Witam! Mam problem jak w temacie. Systematycznie otwiera mi się stona oczyszczacza. Nie dopuszczam do instalcji, ale jak zablokować tą stronę? Bardzo proszę o sprawdzenie logów z programów HijackThis i ComboFix (może jednak jest już zainstalowany oczyszczacz)?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:17:19, on 2008-07-04
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\explorer.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM…\Run: [igfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM…\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM…\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM…\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM…\Run: [HotkeyApp] “C:\Program Files\Launch Manager\HotkeyApp.exe”
O4 - HKLM…\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM…\Run: [ccApp] “c:\Program Files\Common Files\Symantec Shared\ccApp.exe”
O4 - HKLM…\Run: [osCheck] “c:\Program Files\Norton Internet Security\osCheck.exe”
O4 - HKLM…\Run: [recinfo91] c:\RecInfo\RecInfo.exe
O4 - HKLM…\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM…\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM…\Run: [Wbutton] C:\Program Files\Launch Manager\WButton.exe
O4 - HKCU…\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - HKCU…\Run: [MSServer] rundll32.exe C:\Users\admin\AppData\Local\Temp\tuvUMcax.dll,#1
O4 - HKCU…\Run: [MSSMSGS] rundll32.exe winouw32.rom,LNiRun
O4 - HKCU…\Run: [cmds] rundll32.exe C:\Users\admin\AppData\Local\Temp\ljJBtqQh.dll,c
O4 - HKCU…\Run: [3a1bbb3a] rundll32.exe “C:\Users\admin\AppData\Local\Temp\efbcibcr.dll”,b
O4 - HKUS\S-1-5-19…\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-20…\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘USŁUGA SIECIOWA’)
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O13 - Gopher Prefix:
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
–
End of file - 6592 bytes
A teraz ComboFix
ComboFix 08-07-04.1 - admin 2008-07-04 21:27:49.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1250.1.1045.18.223 [GMT 2:00]
Running from: D:\instalki\ochrona komputera\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\x64
.
((((((((((((((((((((((((( Files Created from 2008-06-04 to 2008-07-04 )))))))))))))))))))))))))))))))
.
2008-07-04 21:16 . 2008-07-04 21:16
2008-07-01 15:14 . 2008-07-01 15:14
2008-06-29 15:25 . 2008-06-29 15:26
2008-06-29 13:01 . 2008-06-29 13:01
2008-06-29 13:01 . 2008-06-29 13:01
2008-06-28 14:49 . 2008-06-28 14:49
2008-06-26 09:17 . 2008-06-26 09:17 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-06-26 09:17 . 2008-06-26 09:17 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-06-26 09:17 . 2008-06-26 09:17 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-06-26 09:17 . 2008-06-26 09:17 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-06-26 09:14 . 2008-06-26 09:14 1,585,664 --a------ C:\Windows\System32\setupapi.dll
2008-06-26 09:12 . 2008-06-26 09:12 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-06-26 09:12 . 2008-06-26 09:12 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-06-26 09:12 . 2008-06-26 09:12 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-06-26 09:12 . 2008-06-26 09:12 2,048 --a------ C:\Windows\System32\asferror.dll
2008-06-26 09:11 . 2008-06-26 09:11 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-06-26 09:11 . 2008-06-26 09:11 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-26 09:11 . 2008-06-26 09:11 14,848 --a------ C:\Windows\System32\wshrm.dll
2008-06-26 09:11 . 2008-06-26 09:11 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-06-26 09:10 . 2008-06-26 09:10 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-06-26 09:10 . 2008-06-26 09:10 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-06-26 09:09 . 2008-06-26 09:09 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-06-26 09:09 . 2008-06-26 09:09 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2008-06-26 09:09 . 2008-06-26 09:09 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2008-06-26 09:09 . 2008-06-26 09:09 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2008-06-26 09:09 . 2008-06-26 09:09 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-06-26 09:09 . 2008-06-26 09:09 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2008-06-26 09:09 . 2008-06-26 09:09 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-06-26 09:07 . 2008-06-26 09:07 826,368 --a------ C:\Windows\System32\wininet.dll
2008-06-26 09:05 . 2008-06-26 09:05 2,048 --a------ C:\Windows\System32\tzres.dll
2008-06-24 07:33 . 2008-06-24 07:33 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2008-06-24 07:33 . 2008-06-24 07:33 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2008-06-24 07:33 . 2008-06-24 07:33 549,720 --a------ C:\Windows\System32\wuapi.dll
2008-06-24 07:33 . 2008-06-24 07:33 163,000 --a------ C:\Windows\System32\wuwebv.dll
2008-06-24 07:33 . 2008-06-24 07:33 80,896 --a------ C:\Windows\System32\wudriver.dll
2008-06-24 07:33 . 2008-06-24 07:33 53,080 --a------ C:\Windows\System32\wuauclt.exe
2008-06-24 07:33 . 2008-06-24 07:33 43,352 --a------ C:\Windows\System32\wups2.dll
2008-06-24 07:33 . 2008-06-24 07:33 33,624 --a------ C:\Windows\System32\wups.dll
2008-06-24 07:33 . 2008-06-24 07:33 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-06-24 00:54 . 2008-06-24 00:54
2008-06-24 00:50 . 2008-06-24 00:50
2008-06-24 00:47 . 2008-06-24 00:52
2008-06-24 00:47 . 2008-06-24 00:47
2008-06-23 21:57 . 2005-11-10 12:54 402,944 --a------ C:\Windows\System32\drivers\BLKWGU.sys
2008-06-23 21:48 . 2008-06-23 21:48
2008-06-23 21:47 . 2008-06-23 21:47
2008-06-23 21:40 . 2008-06-23 21:40
2008-06-23 21:40 . 2008-07-02 16:32
2008-06-23 21:39 . 2008-06-23 21:40
2008-06-23 21:39 . 2008-06-23 21:42
2008-06-23 21:39 . 2008-06-26 16:55
2008-06-23 21:39 . 2008-06-23 21:40
2008-06-23 21:39 . 2008-06-23 21:40
2008-06-23 21:39 . 2008-06-23 21:40
2008-06-23 21:39 . 2008-06-29 13:01
2008-06-23 21:39 . 2008-06-23 21:40
2008-06-23 21:39 . 2008-06-24 00:47
2008-06-23 21:35 . 2008-06-23 21:35
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 07:22 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-26 07:22 --------- d-----w C:\Program Files\Windows Mail
2008-06-26 07:13 944,184 ----a-w C:\Windows\System32\winload.exe
2008-06-26 07:10 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-26 07:10 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-06-26 07:10 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-06-26 07:10 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-06-26 07:10 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-26 07:07 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-26 07:06 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-06-26 07:06 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-06-23 22:35 --------- d-----w C:\Program Files\Norton Internet Security
2008-06-23 22:35 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-23 22:32 --------- d-----w C:\ProgramData\Symantec
2008-06-23 22:31 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-06-23 22:31 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-06-23 22:31 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-06-23 22:31 --------- d-----w C:\Program Files\Symantec
2008-06-23 19:50 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-06-23 19:35 --------- d-sh–w C:\ProgramData\Ulubione
2008-06-23 19:35 --------- d-sh–w C:\ProgramData\Szablony
2008-06-23 19:35 --------- d-sh–w C:\ProgramData\Pulpit
2008-06-23 19:35 --------- d-sh–w C:\ProgramData\Menu Start
2008-06-23 19:35 --------- d-sh–w C:\ProgramData\Dokumenty
2008-06-23 19:35 --------- d-sh–w C:\ProgramData\Dane aplikacji
2007-12-13 15:22 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe” [2008-06-26 09:11 1232896]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2008-03-20 12:04 2127296]
“cmds”=“C:\Users\admin\AppData\Local\Temp\ljJBtqQh.dll” [2008-06-29 15:05 284672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“IgfxTray”=“C:\Windows\system32\igfxtray.exe” [2007-06-06 11:52 142104]
“HotKeysCmds”=“C:\Windows\system32\hkcmd.exe” [2007-06-06 11:52 154392]
“Persistence”=“C:\Windows\system32\igfxpers.exe” [2007-06-06 11:52 138008]
“HotkeyApp”=“C:\Program Files\Launch Manager\HotkeyApp.exe” [2007-07-26 15:56 192512]
“SynTPStart”=“C:\Program Files\Synaptics\SynTP\SynTPStart.exe” [2007-08-17 14:40 102400]
“NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-02-26 21:46 153136]
“ccApp”=“c:\Program Files\Common Files\Symantec Shared\ccApp.exe” [2006-10-25 01:08 107112]
“osCheck”=“c:\Program Files\Norton Internet Security\osCheck.exe” [2006-10-27 02:18 22696]
“recinfo91”=“c:\RecInfo\RecInfo.exe” [2007-06-06 13:33 2768896]
“RtHDVCpl”=“RtHDVCpl.exe” [2007-07-06 11:06 4669440 C:\Windows\RtHDVCpl.exe]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 03:48:00 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 02:01:00 734872]
Belkin Wireless USB Utility.lnk - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 11:23:10 1404928]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“UacDisableNotify”=dword:00000001
“InternetSettingsDisableNotify”=dword:00000001
“AutoUpdateDisableNotify”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
“DFSR-1”= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
“EnableFirewall”= 0 (0x0)
“DisabledInterfaces”= {FE69FB1E-3177-4F30-AA93-F6C4388936B0}
R1 Hotkey;Hotkey;C:\Windows\system32\drivers\Hotkey.sys [2003-04-28 12:27]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080623.001\IDSvix86.sys [2008-06-03 17:55]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 11:52]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-05-31 10:51]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2006-10-24 15:40]
R3 WisLMSvc;WisLMSvc;“C:\Program Files\Launch Manager\WisLMSvc.exe” [2006-11-17 21:45]
S4 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2007-07-02 17:37]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{cb14cdfe-45f4-11dd-a3bd-0016d38cc182}]
\shell\AutoRun\command - op.bat
\shell\explore\Command - op.bat
\shell\open\Command - op.bat
*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the ‘Scheduled Tasks’ folder
“2008-06-23 22:35:26 C:\Windows\Tasks\Norton Internet Security - Uruchom pełne skanowanie systemu - admin.job”
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
.
-
-
-
- ORPHANS REMOVED - - - -
-
-
HKCU-Run-MSSMSGS - winouw32.rom
HKLM-Run-CtrlVol - C:\Program Files\Launch Manager\CtrlVol.exe
HKLM-Run-LaunchAp - C:\Program Files\Launch Manager\LaunchAp.exe
HKLM-Run-Wbutton - C:\Program Files\Launch Manager\WButton.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-04 21:31:50
Windows 6.0.6000 NTFS
scanning hidden processes …
scanning hidden autostart entries …
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CtrlVol = C:\Program Files\Launch Manager\CtrlVol.exe???H?.???.??2.???,w???0???<???|???&w?!*w???3 ,w!?,w???.???.???F?L???~z?u??.???.???+?A???.???J?A???#???F?$l@?`??? A?/?s???J?A?[?@???.??v@???.???#???@???.???
LaunchAp = C:\Program Files\Launch Manager\LaunchAp.exe???H?.???.??2.???,w???0???<???|???&w?!*w???3 ,w!?,w???.???.???F?L???~z?u??.???.???+?A???.???J?A???#???F?$l@?`??? A?/?s???J?A?[?@???.??v@???.???#???@???.???
Wbutton = C:\Program Files\Launch Manager\WButton.exe???H?.???.??2.???,w???0???<???|???&w?!*w???3 ,w!?,w???.???.???F?L???~z?u??.???.???+?A???.???J?A???#???F?$l@?`??? A?/?s???J?A?[?@???.??v@???.???#???@???.???
scanning hidden files …
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\Windows\Explorer.exe
-> C:\Users\admin\AppData\Local\Temp\ljJBtqQh.dll
.
Completion time: 2008-07-04 21:34:09
ComboFix-quarantined-files.txt 2008-07-04 19:33:01
Pre-Run: 48,052,731,904 bajtów wolnych
Post-Run: 47,974,313,984 bajtów wolnych
188 — E O F — 2008-06-26 09:38:22