gds_db (InterBase 7.5 Guardian gds_db) - c:\program files\borland\interbase\bin\ibguard.exe -i "c:\program files\borland\interbase" -p gds_db <Not Verified; Borland Software Corporation; InterBase Server>S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>S3 IBS_gds_db (InterBase 7.5 Server gds_db) - c:\program files\borland\interbase\bin\ibserver.exe -i "c:\program files\borland\interbase" -p gds_db <Not Verified; Borland Software Corporation; InterBase Server>-- Device Manager: Disabled ----------------------------------------------------Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}Description: Kontroler magistrali zarządzania systememDevice ID: PCI\VEN_10DE&DEV_00E4&SUBSYS_813F1043&REV_A1\3&267A616A&0&09Manufacturer: Name: Kontroler magistrali zarządzania systememPNP Device ID: PCI\VEN_10DE&DEV_00E4&SUBSYS_813F1043&REV_A1\3&267A616A&0&09Service: Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}Description: Inne urządzenia typu mostek PCIDevice ID: PCI\VEN_10DE&DEV_00DF&SUBSYS_80A71043&REV_A2\3&267A616A&0&28Manufacturer: Name: Inne urządzenia typu mostek PCIPNP Device ID: PCI\VEN_10DE&DEV_00DF&SUBSYS_80A71043&REV_A2\3&267A616A&0&28Service: Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}Description: Kontroler EthernetDevice ID: PCI\VEN_10EC&DEV_8185&SUBSYS_818510EC&REV_20\4&22775069&0&5070Manufacturer: Name: Kontroler EthernetPNP Device ID: PCI\VEN_10EC&DEV_8185&SUBSYS_818510EC&REV_20\4&22775069&0&5070Service: Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}Description: Hamachi Network InterfaceDevice ID: ROOT\NET\0000Manufacturer: LogMeIn, Inc.Name: Hamachi Network InterfacePNP Device ID: ROOT\NET\0000Service: hamachi-- Scheduled Tasks -------------------------------------------------------------2008-05-02 07:22:13	   284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job-- Files created between 2008-06-07 and 2008-07-07 -----------------------------2008-07-05 16:39:13		 0 d-------- C:\WINDOWS\speech2008-07-05 16:38:54		 0 d-------- C:\Program Files\ivo2008-07-04 17:23:31		 0 d-------- C:\Program Files\WinPcap2008-07-04 17:09:35	 68096 --a------ C:\WINDOWS\zip.exe2008-07-04 17:09:35	 49152 --a------ C:\WINDOWS\VFind.exe2008-07-04 17:09:35	212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>2008-07-04 17:09:35	136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>2008-07-04 17:09:35	161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>2008-07-04 17:09:35	 98816 --a------ C:\WINDOWS\sed.exe2008-07-04 17:09:35	 80412 --a------ C:\WINDOWS\grep.exe2008-07-04 17:09:35	 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >2008-07-04 17:03:48		 0 d-------- C:\Program Files\Trend Micro2008-07-03 14:23:22	 96896 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>2008-07-03 14:23:21		 0 d-------- C:\Program Files\MagicDisc2008-07-03 14:15:14		 0 d-------- C:\Program Files\Alcohol Soft2008-07-03 14:11:55	715248 --a------ C:\WINDOWS\system32\drivers\sptd.sys2008-07-01 15:18:30		 0 d-------- C:\Program Files\Spyware Doctor2008-07-01 13:05:56	408576 --a------ C:\WINDOWS\system32\Smab.dll2008-07-01 13:05:56	719872 --a------ C:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>2008-07-01 13:05:56	318976 --a------ C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>2008-07-01 13:05:55	 70656 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>2008-07-01 13:05:55	 70656 --a------ C:\WINDOWS\system32\i420vfw.dll <Not Verified; www.helixcommunity.org; Helix I420 YUV Codec>2008-07-01 13:05:55	 27648 --a------ C:\WINDOWS\system32\AVSredirect.dll2008-07-01 13:05:55	 66560 --a------ C:\WINDOWS\MOTA113.exe2008-07-01 13:05:54	217073 --a------ C:\WINDOWS\meta4.exe2008-07-01 13:05:54		 0 d-------- C:\Program Files\AviSynth 2.52008-07-01 13:05:42	 27648 ---hs---- C:\WINDOWS\system32\Smab0.dll2008-07-01 13:05:42	 31232 -r-hs---- C:\WINDOWS\system32\msfDX.dll <Not Verified; Hans Mayerl; msfDX.dll>2008-07-01 13:05:41	163328 -r-hs---- C:\WINDOWS\system32\flvDX.dll <Not Verified; Gabest; FLV Splitter>2008-07-01 13:05:34		 0 d-------- C:\Program Files\eRightSoft2008-07-01 12:35:21		 0 d-------- C:\Program Files\WinAVIVideoConverter2008-07-01 12:28:19	 26624 --a------ C:\WINDOWS\system32\xmlwin.dll2008-07-01 12:28:12	 26624 --a------ C:\WINDOWS\system32\domview.dll2008-07-01 12:28:03	 26624 --a------ C:\WINDOWS\system32\oggview.dll2008-06-30 14:06:29		 0 d-------- C:\Program Files\Easiestutils2008-06-30 13:57:47		 0 d-------- C:\videooutput2008-06-30 13:57:45	383238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll2008-06-30 13:37:31		 0 d-------- C:\Program Files\Fresh Catalog Trial Version2008-06-28 16:49:45	974909 --a------ C:\WINDOWS\system32\python23.dll <Not Verified; Python Software Foundation; Python>2008-06-28 16:49:45		 0 d-------- C:\Python232008-06-28 14:15:48		 0 d-------- C:\Program Files\Octoshape Streaming Services2008-06-27 13:37:22		 0 d-------- C:\Program Files\VentSrv2008-06-26 21:08:16		 0 d-------- C:\Program Files\Ventrilo2008-06-24 11:55:46		 0 d-------- C:\usr2008-06-24 07:23:05		 0 d-------- C:\Program Files\AbsoluteFTP2008-06-19 18:59:47		 0 d-------- C:\WINDOWS\system32\Adobe2008-06-19 15:40:51		 0 d-------- C:\WINDOWS\system32\drivers\UMDF2008-06-19 15:37:11		 0 d-------- C:\Program Files\Windows Media Connect 22008-06-19 11:39:30	129024 --a------ C:\WINDOWS\system32\AVERM.dll2008-06-19 11:39:30	 28672 --a------ C:\WINDOWS\system32\AVEQT.dll2008-06-19 11:39:27		 0 d-------- C:\Program Files\Ultra MPEG-4 Converter2008-06-18 21:28:45		 0 d-------- C:\Program Files\ATP2008-06-14 10:46:19		 0 d-------- C:\Program Files\IconXP2008-06-13 14:16:37	233472 --a------ C:\WINDOWS\system32\Ilda32.dll <Not Verified; Creative Development LTD; >2008-06-13 14:16:36		 0 d-------- C:\Program Files\Evrsoft2008-06-07 16:38:20		 0 d-------- C:\Program Files\mIRC-- Find3M Report ---------------------------------------------------------------2008-07-07 09:00:07		 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\MegauploadToolbar2008-07-03 09:12:37		 0 d-------- C:\Program Files\Common Files\Adobe2008-07-02 10:52:00		 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\Ventrilo2008-07-02 09:55:31		 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\Download Manager2008-07-01 16:38:04		 0 d--h----- C:\Program Files\InstallShield Installation Information2008-07-01 15:19:51	451220 --a------ C:\WINDOWS\system32\perfh015.dat2008-07-01 15:19:51	 75486 --a------ C:\WINDOWS\system32\perfc015.dat2008-07-01 15:18:30		 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\PC Tools2008-07-01 13:25:48		 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\Adobe2008-06-27 13:37:05		 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard2008-06-24 07:23:24		 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\VanDyke2008-06-23 21:28:57		 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\FileZilla2008-06-18 14:25:21		 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\Mozilla2008-06-12 21:56:22		 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\TVU Networks2008-06-07 22:25:01		 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\Help2008-06-07 16:44:41		 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\mIRC2008-06-05 20:31:59		 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\CodeGear2008-06-05 20:27:50		 0 d-------- C:\Program Files\CodeGear2008-06-05 20:24:26		 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\Azureus2008-06-05 07:26:53		 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\Tlen.pl2008-06-04 15:02:24		 0 d-------- C:\Program Files\Common Files2008-06-04 07:10:50	   335 --a------ C:\WINDOWS\nsreg.dat2008-06-04 07:10:39	  8661 --a------ C:\WINDOWS\mozver.dat2008-06-01 09:13:10	 53299 --a------ C:\WINDOWS\system32\pthreadVC.dll2008-05-28 16:03:13		 0 d-------- C:\Program Files\SUPERAntiSpyware2008-05-21 20:40:13		 0 d-------- C:\Program Files\Tlen.pl2008-05-20 19:47:33		 4 --a------ C:\Program Files\is.dat2008-05-20 19:46:22	 16384 --a------ C:\Program Files\uik.dat2008-05-19 14:38:56		 0 d-------- C:\Program Files\Indy 9 for Delphi 62008-05-19 14:22:53		 0 d-------- C:\Program Files\Common Files\Borland Shared2008-05-18 21:53:04		 0 d-------- C:\Program Files\JetAudio2008-05-17 16:52:14		 0 d-------- C:\Program Files\NetBeans 6.12008-05-17 11:59:06		 0 d-------- C:\Program Files\glassfish-v2ur22008-05-17 09:32:01		 0 d-------- C:\Program Files\Java2008-05-16 17:39:18		 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\Sun2008-05-16 17:27:46		 0 d-------- C:\Program Files\Common Files\Java2008-05-16 13:50:42		 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\gtk-2.02008-05-16 08:56:41		 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\COWON2008-05-09 14:45:52		 0 d-------- C:\Program Files\Borland2008-05-08 21:05:38		 0 d-------- C:\Program Files\Windows NT2008-05-08 21:05:32		 0 d-------- C:\Program Files\Movie Maker2008-05-08 21:04:44		 0 d-------- C:\Program Files\Messenger2008-05-08 21:03:21		 0 d-------- C:\Program Files\LClock2008-05-08 18:38:36	251152 -rahs---- C:\ntldr2008-04-23 02:00:00	196857 --a------ C:\WINDOWS\system32\pg_restore.dll <Not Verified; MicroOLAP Technologies Ltd., Direct Access Components Developers Group, http://microolap.com; Dump and Restore DLLs for PostgresDAC>2008-04-23 02:00:00	314325 --a------ C:\WINDOWS\system32\pg_dump.dll <Not Verified; MicroOLAP Technologies Ltd., Direct Access Components Developers Group, http://microolap.com; Dump and Restore DLLs for PostgresDAC>2008-04-23 02:00:00	186822 --a------ C:\WINDOWS\system32\libpq.dll <Not Verified;; PostgreSQL>2008-04-23 02:00:00	 51016 --a------ C:\WINDOWS\system32\libintl-2.dll2008-04-23 02:00:00	916849 --a------ C:\WINDOWS\system32\libiconv-2.dll2008-04-23 02:00:00	524288 --a------ C:\WINDOWS\system32\krb5_32.dll <Not Verified; Massachusetts Institute of Technology.; krb5_32.dll>2008-04-23 02:00:00	 24576 --a------ C:\WINDOWS\system32\comerr32.dll <Not Verified; Massachusetts Institute of Technology.; comerr32.dll>2008-04-14 23:16:20	  1804 --a------ C:\WINDOWS\system32\dcache.bin-- Registry Dump ---------------------------------------------------------------*Note* empty entries & legit default entries are not shown[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B1892F58-1116-4DEC-92AA-577872EC3D3D}]2008-07-01 12:28	26624	--a------	C:\WINDOWS\system32\xmlwin.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 07:26]"nwiz"="nwiz.exe" [2007-04-19 07:26 C:\WINDOWS\system32\nwiz.exe]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 07:26]"GamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-02-14 10:42]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16]"SoundMan"="SOUNDMAN.EXE" [2004-01-09 03:54 C:\WINDOWS\SOUNDMAN.EXE]"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49]"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12]"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 11:35]"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-04 21:02]"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28]"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54]"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 09:23]C:\Documents and Settings\Micha\Menu Start\Programy\Autostart\Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-07-03 14:23:21]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]"DisableRegistryTools"=0 (0x0)[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]Source= C:\tescior.htmlFriendlyName= [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-28 16:03 77824][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]"zip"= {0cace411-0c09-405c-956e-2bd0a5de8449} - C:\WINDOWS\Installer\{0cace411-0c09-405c-956e-2bd0a5de8449}\zip.dll [2008-03-16 21:54 23242][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"-- End of Deckard's System Scanner: finished at 2008-07-07 09:00:57 ------------

UP^^ <_<

Sean
komentarz
komentarz

Zrób punkt przywracania systemu :)

w trybie awaryjnym usuń plik

C:\WINDOWS\system32\xmlwin.dll

A te wpisy Fix

O2 - BHO: Spybot-S&D IE Protection - {B1892F58-1116-4DEC-92AA-577872EC3D3D} - C:\WINDOWS\system32\xmlwin.dllO21 - SSODL: zip - {0cace411-0c09-405c-956e-2bd0a5de8449} - C:\WINDOWS\Installer\{0cace411-0c09-405c-956e-2bd0a5de8449}\zip.dll

Następnie podaj nowe logi z hijackthis ... wyłącz antywirusa i podaj te logi z combofix

michak
komentarz
komentarz

W trybie awaryjnym windy czy jak? Bo normalnie się nie da usunąć.

Sean
komentarz
komentarz

Wiem że się nie da ;) wejdz w tryb awaryjny i postaraj się wywalić plik

michak
komentarz
komentarz

Dzięki Ci WIELKIE! Nareszcie pozbyłem się tego !@#$ :)

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:13:18, on 2008-07-08Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AntiVir PersonalEdition Classic\avguard.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\ASUS\GamerOSD\GamerOSD.exeC:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exeC:\Program Files\AntiVir PersonalEdition Classic\sched.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\ATKKBService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\AntiVir PersonalEdition Classic\avgnt.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exec:\usr\MYSQL\bin\mysqld.exeC:\Program Files\Java\jre1.6.0_06\bin\jusched.exeC:\Program Files\Spyware Doctor\pctsTray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Gadu-Gadu\gg.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\MagicDisc\MagicDisc.exeC:\WINDOWS\system32\PnkBstrA.exeC:\Program Files\Spyware Doctor\pctsAuxs.exeC:\Program Files\Spyware Doctor\pctsSvc.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osbootO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automountO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htmO9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htmO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO21 - SSODL: zip - {0cace411-0c09-405c-956e-2bd0a5de8449} - C:\WINDOWS\Installer\{0cace411-0c09-405c-956e-2bd0a5de8449}\zip.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exeO23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: InterBase 7.5 Guardian gds_db (IBG_gds_db) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exeO23 - Service: InterBase 7.5 Server gds_db (IBS_gds_db) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exeO23 - Service: MySql - Unknown owner - c:\usr/MYSQL/bin/mysqld.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeO24 - Desktop Component 1: (no name) - C:\tescior.html--End of file - 8637 bytes

ComboFix'a nie mogę otworzyć bo winda się pyta czym otworzyć plik pv.cfexe

Sean
komentarz
komentarz

;) nie ma sprawy sam sobie także coś udowodniłem :P dla pewności przeskanuj jeszcze komputer antywirusem ...

Wywal jeszcze w TA ten plik:

C:\WINDOWS\Installer\{0cace411-0c09-405c-956e-2bd0a5de8449}\zip.dll

a potem fix dla wpisu

O21 - SSODL: zip - {0cace411-0c09-405c-956e-2bd0a5de8449} - C:\WINDOWS\Installer\{0cace411-0c09-405c-956e-2bd0a5de8449}\zip.dll

Pierwszy raz coś takiego widzę <_< ale ogolnie czysto

michak
komentarz
komentarz

Ok, a z tym ComboFixem to jest normalne, że wyłącza się podaczas skanowania expolrer i traci się połączenie z internetem? :o

snip91
komentarz
komentarz
O21 - SSODL: zip - {0cace411-0c09-405c-956e-2bd0a5de8449} - C:\WINDOWS\Installer\{0cace411-0c09-405c-956e-2bd0a5de8449}\zip.dll

FIX

O24 - Desktop Component 1: (no name) - C:\tescior.html

O tym w googlach nic nie znalazłem, więc nie wiem co zrobić.

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

A to zbędne pliki. Można FIX'ować, ale nie trzeba.

C:\Program Files\Megaupload Toolbar

Można wywalić.

michak
komentarz
komentarz
Wywal jeszcze w TA ten plik:

KOD

C:\WINDOWS\Installer\{0cace411-0c09-405c-956e-2bd0a5de8449}\zip.dll

Nie mam tego pliku.

KOD

O24 - Desktop Component 1: (no name) - C:\tescior.html

O tym w googlach nic nie znalazłem, więc nie wiem co zrobić.

Już wcześniej pisałem, to moje :)

Sean
komentarz
komentarz

włącz opcję pokazuj pliki ukryte i zobacz czy widać dziada ;) a jak nie to go olej go :P google też o nim nic nie słyszało ... po prostu zrób ogólnego skana dysków antywirem i powiedz czy coś tam jeszcze siedziało ... pozdrawiam

snip91
komentarz
komentarz
google też o nim nic nie słyszało

Mi się wydaje, że słyszało, bo moje google coś znalazły :P

C:\WINDOWS\Installer

Usuń katalog

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.