Lich.exe - trojan i dziwne zachowanie komputera

crew1 · 26 Grudzień 2007 15:55

Witam,

od wczoraj/dzisiaj drugi komp nie działa jak trzeba.

Przy starcie systemu pojawia się komunikat nod32, że na dysku c:\ jest trojan lich.exe i z poziomu noda nie da się go skasować,

ale ręcznie już tak.

Załączam log z Hijacka, jeśli coś jeszcze potrzeba - proszę o info, bo bardzo dawno nie zamieszczałem logów

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:48:58, on 2007-12-26 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Eset\nod32kui.exe C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Program Files\Java\j2re1.4.2_06\bin\jucheck.exe C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\mmc.exe C:\WINDOWS\system32\dmremote.exe C:\WINDOWS\System32\dmadmin.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łšcza O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM…\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM…\Run: [Onet.pl AutoUpdate] C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe” O4 - HKCU…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: ZZZsvc_lich - Unknown owner - C:\lich.exe (file missing) – End of file - 3748 bytes

arekmalek · 26 Grudzień 2007 16:01

Automat:

Użyj w trybie awaryjnym SDFix

lazikar · 26 Grudzień 2007 16:19

Posty wprowadzające w błąd i cała dyskusja kosz

crew1 · 26 Grudzień 2007 16:21

SDFix: Version 1.119 Run by Administrator on 2007-12-26 at 17:09 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Name: ZZZsvc_lich Path: C:\lich.exe ZZZsvc_lich - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting… Normal Mode: Checking Files: Trojan Files Found: C:\WINDOWS\system32\lich.dat - Deleted Removing Temp Files… ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-26 17:16:29 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden services & system hive … [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] “p0”=“C:\Program Files\Alcohol Soft\Alcohol 120” “h0”=dword:00000001 “ujdew”=hex:22,a1,f4,ef,83,23,41,59,76,67,15,b3,ed,ef,33,ea,b2,1b,a5,4c,f6,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] “p0”=“C:\Program Files\DAEMON Tools” “h0”=dword:00000000 “khjeh”=hex:a2,6b,49,21,69,6b,fe,5c,23,e5,3e,65,7d,d6,25,76,65,3f,ff,c4,77,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] “a0”=hex:20,01,00,00,7b,c6,7c,d8,f0,d2,58,91,b7,89,e1,2b,9d,c4,31,b3,ad,… “khjeh”=hex:2c,73,d2,4d,a3,18,62,f5,c8,82,4a,9f,8f,2c,1a,4f,8b,bc,96,32,06,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] “khjeh”=hex:51,33,d0,c1,c9,11,95,36,ba,2b,c9,22,bc,a5,eb,08,e7,7b,da,fc,1d,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] “p0”=“C:\Program Files\Alcohol Soft\Alcohol 120” “h0”=dword:00000001 “ujdew”=hex:23,6a,95,18,02,8c,3f,29,dd,80,15,70,19,36,3e,00,83,7a,af,5d,3c,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] “p0”=“C:\Program Files\DAEMON Tools” “h0”=dword:00000000 “khjeh”=hex:a2,6b,49,21,69,6b,fe,5c,23,e5,3e,65,7d,d6,25,76,65,3f,ff,c4,77,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] “a0”=hex:20,01,00,00,7b,c6,7c,d8,f0,d2,58,91,b7,89,e1,2b,9d,c4,31,b3,ad,… “khjeh”=hex:2c,73,d2,4d,a3,18,62,f5,c8,82,4a,9f,8f,2c,1a,4f,8b,bc,96,32,06,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] “khjeh”=hex:64,68,cd,92,48,f5,1a,a1,43,fe,dd,ef,e2,87,f5,6b,f8,26,6f,ad,59,… [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] “s1”=dword:2df9c43f “s2”=dword:110480d0 “h0”=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] “p0”=“C:\Program Files\Alcohol Soft\Alcohol 120” “h0”=dword:00000001 “ujdew”=hex:43,49,73,ca,f4,d4,1b,3d,4f,68,10,fe,ee,e1,05,1d,40,0c,5b,ad,95,… [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] “p0”=“C:\Program Files\DAEMON Tools” “h0”=dword:00000000 “khjeh”=hex:a2,6b,49,21,69,6b,fe,5c,23,e5,3e,65,7d,d6,25,76,65,3f,ff,c4,77,… [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] “a0”=hex:20,01,00,00,7b,c6,7c,d8,f0,d2,58,91,b7,89,e1,2b,9d,c4,31,b3,ad,… “khjeh”=hex:2c,73,d2,4d,a3,18,62,f5,c8,82,4a,9f,8f,2c,1a,4f,8b,bc,96,32,06,… [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] “khjeh”=hex:05,0f,30,33,03,ea,1a,8a,08,38,cd,b2,cc,4e,72,eb,e9,4f,f5,7b,e2,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] “p0”=“C:\Program Files\Alcohol Soft\Alcohol 120” “h0”=dword:00000001 “ujdew”=hex:43,49,73,ca,f4,d4,1b,3d,4f,68,10,fe,ee,e1,05,1d,40,0c,5b,ad,95,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] “p0”=“C:\Program Files\DAEMON Tools” “h0”=dword:00000000 “khjeh”=hex:a2,6b,49,21,69,6b,fe,5c,23,e5,3e,65,7d,d6,25,76,65,3f,ff,c4,77,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] “a0”=hex:20,01,00,00,7b,c6,7c,d8,f0,d2,58,91,b7,89,e1,2b,9d,c4,31,b3,ad,… “khjeh”=hex:2c,73,d2,4d,a3,18,62,f5,c8,82,4a,9f,8f,2c,1a,4f,8b,bc,96,32,06,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] “khjeh”=hex:05,0f,30,33,03,ea,1a,8a,08,38,cd,b2,cc,4e,72,eb,e9,4f,f5,7b,e2,… scanning hidden registry entries … [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] “Order”=hex:08,00,00,00,02,00,00,00,42,05,00,00,01,00,00,00,0a,00,00,00,8c,… scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" “C:\Program Files\Ares\Ares.exe”=“C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows” “C:\Program Files\Gadu-Gadu\gg.exe”=“C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program g˘wny” “C:\Program Files\uTorrent\uTorrent.exe”=“C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:uTorrent” “C:\Program Files\Skype\Phone\Skype.exe”=“C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype” “D:\! Lekoman !\! programy !\totalcmd\TOTALCMD.EXE”=“D:\! Lekoman !\! programy !\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows” [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Remaining Files: --------------- File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: Mon 22 Oct 2007 4,348 …SH. — “C:\Documents and Settings\All Users\DRM\DRMv1.bak” Mon 22 Oct 2007 401 …SH. — “C:\Documents and Settings\All Users\DRM\DRMv10.bak” Finished!

arekmalek · 26 Grudzień 2007 16:23

Teraz daj log z Combofix

crew1 · 26 Grudzień 2007 16:33

Combofix:

ComboFix 07-12-21.4 - Czarodziej 2007-12-26 17:24:46.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1644 [GMT 1:00] Running from: C:\Documents and Settings\Czarodziej\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Pulpit\nocreditcard.lnk C:\Program Files\instant access C:\Program Files\instant access\Center\NoCreditCard.lnk C:\Program Files\instant access\DesktopIcons\NoCreditCard.lnk C:\Program Files\instant access\Multi\20071207001255\Common\module.php C:\Program Files\instant access\Multi\20071207001255\dialerexe.ini C:\Program Files\instant access\Multi\20071207001255\instant access.exe C:\Program Files\instant access\Multi\20071207001255\js\js_api_dialer.php C:\Program Files\instant access\Multi\20071207001255\medias\button1.gif C:\Program Files\instant access\Multi\20071207001255\medias\button2.gif C:\Program Files\instant access\Multi\20071207001255\medias\button3.gif C:\Program Files\instant access\Multi\20071207001255\medias\button4.gif C:\Program Files\instant access\Multi\20071207001255\medias\dialer.ico C:\WINDOWS\dialerexe.ini . ((((((((((((((((((((((((( Files Created from 2007-11-26 to 2007-12-26 ))))))))))))))))))))))))))))))) . 2007-12-26 17:09 . 2007-12-26 17:09 2007-12-26 17:08 . 2007-10-05 08:24 2007-12-26 17:08 . 2007-10-05 08:24 2007-12-26 17:08 . 2007-10-05 06:31 2007-12-26 17:08 . 2007-10-05 08:24 2007-12-26 17:08 . 2007-10-05 08:24 2007-12-26 17:08 . 2007-10-05 08:24 2007-12-26 17:08 . 2007-10-05 08:24 2007-12-26 16:49 . 2007-12-26 16:49 106 --a------ C:\WINDOWS\wcx_ftp.ini 2007-12-26 16:48 . 2007-12-26 16:48 2007-12-25 13:41 . 2007-12-25 13:41 2007-12-25 13:41 . 2007-12-25 13:41 2007-12-25 13:41 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll 2007-12-25 13:41 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll 2007-12-25 13:41 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax 2007-12-25 13:40 . 1998-10-07 13:54 327,168 --a------ C:\WINDOWS\IsUn0415.exe 2007-12-24 12:05 . 2007-12-24 12:05 2007-12-24 12:05 . 2007-12-24 13:07 2007-12-24 12:05 . 2007-12-24 12:05 2007-12-23 18:59 . 2007-12-23 18:59 2007-12-07 19:52 . 2007-12-07 20:59 2007-12-07 00:53 . 2007-12-07 00:53 156,920 --a------ C:\WINDOWS\system32\nsinet.exe 2007-12-06 07:04 . 2007-12-06 07:04 2007-12-04 18:05 . 2007-12-04 18:05 2007-12-04 18:05 . 2007-12-04 22:14 2007-12-03 19:00 . 2007-12-03 19:00 2007-12-03 19:00 . 2007-12-03 19:00 2007-12-03 07:13 . 2007-12-03 07:13 2007-12-03 07:13 . 2007-12-03 07:13 2007-12-03 00:40 . 2007-12-03 00:40 2007-12-03 00:40 . 2007-12-03 00:40 2007-12-03 00:40 . 2007-12-03 00:40 2007-12-03 00:40 . 2007-12-03 00:40 2007-11-27 18:22 . 2007-11-27 18:22 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-24 11:05 --------- d-----w C:\Program Files\Winamp 2007-11-29 13:33 --------- d-----w C:\Documents and Settings\Sasza\Dane aplikacji\Nokia Multimedia Player 2007-11-25 15:46 --------- d-----w C:\Program Files\directx 2007-11-25 15:46 --------- d-----w C:\Program Files\Davilex 2007-11-25 15:27 --------- d-----w C:\Program Files\Techland 2007-11-25 15:27 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-11-22 19:09 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-11-22 18:56 --------- d-----w C:\Program Files\THQ 2007-11-21 15:44 --------- d-----w C:\Program Files\Foxit Software 2007-11-13 21:57 --------- d-----w C:\Documents and Settings\Czarodziej\Dane aplikacji\Skype 2007-11-12 16:39 --------- d-----w C:\Program Files\Skype 2007-11-12 16:39 --------- d-----w C:\Program Files\Common Files\Skype 2007-11-12 16:39 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype 2007-11-11 11:24 --------- d-----w C:\Program Files\Opera 2007-11-03 19:49 --------- d-----w C:\Program Files\City Interactive 2007-10-30 13:44 --------- d-----w C:\Documents and Settings\Gość\Dane aplikacji\PC Suite 2007-10-30 06:28 --------- d-----w C:\Documents and Settings\Czarodziej\Dane aplikacji\PC Suite 2007-10-27 22:36 --------- d-----w C:\Documents and Settings\Sasza\Dane aplikacji\Media Player Classic 2007-10-27 21:36 --------- d-----w C:\Documents and Settings\Sasza\Dane aplikacji\Ahead 2007-10-27 20:35 --------- d-----w C:\Documents and Settings\Sasza\Dane aplikacji\Ulead Systems 2007-10-27 20:35 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems 2007-10-27 20:13 --------- d-----w C:\Program Files\Windows Media Components 2007-10-27 20:13 --------- d-----w C:\Program Files\Common Files\Ulead Systems 2007-10-27 20:13 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\InstallShield 2007-10-27 20:12 --------- d-----w C:\Program Files\Ulead Systems 2007-10-27 20:11 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-10-27 20:04 --------- d-----w C:\Documents and Settings\Sasza\Dane aplikacji\Nokia 2007-10-27 20:00 --------- d-----w C:\Documents and Settings\Sasza\Dane aplikacji\DataLayer 2007-10-27 19:49 --------- d-----w C:\Program Files\Nokia 2007-10-27 19:49 --------- d-----w C:\Program Files\DIFX 2007-10-27 19:49 --------- d-----w C:\Program Files\Common Files\PCSuite 2007-10-27 19:49 --------- d-----w C:\Program Files\Common Files\Nokia 2007-10-27 19:49 --------- d-----w C:\Documents and Settings\Sasza\Dane aplikacji\PC Suite 2007-10-27 19:49 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\PC Suite 2007-10-27 19:48 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Downloaded Installations 2007-10-05 06:50 298,104 ----a-w C:\WINDOWS\system32\imon.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-12-13 17:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} [HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] “{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 17:49 1185120] [HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2007-08-29 16:09] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “C6501Sound”=“RunDll32 c6501.cpl” [] “NvCplDaemon”=“RUNDLL32.exe” [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe] “nwiz”=“nwiz.exe” [2007-09-17 00:07 C:\WINDOWS\system32\nwiz.exe] “NvMediaCenter”=“RUNDLL32.exe” [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe] “nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2007-10-05 07:50] “NeroCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 10:50] “SunJavaUpdateSched”=“C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe” [2004-09-28 19:26] “PCSuiteTrayApplication”=“C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe” [2006-06-15 11:36] “Onet.pl AutoUpdate”=“C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe” [2006-02-08 15:40] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [] R3 cm102u32;C-Media CM6501 Like Sound Interface;C:\WINDOWS\system32\drivers\c6501.sys [2006-09-05 10:04] *Newly Created Service* - PROCEXP90 . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-26 17:25:39 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-26 17:25:53

Wszystko działa jak trzeba, bardzo dziękuję za pomoc :piwo: :piwko:

Gutek · 27 Grudzień 2007 00:42

Skan AVG Anti-Spyware 7.5 po update

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

Opis RegCleaner - http://www.agavk.p9.pl/strony/progra_regcleaner.php

Zobacz - Obsługa jv16 PowerTools