Mam problem, po uruchomieniu komputera wyskakuje mi ostrzeżenie od avasta że znaleziono oprogramowanie rootkit. proszę, pomóżcie
logi z HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:07:09, on 2009-05-16
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Nowe Gadu-Gadu\gg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\GIGABYTE\VGA Utility\Utility.exe
C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Pulpit\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM…\Run: [iSUSPM Startup] “C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” -startup
O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”
O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM…\Run: [CloneCDTray] “C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” /s
O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [ALLUpdate] “C:\Program Files\ALLPlayer\ALLUpdate.exe” “sleep”
O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”
O4 - HKCU…\Run: [Nowe Gadu-Gadu] “C:\Program Files\Nowe Gadu-Gadu\gg.exe”
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - HKUS.DEFAULT…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘Default user’)
O4 - Startup: GIGABYTE VGA Utility.lnk = ?
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier - Szybkie uruchomienie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Usługa inteligentnego transferu w tle (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Magazyn chroniony ProtectedStorageSSDPSRV (ProtectedStorageSSDPSRV) - Unknown owner - C:\WINDOWS\system32\advpackm.exe
–
End of file - 8227 bytes
z ComboFix:
ComboFix 09-05-15.06 - Administrator 2009-05-16 19:20.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1023.408 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090515-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\burnlib.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\dsp_sps.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\enc_aacplus.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\enc_flac.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\enc_flake.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\enc_lame.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\enc_vorbis.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\enc_wav.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\enc_wma.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\gen_crasher.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\gen_dropbox.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\gen_ff.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\gen_hotkeys.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\gen_ml.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\gen_tray.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\in_cdda.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\in_dshow.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\in_flac.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\in_flv.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\in_linein.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\in_midi.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\in_mod.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\in_mp3.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\in_mp4.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\in_nsv.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\in_swf.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\in_vorbis.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\in_wav.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\in_wave.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\in_wm.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\in_wv.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\ml_autotag.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\ml_bookmarks.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\ml_dash.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\ml_disc.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\ml_history.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\ml_impex.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\ml_local.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\ml_nowplaying.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\ml_online.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\ml_orb.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\ml_playlists.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\ml_plg.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\ml_pmp.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\ml_rg.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\ml_transcode.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\ml_wire.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\out_disk.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\out_ds.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\out_wave.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\playlist.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\pmp_activesync.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\pmp_ipod.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\pmp_njb.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\pmp_p4s.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\pmp_usb.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\tagz.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\vis_avs.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\vis_milk2.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\vis_nsfs.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\winamp.lng
c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\winampa.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\burnlib.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\dsp_sps.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\enc_aacplus.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\enc_flac.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\enc_flake.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\enc_lame.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\enc_vorbis.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\enc_wav.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\enc_wma.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\gen_crasher.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\gen_dropbox.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\gen_ff.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\gen_hotkeys.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\gen_ml.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\gen_tray.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\in_cdda.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\in_dshow.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\in_flac.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\in_flv.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\in_linein.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\in_midi.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\in_mod.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\in_mp3.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\in_mp4.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\in_nsv.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\in_swf.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\in_vorbis.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\in_wav.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\in_wave.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\in_wm.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\in_wv.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\ml_autotag.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\ml_bookmarks.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\ml_dash.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\ml_disc.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\ml_history.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\ml_impex.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\ml_local.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\ml_nowplaying.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\ml_online.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\ml_orb.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\ml_playlists.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\ml_plg.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\ml_pmp.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\ml_rg.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\ml_transcode.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\ml_wire.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\out_disk.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\out_ds.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\out_wave.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\playlist.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\pmp_activesync.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\pmp_ipod.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\pmp_njb.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\pmp_p4s.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\pmp_usb.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\tagz.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\vis_avs.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\vis_milk2.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\vis_nsfs.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\winamp.lng
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\winampa.lng
c:\system\S-1-5-21-1482476501-1644491937-682003330-1013
c:\system\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\windows\system32\advpackm.exe
c:\windows\system32\digiwet.dll
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ACPI32
-------\Legacy_protectedstoragessdpsrv
-------\Service_acpi32
-------\Service_ati64si
-------\Service_fips32cup
-------\Service_ksi32sk
-------\Service_netsik
-------\Service_ProtectedStorageSSDPSRV
-------\Service_ws2_32sik
((((((((((((((((((((((((( Pliki utworzone od 2009-04-16 do 2009-05-16 )))))))))))))))))))))))))))))))
.
2009-05-16 17:23 . 2009-05-16 17:23 -------- d-----w c:\windows\system32\oobe
2009-05-16 17:23 . 2009-05-16 17:23 -------- d-----w c:\windows\srchasst
2009-05-16 17:23 . 2009-05-16 17:23 -------- d-----w c:\windows\system32\xircom
2009-05-16 17:23 . 2009-05-16 17:23 -------- d-----w c:\windows\msagent
2009-05-16 17:23 . 2009-05-16 17:23 -------- d-----w c:\program files\microsoft frontpage
2009-05-15 18:06 . 2009-05-15 18:06 -------- d-sh–w C:\found.000
2009-05-15 11:57 . 2009-05-15 11:57 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Xfire
2009-05-15 11:57 . 2009-05-15 11:57 -------- d-s—w c:\program files\Xfire
2009-05-15 11:57 . 2009-05-15 11:57 271360 ----a-w c:\windows\system32\drivers\atksgt.sys
2009-05-15 11:57 . 2009-05-15 11:57 18048 ----a-w c:\windows\system32\drivers\lirsgt.sys
2009-05-14 15:14 . 2009-05-16 17:24 104000 ----a-w c:\windows\system32\drivers\c1183fb0.sys
2009-05-14 14:42 . 2009-05-14 15:14 100 --s-a-w c:\windows\system32\3625051505.dat
2009-05-13 18:57 . 2009-05-13 18:57 -------- d–h--r c:\documents and settings\Administrator\Dane aplikacji\SecuROM
2009-05-13 18:57 . 2009-05-13 18:57 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-05-13 18:57 . 2009-05-13 18:57 -------- d-----w c:\program files\EA SPORTS
2009-05-13 12:33 . 2009-05-13 12:33 -------- d-----w c:\windows\Sun
2009-05-08 19:50 . 2009-05-08 19:50 -------- d-----w c:\program files\Demo 3D Garden Composer
2009-05-07 13:19 . 2003-06-18 23:31 17920 ----a-w c:\windows\system32\mdimon.dll
2009-05-07 13:18 . 2009-05-07 13:19 -------- d-----w c:\windows\SHELLNEW
2009-05-07 13:18 . 2009-05-07 13:18 -------- d-----w c:\program files\Microsoft.NET
2009-05-05 14:24 . 2009-05-05 14:24 -------- d-----w c:\documents and settings\Administrator.gstreamer-0.10
2009-05-05 14:23 . 2009-05-05 14:23 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\OpenFM
2009-05-03 11:04 . 2009-05-03 11:04 -------- d-----w c:\program files\Alwil Software
2009-05-03 10:56 . 2009-05-03 12:08 3396 ----a-w c:\windows\unins000.dat
2009-05-02 19:28 . 2005-05-26 13:34 2297552 ----a-w c:\windows\system32\d3dx9_26.dll
2009-05-02 07:43 . 2009-05-02 09:59 -------- d-----w c:\program files\Norton Security Scan
2009-05-01 21:04 . 2009-05-01 21:04 -------- d-----w c:\windows\system32\Adobe
2009-04-29 14:26 . 2009-05-11 15:35 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\gtk-2.0
2009-04-29 14:26 . 2009-04-29 14:26 -------- d-----w c:\documents and settings\Administrator.thumbnails
2009-04-29 14:25 . 2009-05-11 15:36 -------- d-----w c:\documents and settings\Administrator.gimp-2.6
2009-04-29 14:25 . 2009-04-29 14:25 -------- d-----w c:\documents and settings\Administrator.gegl-0.0
2009-04-29 14:24 . 2009-04-29 14:24 -------- d-----w c:\program files\GIMP-2.0
2009-04-29 11:54 . 2009-04-29 11:54 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\HP Product Assistant
2009-04-27 20:49 . 2009-04-27 20:49 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\HP
2009-04-27 20:49 . 2009-04-27 20:49 -------- d-----w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\IsolatedStorage
2009-04-27 20:49 . 2009-04-27 20:49 -------- d-----w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\HP
2009-04-27 20:49 . 2009-04-27 20:49 138 ----a-w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
2009-04-27 20:49 . 2009-05-16 17:24 -------- d-----w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\ApplicationHistory
2009-04-27 12:10 . 2009-04-27 21:23 -------- d-----w c:\program files\PhotoScape
2009-04-27 11:08 . 2009-04-27 11:08 16176 ----a-w c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-04-27 11:00 . 2009-04-27 11:09 -------- d-----w c:\documents and settings\LocalService\Dane aplikacji\HP
2009-04-27 11:00 . 2009-04-27 11:00 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\HP
2009-04-27 10:59 . 2009-04-27 10:59 -------- d-----w C:\bin
2009-04-27 10:58 . 2009-04-27 10:58 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Sonic
2009-04-27 10:58 . 2009-04-27 10:58 -------- d-----w c:\program files\Common Files\Sonic Shared
2009-04-27 10:57 . 2009-04-27 10:58 -------- d-----w c:\program files\Common Files\HP
2009-04-27 10:56 . 2009-04-27 10:56 -------- d-----w c:\program files\Hewlett-Packard
2009-04-27 10:56 . 2009-04-27 10:56 -------- d-----w c:\program files\Common Files\Hewlett-Packard
2009-04-27 10:55 . 2006-03-03 19:02 57344 ----a-w c:\windows\system32\HPZisn12.dll
2009-04-27 10:55 . 2006-03-03 19:02 94208 ----a-w c:\windows\system32\HPZipt12.dll
2009-04-27 10:55 . 2006-03-03 19:02 204800 ----a-w c:\windows\system32\HPZipr12.dll
2009-04-27 10:55 . 2007-08-09 07:27 73728 ----a-w c:\windows\system32\HPZipm12.exe
2009-04-27 10:55 . 2006-03-03 19:03 65536 ----a-w c:\windows\system32\HPZinw12.exe
2009-04-27 10:55 . 2006-03-03 19:03 282680 ----a-w c:\windows\system32\HPZidr12.dll
2009-04-27 10:55 . 1998-10-29 14:45 306688 ----a-w c:\windows\IsUninst.exe
2009-04-27 10:55 . 2009-04-29 11:55 -------- d-----w c:\program files\HP
2009-04-27 10:54 . 2006-04-13 00:04 16496 ----a-r c:\windows\system32\drivers\HPZipr12.sys
2009-04-27 10:54 . 2006-04-13 00:04 49664 ----a-r c:\windows\system32\drivers\HPZid412.sys
2009-04-27 10:53 . 2009-04-27 11:00 119982 ----a-w c:\windows\hpoins11.dat
2009-04-27 10:53 . 2006-01-04 09:12 77824 ----a-r c:\windows\system32\HPZIDS01.dll
2009-04-27 10:53 . 2006-04-10 12:03 38400 ----a-w c:\windows\system32\hpz3l054.dll
2009-04-27 10:53 . 2006-04-13 00:04 282624 ----a-r c:\windows\system32\HPZc3212.dll
2009-04-27 10:53 . 2006-04-13 00:04 21568 ----a-r c:\windows\system32\drivers\HPZius12.sys
2009-04-27 10:53 . 2004-08-03 21:01 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-04-27 10:53 . 2006-04-13 00:02 254026 ----a-r c:\windows\system32\hpovst09.dll
2009-04-27 10:53 . 2006-04-13 00:02 827392 ----a-r c:\windows\system32\hpotiop2.dll
2009-04-27 10:53 . 2006-04-13 00:02 659456 ----a-r c:\windows\system32\hpowiax2.dll
2009-04-27 10:53 . 2004-08-03 20:58 15104 ----a-w c:\windows\system32\drivers\usbscan.sys
2009-04-27 09:40 . 2009-04-27 09:40 -------- d-----w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Winamp Toolbar
2009-04-26 22:29 . 2009-05-11 13:55 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Nowe Gadu-Gadu
2009-04-26 22:28 . 2009-04-26 22:29 -------- d-----w c:\program files\Nowe Gadu-Gadu
2009-04-26 21:27 . 2009-04-26 21:27 -------- d-----w c:\program files\SlySoft
2009-04-26 21:11 . 2009-05-07 14:11 44832 ----a-w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-04-26 21:10 . 2009-04-26 21:10 -------- d-----w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Ahead
2009-04-26 21:08 . 2009-04-26 21:11 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Ahead
2009-04-26 21:08 . 2009-04-26 21:08 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Ahead
2009-04-26 21:07 . 2009-04-26 21:07 -------- d-----w c:\program files\Nero
2009-04-26 21:07 . 2009-04-26 21:07 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Nero
2009-04-26 21:07 . 2009-04-26 21:08 -------- d-----w c:\program files\Common Files\Ahead
2009-04-26 21:05 . 2009-04-26 21:05 -------- d-----w c:\program files\AskTBar
2009-04-26 20:20 . 2009-04-26 20:20 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Gadu-Gadu
2009-04-26 20:06 . 2009-04-26 20:30 -------- d-----w c:\documents and settings\Administrator\Gadu-Gadu
2009-04-26 20:06 . 2009-04-26 20:06 -------- d-----w c:\program files\Gadu-Gadu
2009-04-26 20:05 . 2009-04-26 20:05 0 ----a-w c:\windows\nsreg.dat
2009-04-26 20:05 . 2009-04-26 20:05 -------- d-----w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Mozilla
2009-04-26 20:02 . 2009-04-26 20:04 -------- d-----w c:\program files\NAPI-PROJEKT
2009-04-26 20:02 . 2009-04-26 20:02 -------- d-----w c:\program files\ALLPlayer
2009-04-26 19:56 . 2009-04-26 19:56 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar
2009-04-26 19:56 . 2009-04-26 19:56 -------- d-----w c:\program files\Winamp Toolbar
2009-04-26 19:49 . 2009-05-16 17:22 -------- d-sh–r C:\SYSTEM
2009-04-26 19:48 . 2009-04-26 19:54 -------- d-----w c:\windows\system32\NtmsData
2009-04-26 19:40 . 2001-10-31 08:14 1122304 ----a-w c:\windows\system32\mplvpx.dll
2009-04-26 19:40 . 2001-10-31 08:14 1552384 ----a-w c:\windows\system32\mplvm6.dll
2009-04-26 19:40 . 2001-10-31 08:14 1650688 ----a-w c:\windows\system32\mplva6.dll
2009-04-26 19:40 . 2001-10-31 08:14 1581056 ----a-w c:\windows\system32\mplvw7.dll
2009-04-26 19:40 . 2001-09-17 10:20 19968 ------w c:\windows\system32\cpuinf32.dll
2009-04-26 19:40 . 2001-10-31 08:14 65536 ----a-w c:\windows\system32\mplam6.dll
2009-04-26 19:40 . 2001-10-31 08:14 65536 ----a-w c:\windows\system32\mplapx.dll
2009-04-26 19:40 . 2001-10-31 08:14 77824 ----a-w c:\windows\system32\mplaa6.dll
2009-04-26 19:40 . 2001-10-31 08:14 77824 ----a-w c:\windows\system32\mplaw7.dll
2009-04-26 19:40 . 2003-03-25 03:49 152064 ----a-w c:\windows\system32\unrar.dll
2009-04-26 19:40 . 2004-10-30 13:39 761856 ----a-w c:\windows\system32\xvidcore.dll
2009-04-26 19:40 . 2009-04-26 19:40 -------- d-----w c:\program files\ACE Mega CoDecS Pack
2009-04-26 18:47 . 2009-04-26 18:49 -------- d-----w c:\windows\nview
2009-04-26 18:47 . 2006-06-23 07:49 208896 ----a-w c:\windows\system32\nvudisp.exe
2009-04-26 18:22 . 2009-05-15 18:07 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\InstallShield
2009-04-26 18:22 . 2009-04-26 18:22 -------- d-----w c:\program files\GIGABYTE
2009-04-26 18:13 . 2009-04-26 18:13 -------- d-----w c:\windows\system32\Lang
2009-04-26 18:12 . 2009-04-26 18:12 -------- d-----w C:\801f1b2a149004bfaa
2009-04-26 18:08 . 2009-04-26 18:08 -------- d-----w c:\program files\NVIDIA Corporation
2009-04-26 18:07 . 2006-03-23 17:53 442368 ----a-w c:\windows\system32\CapabilityTable.exe
2009-04-26 18:07 . 2006-04-14 12:00 208896 ------w c:\windows\system32\nvuide.exe
2009-04-26 18:07 . 2006-03-22 12:23 109568 ----a-w c:\windows\system32\drivers\nvtcp.sys
2009-04-26 18:07 . 2006-03-23 17:51 208896 ----a-w c:\windows\system32\nvunrm.exe
2009-04-26 18:07 . 2006-03-23 18:51 208896 ----a-w c:\windows\system32\nvusmb.exe
2009-04-26 18:07 . 2006-03-23 17:51 208896 ----a-w c:\windows\system32\NVUNINST.EXE
2009-04-26 18:04 . 2006-03-22 12:23 261120 ----a-w c:\windows\system32\drivers\nvsnpu.sys
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-15 11:42 . 2009-04-26 13:56 -------- d–h--w c:\program files\InstallShield Installation Information
2009-05-09 09:23 . 2009-04-26 13:51 -------- d-----w c:\program files\Common Files\InstallShield
2009-05-07 16:03 . 2001-10-26 18:15 66740 ----a-w c:\windows\system32\perfc015.dat
2009-05-07 16:03 . 2001-10-26 18:15 436478 ----a-w c:\windows\system32\perfh015.dat
2009-04-26 19:57 . 2009-04-26 19:54 -------- d-----w c:\program files\Winamp
.
------- Sigcheck -------
[-] 2007-07-10 13:06 642560 CE594E18FE0D0AF804F1F3694921CE62 c:\windows\system32\user32.dll
[-] 2007-07-13 22:56 814592 CE7193C5F7C01B19768E066087C1C919 c:\windows\system32\wininet.dll
[-] 2007-07-28 01:15 360576 C7BE59B07C6EB74BEA6FD67C1B164015 c:\windows\system32\drivers\tcpip.sys
[-] 2007-07-26 17:30 2145792 316ACC3AC43FC855204CE5E775F66B91 c:\windows\system32\ntoskrnl.exe
[-] 2007-07-13 22:42 974848 32F67215C57DF2C401BF93B7EE65987F c:\windows\explorer.exe
[-] 2007-07-27 19:47 1548288 89878732D5EB0C845AD2356081142F2A c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
“{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}”= “c:\program files\Winamp Toolbar\winamptb.dll” [2009-02-19 1262888]
“{9CB65206-89C4-402c-BA80-02D8C59F9B1D}”= “c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL” [2009-04-26 57344]
[HKEY_CLASSES_ROOT\clsid{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CLASSES_ROOT\clsid{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2004-08-04 15360]
“ALLUpdate”=“c:\program files\ALLPlayer\ALLUpdate.exe” [2008-11-24 869888]
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2007-06-27 152872]
“Nowe Gadu-Gadu”=“c:\program files\Nowe Gadu-Gadu\gg.exe” [2009-04-20 9818728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ISUSPM Startup”=“c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe” [2005-08-11 249856]
“ISUSScheduler”=“c:\program files\Common Files\InstallShield\UpdateService\issch.exe” [2005-08-11 81920]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2006-06-23 7626752]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2006-06-23 86016]
“WinampAgent”=“c:\program files\Winamp\winampa.exe” [2009-04-10 37888]
“NeroFilterCheck”=“c:\program files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-03-01 153136]
“CloneCDTray”=“c:\program files\SlySoft\CloneCD\CloneCDTray.exe” [2006-09-28 57344]
“HP Software Update”=“c:\program files\HP\HP Software Update\HPWuSchd2.exe” [2007-05-08 54840]
“avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2009-02-05 81000]
“RTHDCPL”=“RTHDCPL.EXE” - c:\windows\RTHDCPL.EXE [2009-02-17 17508864]
“nwiz”=“nwiz.exe” - c:\windows\system32\nwiz.exe [2006-06-23 1519616]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2004-08-04 15360]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
“nltide_2”=“shell32” [X]
“nltide_3”=“advpack.dll” - c:\windows\system32\advpack.dll [2007-07-27 124928]
c:\documents and settings\Administrator\Menu Start\Programy\Autostart\
GIGABYTE VGA Utility.lnk - c:\documents and settings\Administrator\Dane aplikacji\Microsoft\Installer{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Utility.exe2_D27BDB5D3B4C44F0A648BD00B0E79B39.exe [2009-4-26 40960]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2006-6-7 4154504]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier - Szybkie uruchomienie.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“DisableStatusMessages”= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
“NoSMMyPictures”= 1 (0x1)
“NoSMConfigurePrograms”= 1 (0x1)
“NoSMHelp”= 1 (0x1)
“NoResolveTrack”= 1 (0x1)
[HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer]
“NoSMMyPictures”= 1 (0x1)
“NoSMConfigurePrograms”= 1 (0x1)
“NoSMHelp”= 1 (0x1)
“NoResolveTrack”= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusDisableNotify”=dword:00000001
“AntiVirusOverride”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“%windir%\system32\sessmgr.exe”=
“c:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hposfx08.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hposid01.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe”=
“c:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe”=
“c:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpoews01.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe”=
“d:\Program Files\Metin2_PL\metin2.bin”=
“c:\Program Files\Nowe Gadu-Gadu\gg.exe”=
R1 aswsp;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-05-15 114768]
R2 aswfsblk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-05-15 20560]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-04-26 1684736]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{28abc5c0-4fcb-11cf-aax5-21cx1c643131}]
c:\system\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe
.
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: &Winamp Search - c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y0g5hvig.default\
FF - prefs.js: browser.startup.homepage - google.pl
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-16 19:24
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\c1183fb0]
“ImagePath”="\SystemRoot\System32\drivers\c1183fb0.sys"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
-
-
-
-
-
-
- > ‘winlogon.exe’(768)
-
-
-
-
-
c:\windows\system32\cscui.dll
-
-
-
-
-
-
- > ‘lsass.exe’(824)
-
-
-
-
-
c:\windows\system32\nvappfilter.dll
-
-
-
-
-
-
- > ‘explorer.exe’(2492)
-
-
-
-
-
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\rundll32.exe
c:\program files\GIGABYTE\VGA Utility\Utility.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Czas ukończenia: 2009-05-16 19:25 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-05-16 17:25
Przed: 12 424 900 608 bajtów wolnych
Po: 13 035 524 096 bajtów wolnych
429
Logi wklejasz na wklej.org lub wklejto.pl ,a w poście dajesz tylko link.
Fix w HiJackThis: ( Do a system scan only -> zaznaczasz pola przy podanych niżej wpisach -> dajesz Fix checked )
Wklej do notatnika:
Folder::
C:\Program Files\AskTBar
File::
c:\windows\system32\drivers\c1183fb0.sys
c:\system\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe
Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\c1183fb0]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28abc5c0-4fcb-11cf-aax5-21cx1c643131}]
Plik zapisz jako CFScript.txt , najlepiej w tym samym folderze co Combofix.exe
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę Combofix.exe
Powinno się rozpocząć usuwanie.
Potem dajesz log z usuwania Combofix.
Wklej do Notatnika:
File::
c:\system\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe
c:\windows\system32\drivers\c1183fb0.sys
c:\windows\system32\3625051505.dat
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"=-
[-HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28abc5c0-4fcb-11cf-aax5-21cx1c643131}]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\c1183fb0]
>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )
– podobnie jak na tym obrazku –>
(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: ** Qoobox**.
Po tym nowy log z Combo oraz wykonaj skan Dr. Web CureIt
Log jest czysty .
Usuń folder C:\Qoobox
Wyłącz i włącz przywracanie systemu
Usuń śmieci i wyczyść rejestr CCleaner’em
Wykonaj pełne skanowanie Dr.Web CureIt!
Otwórz notatnik i wklej
zapisz jako plik.reg >> wszystkie pliki
powstanie plik o takiej ikonie
w który dwa razy klikniesz potwierdzisz chęć dodania do rejestru potem restart
usuń foldery
nie da rady usunąć c:\program files\AskTBar
W takim razie pobierz The Avenger.
Skopiuj ten tekst:
Folders to delete:
C:\Program Files\AskTBar
W oknie The Avengera klikasz Paste Script from Clipboard , wybierasz Execute i zgadzasz się na restart.
Po restarcie kasujesz plik C:\Avenger\backup.zip i dajesz nam do przejrzenia plik C:\avenger.txt
Wygląda na to, że ten folder został skasowany.
Usuń The Avenger z dysku.
Menu Start -> Uruchom… -> wpisz: %userprofile%\Pulpit\Combofix.exe /u
Posprzątaj komputer CCleanerem.
Zoptymalizuj startowanie komputera.
Wykonaj pełny skan Dr Web CureIt!.
Jeśli będą wirusy, to usuń je.
nie mogę usunąć The Avenger z dysku, nie ma go na liście w dodaj\usuń.
Nie usuwasz poprzez Dodaj/Usuń programy , tylko normalnie kasujesz jego pliki.
ok, Dr Web CureIt usunął wszystkie wirusy, i to już koniec tak??? wszystko powinno być już dobrze???
Dodatkowo pobierz Malwarebytes’ Anti-Malware Uruchom pełne skanowanie. Jeżeli coś znajdzie, to usuń. Następnie daj log na forum.
Malwarebytes’ usunął resztki syfu z komputera.
Już powinno być wszystko
dziękuję ślicznie za pomoc