IE sie nie chce włączyć po aktualizacji automatycznej


(Mateusz12g) #1

Jak w temacie. Ściągnąłem też nową wersję ale po instalacji dalej to samo. Czyscilem ccleanerem i adaware. Znaleziono wirusa win32.worm.wukill który byl w zdjeciach. Troche to dziwne. Mam nie towierac tych zdjec??

hijack log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:49:05, on 2009-06-12

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Onet\Flircik\Flircik.exe

C:\Program Files\Pasek TVN24\tvn-ustawienia.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\dumprep.exe

C:\WINDOWS\system32\dwwin.exe

C:\Program Files\Opera\Opera.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: (no name) - {b5146c40-189a-4311-bda9-fbae3e023187} - (no file)

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [IERESETATTRIB] %SystemRoot%\system32\cmd.exe /d /q /c %SystemRoot%\system32\ieudinit.exe -ResetFileAttributes

O4 - HKLM\..\RunOnce: [Installing-ie8] C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\IE-REDIST.EXE /passive /ieak-full:C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\IEAKCopy946

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Flircik] C:\Program Files\Onet\Flircik\Flircik.exe

O4 - HKCU\..\Run: [Twoje TVN24] "C:\Program Files\Pasek TVN24\tvn-ustawienia.exe"

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.adax.pl/witamy

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://hstv.pl/divx/browser.cab

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


--

End of file - 5969 bytes

(96jasio96) #2

:arrow: Sfiksuj w HijackThis

:arrow: Daj log z ComboFix


(Mateusz12g) #3

Dzięki wielkie po usunięciu tych wpisów IE działa juz :). Nie instalowalem konsoli odzyskiwania bo nie mam dostepu do neta na skanowanym komputerze.

Logi

Hijack (na wszelki wypadek)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:07:07, on 2009-06-12

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Flircik] C:\Program Files\Onet\Flircik\Flircik.exe

O4 - HKCU\..\Run: [Twoje TVN24] "C:\Program Files\Pasek TVN24\tvn-ustawienia.exe"

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.adax.pl/witamy

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://hstv.pl/divx/browser.cab

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


--

End of file - 5194 bytes

Combofix:

ComboFix 09-06-11.06 - Właściciel 2009-06-12 19:09.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2047.1651 [GMT 2:00]

Uruchomiony z: c:\documents and settings\Właściciel\Pulpit\ComboFix.exe


UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA 

.


((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.


c:\program files\Microsoft Common

c:\program files\myglobalsearch

c:\program files\Program Files.exe

c:\windows\MShelp.EXE

C:\WINFILE.EXE

I:\WINFILE.EXE

C:\comment.htt

C:\desktop.ini

c:\program files\myglobalsearch\bar\History\search

I:\comment.htt

I:\desktop.ini


.

((((((((((((((((((((((((( Pliki utworzone od 2009-05-12 do 2009-06-12 )))))))))))))))))))))))))))))))

.


2009-06-12 16:24 . 2009-06-12 16:25	--------	dc-h--w-	c:\windows\ie8

2009-06-12 16:24 . 2008-04-14 16:20	21504	-c--a-w-	c:\windows\system32\dllcache\hidserv.dll

2009-06-12 16:24 . 2008-04-14 16:20	21504	----a-w-	c:\windows\system32\hidserv.dll

2009-06-12 16:24 . 2008-04-14 15:20	14720	-c--a-w-	c:\windows\system32\dllcache\kbdhid.sys

2009-06-12 16:24 . 2008-04-14 15:20	14720	----a-w-	c:\windows\system32\drivers\kbdhid.sys

2009-06-12 12:48 . 2009-06-12 12:48	--------	d-----w-	c:\program files\Trend Micro

2009-06-12 12:28 . 2009-06-12 16:26	--------	d--h--w-	c:\windows\msdownld.tmp

2009-06-12 12:28 . 2009-06-12 12:29	--------	d-----w-	c:\program files\Google

2009-06-12 12:27 . 2009-06-12 12:27	--------	d-sh--w-	c:\documents and settings\LocalService\IETldCache

2009-06-12 12:13 . 2009-01-18 21:35	15688	----a-w-	c:\windows\system32\lsdelete.exe

2009-06-12 12:12 . 2009-06-12 12:12	--------	d-----w-	c:\documents and settings\LocalService\Pulpit

2009-06-12 12:10 . 2009-06-12 12:10	--------	dc----w-	c:\windows\system32\DRVSTORE

2009-06-12 12:10 . 2009-01-18 21:30	64160	----a-w-	c:\windows\system32\drivers\Lbd.sys

2009-06-12 12:10 . 2009-06-12 12:10	--------	dc-h--w-	c:\documents and settings\All Users\Dane aplikacji\{83C91755-2546-441D-AC40-9A6B4B860800}

2009-06-12 12:10 . 2009-01-18 21:43	2892112	-c--a-w-	c:\documents and settings\All Users\Dane aplikacji\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe

2009-06-12 12:09 . 2009-06-12 12:10	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Lavasoft

2009-06-12 12:09 . 2009-06-12 12:09	--------	d-----w-	c:\program files\Lavasoft

2009-06-12 12:05 . 2009-06-12 12:05	--------	d-----w-	c:\program files\CCleaner

2009-06-12 06:32 . 2009-04-30 21:17	12800	-c----w-	c:\windows\system32\dllcache\xpshims.dll

2009-06-12 06:32 . 2009-04-30 21:17	246272	-c----w-	c:\windows\system32\dllcache\ieproxy.dll

2009-06-12 06:32 . 2009-06-12 12:25	--------	d-----w-	c:\windows\ie8updates

2009-06-12 06:32 . 2009-05-12 05:11	102912	-c----w-	c:\windows\system32\dllcache\iecompat.dll

2009-05-17 12:54 . 2009-05-17 12:54	410984	----a-w-	c:\windows\system32\deploytk.dll


.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-12 12:17 . 2008-04-12 13:26	--------	d-----w-	c:\program files\BearShare

2009-05-30 14:04 . 2008-04-17 21:43	--------	d-----w-	c:\program files\neostrada tp

2009-05-20 07:15 . 2009-05-20 07:15	33	----a-w-	c:\windows\system32\drivers\adidsl.cfg

2009-05-20 07:15 . 2008-03-20 09:40	--------	d--h--w-	c:\program files\InstallShield Installation Information

2009-05-20 07:15 . 2009-05-20 07:15	--------	d-----w-	c:\program files\SAGEM

2009-05-17 12:54 . 2008-04-14 06:28	--------	d-----w-	c:\program files\Java

2009-05-12 07:38 . 2009-05-12 07:37	--------	d-----w-	c:\program files\Axesstel

2009-05-12 06:37 . 2009-05-12 06:25	--------	d-----w-	c:\program files\Common Files\France Telecom

2009-05-12 06:26 . 2009-05-12 06:26	--------	d-----w-	c:\program files\OrangeBS

2009-05-07 15:34 . 2008-03-20 10:14	347648	----a-w-	c:\windows\system32\localspl.dll

2009-04-19 19:51 . 2008-03-20 10:14	1847424	----a-w-	c:\windows\system32\win32k.sys

2009-04-16 06:07 . 2008-03-20 10:14	77464	----a-w-	c:\windows\system32\perfc015.dat

2009-04-16 06:07 . 2008-03-20 10:14	457526	----a-w-	c:\windows\system32\perfh015.dat

2009-04-15 14:54 . 2008-03-20 10:14	585216	----a-w-	c:\windows\system32\rpcrt4.dll

2009-03-26 07:34 . 2008-03-20 09:25	76487	----a-w-	c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-02-25 04:34 . 2009-05-12 07:38	90112	----a-r-	c:\program files\axesstel.dll

2009-02-25 04:34 . 2009-05-12 07:38	118784	----a-r-	c:\program files\MSP_Uninstall.exe

.


((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"Flircik"="c:\program files\Onet\Flircik\Flircik.exe" [2007-07-11 1253376]

"Twoje TVN24"="c:\program files\Pasek TVN24\tvn-ustawienia.exe" [2008-11-06 2744936]

"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]

"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-17 148888]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-05 1626112]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-10-16 16855552]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"


[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Gadu-Gadu\\gg.exe"=

"c:\\Program Files\\Axesstel\\AxessManager\\AxessManager.exe"=


R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-06-12 64160]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936]

S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2009-05-20 64000]

S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [2009-05-20 116992]

S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2009-05-12 99840]

.

Zawartość folderu 'Zaplanowane zadania'


2009-06-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 21:34]

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.google.com/

IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

FF - ProfilePath - 

.


**************************************************************************


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-12 19:10

Windows 5.1.2600 Dodatek Service Pack 3 NTFS


skanowanie ukrytych procesów ...  


skanowanie ukrytych wpisów autostartu ... 


skanowanie ukrytych plików ...  


skanowanie pomyślnie ukończone

ukryte pliki: 0


**************************************************************************

.

Czas ukończenia: 2009-06-12 19:11

ComboFix-quarantined-files.txt 2009-06-12 17:11


Przed: 24 761 716 736 bajtów wolnych

Po: 25 220 100 096 bajtów wolnych


129	--- E O F ---	2009-06-12 06:32

[/code]