Skocz do zawartości

  2. Przeglądanie profilu: Posty: Maciekk_

Maciekk_

Rejestracja: 26 cze 2008
OFFLINE Ostatnio: 26 06 2008 20:04
-----

Moje posty

W temacie: Logi - Zaatatkowany przez Spyware

26 06 2008 - 19:04

Zrobiłem wszystko co kazałeś, ale ciągle mam problem z tym powiadomieniem o nieorginalności oprogramowania.
Da się to jakoś usunąć od kiedy mam windows XP nigdy nie miałem podobnego przypadku.

Dołączona grafika

Ta informacja na pasku narzędzi mi nawet nie przeszkadza ale to przy włączaniu komputera troche denerwuje.
PS problem z internetem narazie znikł :P

W temacie: Logi - Zaatatkowany przez Spyware

26 06 2008 - 14:50 

ComboFix 08-06-20.4 - Maciek 2008-06-26 14:44:32.6 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1497 [GMT 2:00]
Running from: C:\Documents and Settings\Maciek\Moje dokumenty\hjt\ComboFix.exe
Command switches used :: C:\Documents and Settings\Maciek\Moje dokumenty\hjt\CFScript.txt
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED [img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img][/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-05-26 to 2008-06-26  )))))))))))))))))))))))))))))))
.

2008-06-26 11:27 . 2008-06-26 11:27	0	--a------	C:\WINNT\nsreg.dat
2008-06-26 06:43 . 2008-06-26 06:43	<DIR>	d--------	C:\Program Files\MSXML 4.0
2008-06-25 21:36 . 2008-06-14 20:01	273,024	---------	C:\WINNT\system32\drivers\bthport.sys
2008-06-25 21:36 . 2008-06-14 20:01	273,024	-----c---	C:\WINNT\system32\dllcache\bthport.sys
2008-06-25 21:33 . 2007-07-09 15:11	584,192	-----c---	C:\WINNT\system32\dllcache\rpcrt4.dll
2008-06-25 21:31 . 2008-05-08 14:28	202,752	-----c---	C:\WINNT\system32\dllcache\rmcast.sys
2008-06-25 19:55 . 2008-06-25 19:55	<DIR>	d--------	C:\WINNT\system32\xircom
2008-06-25 19:55 . 2008-06-25 19:55	<DIR>	d--------	C:\Program Files\microsoft frontpage
2008-06-25 14:49 . 2008-06-25 14:49	15,544	--a------	C:\WINNT\system32\drivers\sbhr.sys
2008-06-25 14:09 . 2008-06-25 14:17	<DIR>	d-a------	C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-06-25 13:01 . 2008-06-25 13:01	<DIR>	d--------	C:\Documents and Settings\Maciek\Dane aplikacji\Sunbelt Software
2008-06-25 13:01 . 2008-06-25 13:01	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Sunbelt Software
2008-06-25 13:01 . 2008-06-25 13:01	0	--a------	C:\WINNT\system32\SBRC.dat
2008-06-25 13:01 . 2008-06-25 13:01	0	--a------	C:\WINNT\system32\SBFC.dat
2008-06-25 13:00 . 2008-06-25 13:00	<DIR>	d--------	C:\Program Files\Sunbelt Software
2008-06-25 12:41 . 2008-06-26 11:09	<DIR>	d--------	C:\Program Files\Spyware Terminator
2008-06-25 12:41 . 2008-06-26 11:17	<DIR>	d--------	C:\Documents and Settings\Maciek\Dane aplikacji\Spyware Terminator
2008-06-25 12:41 . 2008-06-26 11:09	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator
2008-06-25 12:41 . 2008-06-25 12:41	141,312	--a------	C:\WINNT\system32\drivers\sp_rsdrv2.sys
2008-06-25 11:19 . 2008-06-25 11:19	<DIR>	d--------	C:\Program Files\Lavasoft
2008-06-25 11:19 . 2008-06-25 11:19	<DIR>	d--------	C:\Documents and Settings\Maciek\Dane aplikacji\Lavasoft
2008-06-25 11:11 . 2008-06-25 11:11	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-06-24 22:34 . 2008-06-25 15:15	90,838	--a------	C:\WINNT\system32\phc1c1j0eg03.bmp
2008-06-24 22:34 . 2008-06-25 15:15	60,928	--a------	C:\WINNT\system32\blphc1c1j0eg03.scr
2008-06-24 22:33 . 2008-06-24 22:33	54,156	--ah-----	C:\WINNT\QTFont.qfn
2008-06-24 22:33 . 2008-06-24 22:33	1,409	--a------	C:\WINNT\QTFont.for
2008-06-04 15:44 . 2008-06-04 15:44	<DIR>	d--------	C:\Soldat
2008-06-03 19:47 . 2008-06-03 19:47	<DIR>	d--------	C:\Program Files\Google
2008-06-02 21:32 . 2008-06-02 21:32	<DIR>	d--------	C:\Documents and Settings\Maciek\Dane aplikacji\DAEMON Tools
2008-05-31 21:21 . 2008-05-31 21:21	0	-ra------	C:\logwmemory.bin
2008-05-31 21:19 . 2008-05-31 21:19	<DIR>	d--------	C:\Documents and Settings\Maciek\Dane aplikacji\Soldat

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 07:57	---------	d-----w	C:\Documents and Settings\Maciek\Dane aplikacji\AVG7
2008-06-25 09:10	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard
2008-06-24 16:01	---------	d-----w	C:\Documents and Settings\Beata.LESZEK-4025D4B0\Dane aplikacji\AVG7
2008-06-18 16:47	---------	d-----w	C:\Documents and Settings\Maciek\Dane aplikacji\teamspeak2
2008-06-15 14:49	196,608	----a-w	C:\WINNT\system32\drivers\nStandard.bin
2008-05-24 07:44	43,520	----a-w	C:\WINNT\system32\CmdLineExt03.dll
2008-05-23 18:22	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-05-23 18:12	---------	d-----w	C:\Program Files\Sygate
2008-05-16 21:00	---------	d-----w	C:\Documents and Settings\Maciek\Dane aplikacji\Winamp
2008-05-08 12:28	202,752	----a-w	C:\WINNT\system32\drivers\rmcast.sys
2008-05-07 05:03	1,291,776	----a-w	C:\WINNT\system32\quartz.dll
2008-04-21 06:58	669,184	----a-w	C:\WINNT\system32\wininet.dll
2008-04-13 17:28	98,304	----a-w	C:\WINNT\system32\qttask.exe
2008-04-12 11:09	9,309,344	----a-w	C:\winamp5531_full_emusic-7plus_sv-se.exe
2008-04-12 11:05	1,732,834	----a-w	C:\ALLPlayer_[www.instalki.pl].exe
2008-04-10 18:16	6,184,960	----a-w	C:\epson26382eu.exe
2008-04-10 18:10	24,754,048	----a-w	C:\AdbeRdr812_pl_PL.exe
2008-04-09 20:26	499,712	----a-w	C:\WINNT\system32\msvcp71.dll
.

(((((((((((((((((((((((((((((   snapshot@2008-06-26_ 9.54.38,35   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-26 07:32:55	2,048	--s-a-w	C:\WINNT\bootstat.dat
+ 2008-06-26 11:43:10	2,048	--s-a-w	C:\WINNT\bootstat.dat
- 2008-06-26 04:47:05	2,912	----a-w	C:\WINNT\SoftwareDistribution\EventCache\{83906E52-06C3-467E-9800-9051A2D159BE}.bin
+ 2008-06-26 08:02:10	2,912	----a-w	C:\WINNT\SoftwareDistribution\EventCache\{83906E52-06C3-467E-9800-9051A2D159BE}.bin
- 2007-04-10 12:02:50	1,476,992	------w	C:\WINNT\system32\LegitCheckControl.dll
+ 2008-03-20 16:06:36	1,480,232	----a-w	C:\WINNT\system32\LegitCheckControl.DLL
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Documents and Settings\Maciek\Moje dokumenty\gg\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINNT\system32\NvCpl.dll" [2007-12-07 07:51 8523776]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-06-25 12:41 1817600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.sl_anet"= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.yv12"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"vidc.divx"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll
"vidc.iyuv"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
"vidc.uyvy"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yuy2"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yvyu"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"msacm.msaudio1"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\WINNT\\system32\\sessmgr.exe"=
"C:\\Soldat\\Soldat.exe"=
"E:\\cs 1.6\\hl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 SBHR;SBHR;C:\WINNT\system32\drivers\sbhr.sys [2008-06-25 14:49]
R1 EIO_XP;EIO_XP;C:\WINNT\system32\drivers\EIO_XP.sys [2006-06-14 13:44]
R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINNT\system32\DRIVERS\msikbd2k.sys [2001-12-20 08:02]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINNT\system32\drivers\sp_rsdrv2.sys [2008-06-25 12:41]
R2 nhksrv;Netropa NHK Server;C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 05:41]
R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINNT\system32\drivers\asusgsb.sys [2007-10-23 17:48]
R3 ASUSVRC;ASUSTeK Virtual Capture Device;C:\WINNT\system32\DRIVERS\AsusVRC.sys [2007-01-29 17:12]
R3 SBAPIFS;SBAPIFS;C:\WINNT\system32\drivers\sbapifs.sys []
R3 Video3D;ASUS Video3D Service;C:\WINNT\system32\Drivers\Video3D32.sys [2007-10-23 17:48]
S3 axskbus;axskbus;C:\WINNT\system32\DRIVERS\axskbus.sys []
S3 cdrmkaun;cdrmkaun;C:\DOCUME~1\Maciek\USTAWI~1\Temp\cdrmkaun.sys []
S3 mamotou;mamotou;C:\WINNT\system32\DRIVERS\mamotou.sys [2005-11-07 17:50]

*Newly Created Service* - SBAPIFS
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 14:45:15
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2008-06-26 14:45:47
ComboFix-quarantined-files.txt  2008-06-26 12:45:40
ComboFix2.txt  2008-06-26 12:05:24
ComboFix3.txt  2008-06-26 10:09:36
ComboFix4.txt  2008-06-26 07:54:52

Pre-Run: 30,980,804,608 bajtów wolnych
Post-Run: 30,982,635,520 bajtów wolnych

131	--- E O F ---	2008-06-26 07:52:26

Taki kod otrzymałem, folder usunięty ale te powiadomienia nie zniknęły.

  1. Forum Komputerowe Tweaks.pl
  2. Przeglądanie profilu: Posty: Maciekk_
  3. Polityka prywatności
  4. Szukaj
  5. Regulamin Forum ·